nursoda
twofactor_email "works" if enabled with Nextcloud 30 [NOT A BUG]
twofactor_email (still) works for me in Nextcloud 30 after being enabled manually.
sudo -u www-data php /var/www/nextcloud/occ app:enable twofactor_email
As before, I can:
- Enter my username & password
- Request a two factor code by email
- Receive the code
- Complete the login
IMPORTANT
I am NOT claiming that the app provides provable security (which I think is why it is not certified with NC after v28), only that the flow works and allows logins.
Actually, I expect twofactor_email to work unchanged (when manually enabled as "untested app") as long as there are no real big breaking changes in nextcloud server and its OCA / OCP frameworks. There are however some security concerns with these frameworks that have been addresses. Thus, a rebuild is necessary. That rebuild rendered several other security issues with development dependencies. I tried to fix them but was not able to. I thought that this is due to older framework components, so I had the app rebased on twofactor_totp as v3. Unfortunately, my dev did not finish the job so far as that I could release it. I tried to fix it myself which obviously wasn't a good idea since I failed after putting several days work in it. I had to do other stuff since then and so, that's the current status. I'm working on it and I got offered both financial support (to hire a dev) and a hand with development. I'll try to do it with the guys a asked beforehand first but will use these resources if we don't succeed. Thanks for such offers, greatly appreciated. Even more, I'd be honored if somebody would like to co-maintain.
But beware that neither Nextcloud nor this app will ever meet the criteria of 'provable security'. This is a formal thing. To do that on a highly asynchronous system as Nextcloud seems not viable to me.
I'm working on it and I got offered both financial support (to hire a dev) and a hand with development. I'll try to do it with the guys a asked beforehand first but will use these resources if we don't succeed.
@nursoda What is the current status? :)
I'm working on it and I got offered both financial support (to hire a dev) and a hand with development. I'll try to do it with the guys a asked beforehand first but will use these resources if we don't succeed.
@nursoda What is the current status? :)
Copy that @nursoda ⚠️ It's been a while...
In this comment of the issue to support newer versions of Nextcloud https://github.com/nursoda/twofactor_email/issues/376#issuecomment-2117418397 it was mentioned, that development will continue in a new repository of a new organisation: https://github.com/datenschutz-individuell/twofactor_email To track the development status for newer Nextcloud versions the following issue exists: https://github.com/datenschutz-individuell/twofactor_email/issues/2
Compatibility with NC 29-31 is solved by NielBuys' PR and my release 2.8.0 today.
Note: Originally, I wasn't planning to release another v2 version still it uses vue2, and that is EOL since end of 2023. However, I see that a solution for newer NCs was overdue, so I published one since my personal situation does not allow me to get v3 (in the new repo mentioned above) to a state where I dare to release it to MANY users.
But neither this repo nor the new one is abandoned.