From 4e56c2b4ef5028758aabebc326dca3df58ea4132 Mon Sep 17 00:00:00 2001 From: Jana Peper Date: Wed, 20 Nov 2024 16:00:30 +0100 Subject: [PATCH 1/4] fix: add password confirmation to change admin settings Signed-off-by: Jana Peper --- lib/Controller/SettingsController.php | 5 +++++ package-lock.json | 20 ++++++++++++++++++++ package.json | 1 + src/components/AdminSettings.vue | 5 +++++ 4 files changed, 31 insertions(+) diff --git a/lib/Controller/SettingsController.php b/lib/Controller/SettingsController.php index 9af6eba7..d2976294 100644 --- a/lib/Controller/SettingsController.php +++ b/lib/Controller/SettingsController.php @@ -15,6 +15,7 @@ use OCA\UserOIDC\Service\ID4MeService; use OCA\UserOIDC\Service\ProviderService; use OCP\AppFramework\Controller; +use OCP\AppFramework\Http\Attribute\PasswordConfirmationRequired; use OCP\AppFramework\Db\DoesNotExistException; use OCP\AppFramework\Http; use OCP\AppFramework\Http\JSONResponse; @@ -73,6 +74,7 @@ public function isDiscoveryEndpointValid($url) { return $result; } + #[PasswordConfirmationRequired] public function createProvider(string $identifier, string $clientId, string $clientSecret, string $discoveryEndpoint, array $settings = [], string $scope = 'openid email profile', ?string $endSessionEndpoint = null): JSONResponse { if ($this->providerService->getProviderByIdentifier($identifier) !== null) { @@ -103,6 +105,7 @@ public function createProvider(string $identifier, string $clientId, string $cli return new JSONResponse(array_merge($provider->jsonSerialize(), ['settings' => $providerSettings])); } + #[PasswordConfirmationRequired] public function updateProvider(int $providerId, string $identifier, string $clientId, string $discoveryEndpoint, ?string $clientSecret = null, array $settings = [], string $scope = 'openid email profile', ?string $endSessionEndpoint = null): JSONResponse { $provider = $this->providerMapper->getProvider($providerId); @@ -139,6 +142,7 @@ public function updateProvider(int $providerId, string $identifier, string $clie return new JSONResponse(array_merge($provider->jsonSerialize(), ['settings' => $providerSettings])); } + #[PasswordConfirmationRequired] public function deleteProvider(int $providerId): JSONResponse { try { $provider = $this->providerMapper->getProvider($providerId); @@ -160,6 +164,7 @@ public function getID4ME(): bool { return $this->id4meService->getID4ME(); } + #[PasswordConfirmationRequired] public function setID4ME(bool $enabled): JSONResponse { $this->id4meService->setID4ME($enabled); return new JSONResponse(['enabled' => $this->getID4ME()]); diff --git a/package-lock.json b/package-lock.json index e5186ef0..088de0fe 100644 --- a/package-lock.json +++ b/package-lock.json @@ -13,6 +13,7 @@ "@nextcloud/dialogs": "^5.3.7", "@nextcloud/initial-state": "^2.2.0", "@nextcloud/logger": "^2.7.0", + "@nextcloud/password-confirmation": "^5.1.1", "@nextcloud/router": "^3.0.1", "@nextcloud/vue": "^8.19.0", "jstz": "^2.1.1", @@ -2805,6 +2806,25 @@ "npm": "^9.0.0" } }, + "node_modules/@nextcloud/password-confirmation": { + "version": "5.1.1", + "resolved": "https://registry.npmjs.org/@nextcloud/password-confirmation/-/password-confirmation-5.1.1.tgz", + "integrity": "sha512-UlQcjVe/fr/JaJ6TWaRM+yBLIEZRU6RWMy0JoExcA6UVJs2HJrRIyVMuiCLuIYlH23ReJH+z7zFI3+V7vdeJ1Q==", + "license": "MIT", + "dependencies": { + "@nextcloud/axios": "^2.5.0", + "@nextcloud/l10n": "^3.1.0", + "@nextcloud/router": "^3.0.1" + }, + "engines": { + "node": "^20.0.0", + "npm": "^10.0.0" + }, + "peerDependencies": { + "@nextcloud/vue": "^8.0.0", + "vue": "^2.7.16" + } + }, "node_modules/@nextcloud/paths": { "version": "2.2.1", "resolved": "https://registry.npmjs.org/@nextcloud/paths/-/paths-2.2.1.tgz", diff --git a/package.json b/package.json index 7463a550..5039ad8e 100644 --- a/package.json +++ b/package.json @@ -26,6 +26,7 @@ "@nextcloud/dialogs": "^5.3.7", "@nextcloud/initial-state": "^2.2.0", "@nextcloud/logger": "^2.7.0", + "@nextcloud/password-confirmation": "^5.1.1", "@nextcloud/router": "^3.0.1", "@nextcloud/vue": "^8.19.0", "jstz": "^2.1.1", diff --git a/src/components/AdminSettings.vue b/src/components/AdminSettings.vue index 16680c87..3eef0061 100644 --- a/src/components/AdminSettings.vue +++ b/src/components/AdminSettings.vue @@ -111,6 +111,7 @@ import NcActions from '@nextcloud/vue/dist/Components/NcActions.js' import NcActionButton from '@nextcloud/vue/dist/Components/NcActionButton.js' import NcModal from '@nextcloud/vue/dist/Components/NcModal.js' import NcCheckboxRadioSwitch from '@nextcloud/vue/dist/Components/NcCheckboxRadioSwitch.js' +import { confirmPassword } from '@nextcloud/password-confirmation' import logger from '../logger.js' import SettingsForm from './SettingsForm.vue' @@ -171,6 +172,7 @@ export default { }, methods: { async onId4MeChange(newValue) { + await confirmPassword() logger.info('ID4me state changed', { enabled: newValue }) this.loadingId4Me = true @@ -194,6 +196,7 @@ export default { this.editProvider = null }, async