twofactor_email "works" if enabled with Nextcloud 30 [NOT A BUG] #378
Comments
mmccarn
changed the title
|
Actually, I expect twofactor_email to work unchanged (when manually enabled as "untested app") as long as there are no real big breaking changes in nextcloud server and its OCA / OCP frameworks. There are however some security concerns with these frameworks that have been addresses. Thus, a rebuild is necessary. That rebuild rendered several other security issues with development dependencies. I tried to fix them but was not able to. I thought that this is due to older framework components, so I had the app rebased on twofactor_totp as v3. Unfortunately, my dev did not finish the job so far as that I could release it. I tried to fix it myself which obviously wasn't a good idea since I failed after putting several days work in it. I had to do other stuff since then and so, that's the current status. I'm working on it and I got offered both financial support (to hire a dev) and a hand with development. I'll try to do it with the guys a asked beforehand first but will use these resources if we don't succeed. Thanks for such offers, greatly appreciated. Even more, I'd be honored if somebody would like to co-maintain. But beware that neither Nextcloud nor this app will ever meet the criteria of 'provable security'. This is a formal thing. To do that on a highly asynchronous system as Nextcloud seems not viable to me. |
nursoda
added
help wanted
@nursoda What is the current status? :) |
twofactor_email (still) works for me in Nextcloud 30 after being enabled manually.
As before, I can:
IMPORTANT
I am NOT claiming that the app provides provable security (which I think is why it is not certified with NC after v28), only that the flow works and allows logins.
The text was updated successfully, but these errors were encountered: