Skip to content

feat: Transfer ownership #396

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 4 commits into
base: main
Choose a base branch
from
Draft

feat: Transfer ownership #396

wants to merge 4 commits into from

Conversation

LazyCat2
Copy link

@LazyCat2 LazyCat2 commented Mar 3, 2025
edited
Loading

Please make sure to check the following tasks before opening and submitting a PR

  • I understand and have followed the contribution guide
  • I have tested my changes locally and they are working as intended

Closes #196
RFC PR: #14

Screenshot with curl commands that uses this feature

@insertish insertish moved this to 🆕 Untriaged in Pull Request Overview Mar 3, 2025
IAmTomahawkx
IAmTomahawkx reviewed Mar 3, 2025
View reviewed changes
@LazyCat2
feat: Transfer ownership
52e31bc 
Signed-off-by: LazyCat2 <68156188+LazyCat2@users.noreply.github.com>
MCausc78 added a commit to MCausc78/pyvolt that referenced this pull request Mar 3, 2025
@MCausc78
Add support for transferring server ownership
2e305b9 
References:

- revoltchat/backend#396
- revoltchat/rfcs#14
@LazyCat2
Allow privileged users to change ownership
4767f10 
Signed-off-by: LazyCat2 <68156188+LazyCat2@users.noreply.github.com>
@github-project-automation github-project-automation bot moved this from 🆕 Untriaged to 💡 Ready to merge in Pull Request Overview Mar 7, 2025
@StupidRepo
Copy link
Contributor

StupidRepo commented Mar 7, 2025
edited
Loading

As mentioned in the comment I put in the RFC PR, it would be better to check if the user has 2FA enabled before allowing them to transfer servers. That way any account which does not have 2FA enabled will not be allowed to transfer servers, preventing future abuse/malicious activity.

@LazyCat2
Copy link
Author

LazyCat2 commented Mar 7, 2025

As mentioned in the comment I put in the RFC PR, it would be better to check if the user has 2FA enabled before allowing them to transfer servers. That way any account which does not have 2FA enabled will not be allowed to transfer servers, preventing future abuse/malicious activity.

If hacker gets access to account, they can just enable mfa, if it is not enabled already, so i do not think this check will add any security

@StupidRepo
Copy link
Contributor

StupidRepo commented Mar 7, 2025
edited
Loading

If hacker gets access to account, they can just enable mfa

You need the account's password to enable 2FA/MFA. If a hacker gains access to an account, it would most likely be via token rather than password. How can someone enable 2FA if they don't have the password?

StupidRepo
StupidRepo reviewed Mar 7, 2025
View reviewed changes
@LazyCat2
Copy link
Author

LazyCat2 commented Mar 7, 2025

If hacker gets access to account, they can just enable mfa

You need the account's password to enable 2FA/MFA. If a hacker gains access to an account, it would most likely be via token rather than password. How can someone enable 2FA if they don't have the password?

Ill try to add it later then

@StupidRepo
Copy link
Contributor

If hacker gets access to account, they can just enable mfa

You need the account's password to enable 2FA/MFA. If a hacker gains access to an account, it would most likely be via token rather than password. How can someone enable 2FA if they don't have the password?

Ill try to add it later then

👍🏻

@LazyCat2
Require TOTP
f9bb5d5 
Signed-off-by: LazyCat2 <68156188+LazyCat2@users.noreply.github.com>
@insertish insertish moved this from 💡 Ready to merge to 🆕 Untriaged in Pull Request Overview Mar 9, 2025
@LazyCat2
Copy link
Author

LazyCat2 commented Mar 9, 2025

image
seems to work I think

LazyCat2
LazyCat2 commented Mar 9, 2025
View reviewed changes
@LazyCat2 LazyCat2 marked this pull request as ready for review March 9, 2025 17:13
@LazyCat2
Require TOTP or password
c391982 
Signed-off-by: LazyCat2 <68156188+LazyCat2@users.noreply.github.com>
@github-project-automation github-project-automation bot moved this from 🆕 Untriaged to 💡 Ready to merge in Pull Request Overview Apr 2, 2025
@insertish insertish marked this pull request as draft April 2, 2025 10:57
@insertish
Copy link
Member

Just going to draft this while RFC is pending.

@insertish insertish assigned insertish and unassigned insertish Apr 25, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@StupidRepo StupidRepo StupidRepo left review comments

@MCausc78 MCausc78 MCausc78 left review comments

@insertish insertish insertish approved these changes

@IAmTomahawkx IAmTomahawkx IAmTomahawkx approved these changes

Assignees
No one assigned
Labels
None yet
Projects
Pull Request Overview
Status: 💡 Ready to merge
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

feature request: Server Ownership Transfer
5 participants
@LazyCat2 @StupidRepo @insertish @IAmTomahawkx @MCausc78