Skip to content

feat: Add SetupCheck to warn about missing second factor provider #57854

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
come-nc wants to merge 3 commits into
base: master
Choose a base branch
from
Open

feat: Add SetupCheck to warn about missing second factor provider #57854

come-nc wants to merge 3 commits into from
+75 −2

Conversation

@come-nc
Copy link
Contributor

@come-nc come-nc commented Jan 27, 2026

Summary

Add warning if no two factor auth provider is found.

Checklist

@come-nc come-nc self-assigned this Jan 27, 2026
@come-nc come-nc added the 3. to review Waiting for reviews label Jan 27, 2026
@come-nc come-nc requested review from Altahrim, ArtificialOwl, icewind1991 and salmart-dev and removed request for a team January 27, 2026 16:07
@come-nc
Copy link
Contributor Author

come-nc commented Jan 27, 2026

/backport to stable33

@come-nc
Copy link
Contributor Author

come-nc commented Jan 27, 2026

/backport to stable32

szaimen
szaimen reviewed Jan 29, 2026
View reviewed changes
ChristophWurst
ChristophWurst reviewed Jan 29, 2026
View reviewed changes
Copy link
Member

@ChristophWurst ChristophWurst left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some comments. I don't think this should succeed when only backup codes are available. It needs at least one real 2FA provider.

@come-nc
feat: Add SetupCheck to warn about missing second factor provider
1f5e6cb 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
@come-nc
fix(settings): Only consider primary providers for 2FA setup check
8475bed 
In practice this filters out backup codes. Also fixed the english
 formulation and the copyright year.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
@come-nc come-nc force-pushed the feat/add-twofactor-warning branch from bc8c02c to 8475bed Compare February 2, 2026 10:55
@come-nc
feat: Add info level result if 2FA is not enforced
26cec2d 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
@come-nc come-nc force-pushed the feat/add-twofactor-warning branch from f7e0f8e to 26cec2d Compare February 3, 2026 14:51
szaimen
szaimen approved these changes Feb 3, 2026
View reviewed changes
Copy link
Contributor

@szaimen szaimen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM but did not test

@szaimen szaimen added this to the Nextcloud 34 milestone Feb 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nickvergessen nickvergessen nickvergessen left review comments

@miaulalala miaulalala miaulalala left review comments

@szaimen szaimen szaimen approved these changes

@ArtificialOwl ArtificialOwl Awaiting requested review from ArtificialOwl ArtificialOwl is a code owner automatically assigned from nextcloud/server-backend

@icewind1991 icewind1991 Awaiting requested review from icewind1991 icewind1991 is a code owner automatically assigned from nextcloud/server-backend

@Altahrim Altahrim Awaiting requested review from Altahrim Altahrim is a code owner automatically assigned from nextcloud/server-backend

@salmart-dev salmart-dev Awaiting requested review from salmart-dev salmart-dev is a code owner automatically assigned from nextcloud/server-backend

@marcoambrosini marcoambrosini Awaiting requested review from marcoambrosini

@kra-mo kra-mo Awaiting requested review from kra-mo

@ChristophWurst ChristophWurst Awaiting requested review from ChristophWurst ChristophWurst is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees

@come-nc come-nc

Labels

3. to review Waiting for reviews backport-request

Projects

None yet

Milestone

Nextcloud 34

Development

Successfully merging this pull request may close these issues.

Add warning to Setup Checks when 2FA is not enabled and when instance is outdated

6 participants

@come-nc @nickvergessen @ChristophWurst @miaulalala @szaimen