Skip to content

Fix two-factor enable over API #40617

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
pako81 merged 3 commits into from
Feb 8, 2023
Merged

Fix two-factor enable over API #40617

pako81 merged 3 commits into from
Feb 8, 2023

Conversation

@pako81
Copy link

@pako81 pako81 commented Feb 3, 2023
edited
Loading

Description

Fix reactivation of two-factor auth when using provisioning API.

Motivation and Context

Using the provisioning API for reenabling two-factor auth for an user is currently broken.

  1. Running:
curl -X PUT http://admin:[email protected]/ocs/v1.php/cloud/users/user1 -d key="two_factor_auth_enabled" -d value="false"

correctly disable two-factor auth for that user. The configkey two_factor_auth_disabled is correctly set to the configvalue 1 in oc_preferences and user can normally login with username/password.

  1. However, running:
curl -X PUT http://admin:[email protected]/ocs/v1.php/cloud/users/user1 -d key="two_factor_auth_enabled" -d value="true"

does not correctly reenable two-factor auth for the user. The configkey two_factor_auth_disabled is not removed from the oc_preferences table and two-factor is still not enforced.

How Has This Been Tested?

Manually: by following the steps above.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Database schema changes (next release will require increase of minor version instead of patch)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Technical debt
  • Tests only (no source changes)

Checklist:

  • Code changes
  • Unit tests added
  • Acceptance tests added
  • Documentation ticket raised
  • Changelog item

@pako81 pako81 added this to the development milestone Feb 3, 2023
@pako81 pako81 self-assigned this Feb 3, 2023
@pako81 pako81 requested a review from DeepDiver1975 February 3, 2023 11:49
DeepDiver1975
DeepDiver1975 requested changes Feb 8, 2023
View reviewed changes
Copy link
Member

@DeepDiver1975 DeepDiver1975 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

change log is missing - will add it

@sonarqubecloud
Copy link

sonarqubecloud bot commented Feb 8, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

100.0% 100.0% Coverage
0.0% 0.0% Duplication

@pako81 pako81 merged commit 29dcfa8 into master Feb 8, 2023
@delete-merged-branch delete-merged-branch bot deleted the api_two_factor_auth branch February 8, 2023 10:15
@owncloud owncloud deleted a comment from update-docs bot Feb 8, 2023
@jnweiger
Copy link
Contributor

jnweiger commented Mar 2, 2023
edited
Loading

Confirmed fixed in 10.12.0-rc.2
-d key="two_factor_auth_enabled" -d value="true" works correctly.

However
-d key="two_factor_auth_enabled" -d value="yes" or
-d key="two_factor_auth_enabled" -d value="1" dont. The 'two_factor_auth_disabled' configkey remains at 1.
Both are accepted with nice statuscode 100 and no hint that they do nothing.

@pako81
Copy link
Author

pako81 commented Mar 3, 2023

AFAICT two_factor_auth_enabled is currently the only boolean value when editing the user https://github.com/owncloud/core/blob/master/apps/provisioning_api/lib/Users.php#L295-L339. Do we want to also cover the case yes/no and 1/0 ?

@DeepDiver1975
Copy link
Member

DeepDiver1975 commented Mar 3, 2023

Boolean values are true and false.
No need to support anything else

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@DeepDiver1975 DeepDiver1975 DeepDiver1975 approved these changes

@phil-davis phil-davis phil-davis approved these changes

Assignees

@pako81 pako81

Labels

3 - To Review

Projects

None yet

Milestone

development

Development

Successfully merging this pull request may close these issues.

5 participants

@pako81 @jnweiger @DeepDiver1975 @phil-davis