Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Two Factor API #49443

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

feat: Two Factor API #49443

wants to merge 1 commit into from
+449 −0

Conversation

SebastianKrupinski
Copy link
Contributor

@SebastianKrupinski SebastianKrupinski commented Nov 23, 2024
edited
Loading

Ability to check/enable/disable configured 2FA with API endpoint

Request State

GET /twofactor/state?user=user1

Request Disable

POST /twofactor/disable

{
  "user": "user1",
  "providers": [
    "backup_codes",
    "totp"
  ]
}

Request Enable

POST /twofactor/enable

{
  "user": "user2",
  "providers": [
    "backup_codes",
    "totp"
  ]
}

@SebastianKrupinski SebastianKrupinski added the 2. developing Work in progress label Nov 23, 2024
@SebastianKrupinski SebastianKrupinski self-assigned this Nov 23, 2024
@SebastianKrupinski SebastianKrupinski marked this pull request as draft November 23, 2024 00:12
nickvergessen
nickvergessen requested changes Dec 15, 2024
View reviewed changes
core/Controller/TwoFactorApiController.php Outdated Show resolved Hide resolved
core/Controller/TwoFactorApiController.php Outdated Show resolved Hide resolved
core/Controller/TwoFactorApiController.php Outdated Show resolved Hide resolved
@SebastianKrupinski SebastianKrupinski force-pushed the feat/issue-994-two-factor-api branch 2 times, most recently from c40f0c2 to 462afd8 Compare December 28, 2024 10:10
@SebastianKrupinski SebastianKrupinski marked this pull request as ready for review December 28, 2024 10:37
@provokateurin
Copy link
Member

All the endpoints are only intended to be used by admins?
This PR lacks context that explains for what feature this is needed.

@SebastianKrupinski
Copy link
Contributor Author

All the endpoints are only intended to be used by admins? This PR lacks context that explains for what feature this is needed.

Apologies, didn't realize I did not link the issue ticket. I've updated the description.

@SebastianKrupinski SebastianKrupinski force-pushed the feat/issue-994-two-factor-api branch from 462afd8 to 3e2659b Compare December 31, 2024 01:13
provokateurin
provokateurin approved these changes Jan 6, 2025
View reviewed changes
Copy link
Member

@provokateurin provokateurin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fine by me

ChristophWurst
ChristophWurst reviewed Jan 7, 2025
View reviewed changes
Copy link
Member

@ChristophWurst ChristophWurst left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good otherwise

core/Controller/TwoFactorApiController.php Outdated
*
* 200: user/provider states
*/
#[ApiRoute(verb: 'POST', url: '/state', root: '/twofactor')]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be a GET

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey,

The reason this is a POST is because its pretty messy to send an array of user names in a GET url.

This command retrieves the states for specific users not just one user.

POST /twofactor/state

{
"users": ["admin", "user1", "user2"]
}

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is possible using this syntax: ?user[]=a&user[]=b, but indeed very ugly. Not sure what is better here 😅

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

GET is the right verb here. If the arguments make the URL ugly so be it.

As an alternative you could drop the bulk operation aspect. It's not a concept I've seen with any other Nextcloud APIs. If there is only one user, like with the occ command, the URL will become "pretty" again.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed, if there is no need to query multiple users at once then it is much better to only implement it for a single user.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well the idea behind the bulk operation was that an external system can check the state of 2fa on a 100+ accounts at the same time instead of doing 100 requests.

But if you insist on this being a GET then having this as an array makes it ugly. I'll change it.

ChristophWurst
ChristophWurst requested changes Jan 15, 2025
View reviewed changes
core/Controller/TwoFactorApiController.php Outdated
*
* 200: user/provider states
*/
#[ApiRoute(verb: 'POST', url: '/state', root: '/twofactor')]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

POST is still used here.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, its because I didn't see you comments before asking for a review.

@SebastianKrupinski SebastianKrupinski force-pushed the feat/issue-994-two-factor-api branch from 3e2659b to 900130c Compare January 15, 2025 20:14
@SebastianKrupinski
feat: Two Factor API
332fa63 
Signed-off-by: SebastianKrupinski <[email protected]>
@SebastianKrupinski SebastianKrupinski force-pushed the feat/issue-994-two-factor-api branch from 68f0716 to 332fa63 Compare January 16, 2025 13:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@provokateurin provokateurin provokateurin approved these changes

@ChristophWurst ChristophWurst ChristophWurst approved these changes

@nickvergessen nickvergessen Awaiting requested review from nickvergessen

Requested changes must be addressed to merge this pull request.

Assignees

@SebastianKrupinski SebastianKrupinski

Labels
2. developing Work in progress
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@SebastianKrupinski @provokateurin @nickvergessen @ChristophWurst