twofactor_gateway icon indicating copy to clipboard operation
twofactor_gateway copied to clipboard

Published 20 hours ago • verified publisher icon nextcloud

Hide not configured gateways for users

Open robrec opened this issue 4 years ago • 2 comments

i cant find anything in the administrator documentation, so i hope to find answers here :)

i want to "not showup" the not configured gateways in settings/user/security

Is there a way already builtin? Thanks!!

robrec avatar Jul 02 '20 10:07 robrec

I thought this is a known issue but apparently nobody reported it.

So, yeah, I know about this. There is no setting right now.

Any help with an implementation is welcome. This is purely a community app.

ChristophWurst avatar Jul 02 '20 11:07 ChristophWurst

I've briefly looked into this issue and it seems somewhat problematic to implement as the Vue component in personal settings only controls what is below the 2FA provider name and icon wrapped in an h3 tag and rendered server-side in apps/settings/templates/settings/personal/security/twofactor.php. Also, the way IProvider interface only supports determining whether a given 2FA provider is enabled for a given user and doesn't contain additional state indicating that a given method is configured/unconfigured, based on which personal settings of that method could be conditionally omitted. Given those entanglements, I have found 3 potential solutions to implement such functionality:

  1. Marking each top-level DOM element controlled by the Vue component with an appropriate CSS class if the gateway that it represents is unconfigured and creating a separate JS script which removes their parent elements once the page loads. I've already implemented that and it seems to be working fine: https://github.com/kffl/twofactor_gateway/commit/ec378ef8dbceabc168d2a496cb52c1503874b487, but it's a rather hacky solution.
  2. Conditionally adding/removing <provider> entries from info.xml based on occ commands used to configure various gateways offered by this app. Unfortunately, code that re-writes itself (even if it's XML) is a bad pattern and I would be more inclined to accept such a hacky solution on the frontend rather than on the backend, especially given the fact that this is a security-oriented app.
  3. Splitting this app into three separate ones: SMS, Signal and Telegram 2FA Providers. While I'm aware of the state of this project as described in #454, it seems to be the cleanest solution, although requiring additional maintenance efforts.

Would love to hear your feedback. Perhaps I'm still missing something.

kffl avatar Oct 16 '21 13:10 kffl