upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-04-15 22:11:17 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 26
nextcloud/core/js
History
Lukas Reschke 6a16df7288
Add new auth flow 
This implements the basics for the new app-password based authentication flow for our clients.
The current implementation tries to keep it as simple as possible and works the following way:

1. Unauthenticated client opens `/index.php/login/flow`
2. User will be asked whether they want to grant access to the client
3. If accepted the user has the chance to do so using existing App Token or automatically generate an app password.

If the user chooses to use an existing app token then that one will simply be redirected to the `nc://` protocol handler.
While we can improve on that in the future, I think keeping this smaller at the moment has its advantages. Also, in the
near future we have to think about an automatic migration endpoint so there's that anyways :-)

If the user chooses to use the regular login the following happens:

1. A session state token is written to the session
2. User is redirected to the login page
3. If successfully authenticated they will be redirected to a page redirecting to the POST controller
4. The POST controller will check if the CSRF token as well as the state token is correct, if yes the user will be redirected to the `nc://` protocol handler.

This approach is quite simple but also allows to be extended in the future. One could for example allow external websites to consume this authentication endpoint as well.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-25 20:18:49 +02:00
..
files Fixed size issues on main detail view and disappearing of share recipients (#26603) 2016-12-23 16:56:55 +01:00
login Add new auth flow 2017-04-25 20:18:49 +02:00
public Remove the double password confirmation on changing cron 2017-03-13 15:52:16 +01:00
systemtags Merge systemtags JS 2017-03-24 20:08:27 +01:00
tests Merge pull request #4462 from danxuliu/fix-sharing-password-protected-link 2017-04-25 14:12:44 +02:00
apps.js Remove padding from apps navigation if there is no settings area 2016-11-23 18:41:35 +01:00
backgroundjobs.js Use tooltip for background jobs info tooltip 2016-07-13 13:01:17 +02:00
config.js Make AppConfig part of the public API 2016-10-21 09:09:23 +02:00
core.json Move to handlebars.min.js 2017-04-12 22:22:38 +02:00
eventsource.js Encode requesttoken 2015-02-16 20:28:30 +01:00
installation.js load showpassord.js conditionally in the template only if needed 2014-12-16 18:45:37 +01:00
integritycheck-failed-notification.js Allow to dismiss the code integrity warning 2016-10-20 11:33:29 +02:00
jquery-showpassword.js core: Fix typos (found by codespell) 2016-04-04 10:57:17 +02:00
jquery-ui-fixes.js Add jquery ui fixes js file 2016-11-25 16:44:51 +01:00
jquery.avatar.js Fix tests 2017-03-29 22:54:08 +02:00
jquery.ocdialog.js move more sizing logic to css 2016-11-28 14:05:46 +01:00
js.js Fix loading spinner for new app menu 2017-04-25 17:31:25 +02:00
l10n.js Harden t() with DOMPurify 2017-03-16 14:17:42 +01:00
login.js bring back dedicated log in button to make log in more usable 2016-10-06 16:48:10 +02:00
lostpassword.js Add at most 10 password reset requests per 5 minutes and IP range 2017-04-22 08:12:54 +02:00
maintenance-check.js Use OC.webroot instead of calculating the URL 2015-05-11 17:01:57 +02:00
merged-login.json Merge login JS 2017-03-24 21:18:24 +01:00
merged-share-backend.json Merge sharing backend JS 2017-03-24 20:17:38 +01:00
merged-template-prepend.json Merge JS for template prepend 2017-03-24 20:37:13 +01:00
mimetype.js Theming: Code cleanup and cache buster for mime icons 2016-11-18 10:23:24 +01:00
mimetypelist.js recognize LDIF (and schema) file types 2017-01-06 12:25:16 +01:00
multiselect.js Users page lazy multiselect group dropdowns 2016-08-29 13:34:13 +02:00
oc-backbone-webdav.js Backbone Webdav Adapter MKCOL support 2017-03-17 00:08:48 -06:00
oc-backbone.js Backbone transport for Webdav 2016-01-16 11:28:04 +01:00
oc-dialogs.js Fix translations 2017-04-18 16:40:53 -05:00
oc-requesttoken.js Do not add sensitive request headers for cross domain requests 2015-09-15 11:42:13 +02:00
octemplate.js Remove unneeded compatibility polyfills 2016-10-20 10:17:18 +02:00
placeholder.js Fix rgb values 2016-04-18 09:29:42 +02:00
select2-toggleselect.js Added system tags GUI in sidebar 2016-01-19 16:24:26 +01:00
setup.js Fix zxcvbn path in setup page (#26359) 2016-10-21 09:51:33 +02:00
setupchecks.js Fix translations 2017-04-18 16:40:53 -05:00
share.js Fix AdBlock blocking share icon, ref #866 2017-04-12 15:04:12 +02:00
shareconfigmodel.js allow admin to enforce password on mail shares 2017-04-20 16:33:26 +02:00
sharedialogexpirationview.js Fix some jshint issues in core/js/share* 2016-08-19 21:03:25 +02:00
sharedialoglinkshareview.js Merge pull request #4462 from danxuliu/fix-sharing-password-protected-link 2017-04-25 14:12:44 +02:00
sharedialogresharerinfoview.js Always enable avatars 2017-02-13 17:53:33 -06:00
sharedialogshareelistview.js allow to set a password for shares which where created without a password before the admin started to enforce the password 2017-04-20 16:33:26 +02:00
sharedialogview.js simplify share placeholder 2017-04-18 12:08:35 +02:00
shareitemmodel.js Merge pull request #4462 from danxuliu/fix-sharing-password-protected-link 2017-04-25 14:12:44 +02:00
sharesocialmanager.js Allow social sharing to specify if a new window is opened 2017-04-20 16:32:46 +02:00
singleselect.js Do not close container/slider when clicking on single select field 2014-08-15 12:44:00 +02:00
tags.js [tags] remove unneeded variables 2015-10-30 10:02:15 +01:00
update.js Spacing 2017-03-15 06:35:40 +00:00
visitortimezone.js Save the timezone on login again 2016-12-08 10:45:24 +01:00