onUpdate(provider) { + await confirmPassword() logger.info('Update oidc provider', { data: provider }) const url = generateUrl(`/apps/user_oidc/provider/${provider.id}`) @@ -208,6 +211,7 @@ export default { } }, async onRemove(provider) { + await confirmPassword() logger.info('Remove oidc provider', { provider }) const url = generateUrl(`/apps/user_oidc/provider/${provider.id}`) @@ -221,6 +225,7 @@ export default { } }, async onSubmit() { + await confirmPassword() logger.info('Add new oidc provider', { data: this.newProvider }) const url = generateUrl('/apps/user_oidc/provider') From fd3b658bfbdd171f0950b36caac30d1870782a99 Mon Sep 17 00:00:00 2001 From: Jana Peper Date: Wed, 20 Nov 2024 16:17:29 +0100 Subject: [PATCH 2/4] fix cs error Signed-off-by: Jana Peper --- lib/Controller/SettingsController.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/Controller/SettingsController.php b/lib/Controller/SettingsController.php index d2976294..3b4f8f7b 100644 --- a/lib/Controller/SettingsController.php +++ b/lib/Controller/SettingsController.php @@ -15,9 +15,9 @@ use OCA\UserOIDC\Service\ID4MeService; use OCA\UserOIDC\Service\ProviderService; use OCP\AppFramework\Controller; -use OCP\AppFramework\Http\Attribute\PasswordConfirmationRequired; use OCP\AppFramework\Db\DoesNotExistException; use OCP\AppFramework\Http; +use OCP\AppFramework\Http\Attribute\PasswordConfirmationRequired; use OCP\AppFramework\Http\JSONResponse; use OCP\Http\Client\IClientService; use OCP\IRequest; From e989167ad0a1f45673d452d64687b6af33f641c2 Mon Sep 17 00:00:00 2001 From: janepie <49834966+janepie@users.noreply.github.com> Date: Wed, 20 Nov 2024 18:09:21 +0100 Subject: [PATCH 3/4] Update lib/Controller/SettingsController.php Co-authored-by: Julien Veyssier Signed-off-by: janepie <49834966+janepie@users.noreply.github.com> --- lib/Controller/SettingsController.php | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/lib/Controller/SettingsController.php b/lib/Controller/SettingsController.php index 3b4f8f7b..fbce96a6 100644 --- a/lib/Controller/SettingsController.php +++ b/lib/Controller/SettingsController.php @@ -17,7 +17,6 @@ use OCP\AppFramework\Controller; use OCP\AppFramework\Db\DoesNotExistException; use OCP\AppFramework\Http; -use OCP\AppFramework\Http\Attribute\PasswordConfirmationRequired; use OCP\AppFramework\Http\JSONResponse; use OCP\Http\Client\IClientService; use OCP\IRequest; @@ -74,7 +73,9 @@ public function isDiscoveryEndpointValid($url) { return $result; } - #[PasswordConfirmationRequired] + /** + * @PasswordConfirmationRequired + */ public function createProvider(string $identifier, string $clientId, string $clientSecret, string $discoveryEndpoint, array $settings = [], string $scope = 'openid email profile', ?string $endSessionEndpoint = null): JSONResponse { if ($this->providerService->getProviderByIdentifier($identifier) !== null) { @@ -105,7 +106,9 @@ public function createProvider(string $identifier, string $clientId, string $cli return new JSONResponse(array_merge($provider->jsonSerialize(), ['settings' => $providerSettings])); } - #[PasswordConfirmationRequired] + /** + * @PasswordConfirmationRequired + */ public function updateProvider(int $providerId, string $identifier, string $clientId, string $discoveryEndpoint, ?string $clientSecret = null, array $settings = [], string $scope = 'openid email profile', ?string $endSessionEndpoint = null): JSONResponse { $provider = $this->providerMapper->getProvider($providerId); @@ -142,7 +145,9 @@ public function updateProvider(int $providerId, string $identifier, string $clie return new JSONResponse(array_merge($provider->jsonSerialize(), ['settings' => $providerSettings])); } - #[PasswordConfirmationRequired] + /** + * @PasswordConfirmationRequired + */ public function deleteProvider(int $providerId): JSONResponse { try { $provider = $this->providerMapper->getProvider($providerId); @@ -164,7 +169,9 @@ public function getID4ME(): bool { return $this->id4meService->getID4ME(); } - #[PasswordConfirmationRequired] + /** + * @PasswordConfirmationRequired + */ public function setID4ME(bool $enabled): JSONResponse { $this->id4meService->setID4ME($enabled); return new JSONResponse(['enabled' => $this->getID4ME()]); From 7384317522554c69e6335d43664bbe39843d393c Mon Sep 17 00:00:00 2001 From: Jana Peper Date: Thu, 21 Nov 2024 10:58:24 +0100 Subject: [PATCH 4/4] fix: trigger error message when pw confirmation canceled Signed-off-by: Jana Peper --- src/components/AdminSettings.vue | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/components/AdminSettings.vue b/src/components/AdminSettings.vue index 3eef0061..b2c64354 100644 --- a/src/components/AdminSettings.vue +++ b/src/components/AdminSettings.vue @@ -172,11 +172,11 @@ export default { }, methods: { async onId4MeChange(newValue) { - await confirmPassword() logger.info('ID4me state changed', { enabled: newValue }) this.loadingId4Me = true try { + await confirmPassword() const url = generateUrl('/apps/user_oidc/provider/id4me') await axios.post(url, {