Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(auth): Keep redirect URL during 2FA setup and challenge #44745

Merged
merged 1 commit into from
Apr 23, 2024
Merged

fix(auth): Keep redirect URL during 2FA setup and challenge #44745

merged 1 commit into from
Apr 23, 2024

Conversation

ChristophWurst
Copy link
Member

@ChristophWurst ChristophWurst commented Apr 9, 2024
edited
Loading

Summary

The redirect URL is crucial when a user is sent to Nextcloud to grant access for clients during the login flow. Without this, users will log in and land on the default page instead of the grant page for the setup.

How to test

  1. Log in as admin
  2. Enforce 2FA
  3. Install a 2FA provider like TOTP
  4. Log out
  5. Open /settings/user -> you get redirected to the login (note the redirect URL in the address bar)
  6. Follow the steps to set up TOTP and confirm your OTP for the first time (always note the redirect URL in the address bar)

Master: land at /apps/dashboard, /apps/files or whatever the default is
Here: land at /settings/user

TODO

  • ...

Checklist

@ChristophWurst ChristophWurst added this to the Nextcloud 30 milestone Apr 9, 2024
@ChristophWurst ChristophWurst self-assigned this Apr 9, 2024
@ChristophWurst
Copy link
Member Author

/backport to stable29

@ChristophWurst
Copy link
Member Author

/backport to stable28

@ChristophWurst
Copy link
Member Author

/backport to stable27

github-advanced-security[bot]
github-advanced-security bot found potential problems Apr 9, 2024
View reviewed changes
core/Controller/TwoFactorChallengeController.php Fixed Show fixed Hide fixed
core/Controller/TwoFactorChallengeController.php Fixed Show fixed Hide fixed
core/Middleware/TwoFactorMiddleware.php
$params = [
'redirect_url' => $this->request->getParam('redirect_url'),
];
if (!isset($params['redirect_url']) && isset($this->request->server['REQUEST_URI'])) {

Check notice

Code scanning / Psalm

NoInterfaceProperties Note

Interfaces cannot have properties
nickvergessen
nickvergessen reviewed Apr 9, 2024
View reviewed changes
core/Middleware/TwoFactorMiddleware.php
$params = [
'redirect_url' => $this->request->getParam('redirect_url'),
];
if (!isset($params['redirect_url']) && isset($this->request->server['REQUEST_URI'])) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I still find it disturbing that isset is false when the value is null...

st3iny
st3iny approved these changes Apr 11, 2024
View reviewed changes
Copy link
Member

@st3iny st3iny left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested and works.

@ChristophWurst ChristophWurst added 4. to release Ready to be released and/or waiting for tests to finish and removed 3. to review Waiting for reviews labels Apr 11, 2024
github-advanced-security[bot]
github-advanced-security bot found potential problems Apr 17, 2024
View reviewed changes
core/Controller/TwoFactorChallengeController.php
@@ -230,7 +231,7 @@
* @NoCSRFRequired
*/
#[FrontpageRoute(verb: 'GET', url: 'login/setupchallenge/{providerId}')]
public function setupProvider(string $providerId) {
public function setupProvider(string $providerId, ?string $redirect_url = null) {

Check notice

Code scanning / Psalm

MissingReturnType Note

Method OC\Core\Controller\TwoFactorChallengeController::setupProvider does not have a return type, expecting OCP\AppFramework\Http\RedirectResponse<303, array<never, never>>|OCP\AppFramework\Http\StandaloneTemplateResponse<mixed, mixed>
core/Controller/TwoFactorChallengeController.php
@@ -264,11 +266,12 @@
* @todo handle the extreme edge case of an invalid provider ID and redirect to the provider selection page
*/
#[FrontpageRoute(verb: 'POST', url: 'login/setupchallenge/{providerId}')]
public function confirmProviderSetup(string $providerId) {
public function confirmProviderSetup(string $providerId, ?string $redirect_url = null) {

Check notice

Code scanning / Psalm

MissingReturnType Note

Method OC\Core\Controller\TwoFactorChallengeController::confirmProviderSetup does not have a return type, expecting OCP\AppFramework\Http\RedirectResponse<303, array<never, never>>
@ChristophWurst
fix(auth): Keep redirect URL during 2FA setup and challenge
22dc278 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
@ChristophWurst ChristophWurst merged commit 0211ed5 into master Apr 23, 2024
157 checks passed
@ChristophWurst ChristophWurst deleted the fix/auth/2fa-redirect-url branch April 23, 2024 07:34
This was referenced Apr 23, 2024
Closed
Draft
Merged
@blizzz blizzz mentioned this pull request Jul 24, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nickvergessen nickvergessen nickvergessen approved these changes

@st3iny st3iny st3iny approved these changes

@miaulalala miaulalala Awaiting requested review from miaulalala miaulalala is a code owner

@SystemKeeper SystemKeeper Awaiting requested review from SystemKeeper

@Ivansss Ivansss Awaiting requested review from Ivansss

Assignees

@ChristophWurst ChristophWurst

Labels
4. to release Ready to be released and/or waiting for tests to finish bug feature: authentication
Projects
💌 📅 👥 Groupware team
Archived in project
Milestone
Nextcloud 30
Development

Successfully merging this pull request may close these issues.
3 participants
@ChristophWurst @nickvergessen @st3iny