Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Does not work with user-key encryption #105

Open
PVince81 opened this issue Dec 8, 2017 · 4 comments
Open

Does not work with user-key encryption #105

PVince81 opened this issue Dec 8, 2017 · 4 comments
Labels
bug
Milestone
backlog

Comments

@PVince81
Copy link
Contributor

PVince81 commented Dec 8, 2017

OAuth2 should use the oc_authtoken API and pass access token instead of app password.

This would make it possible for the encryption code to decrypt the user's password to access the user's private key.

And whenever the access token is changed through refresh token, need to decrypt user password from oc_authtoken, delete the old entry, then add a new entry with the new access token.

I expect all this to be possible using the core's DefaultTokenProvider.

@DeepDiver1975 @pmaier1 @SamuAlfageme
@PVince81 PVince81 added the bug label Dec 8, 2017
@PVince81 PVince81 added this to the backlog milestone Dec 8, 2017
@ogoffart ogoffart mentioned this issue Dec 8, 2017
Closed
@ogoffart
Copy link

ogoffart commented Dec 8, 2017

This also means that the access token should not be stored plain text in the database. One can simply store a hash of the access token instead.

In order to be able to re-encrypt the password with a new access token, the password also need to be encrypted using the refresh token. Which means that the refresh token also can't be stored plain text and need to be hashed.

This was referenced Feb 8, 2018
Open
Open
@thommierother
Copy link

still open for 10.0.7.RC2

@PVince81
Copy link
Contributor Author

this will likely require changes in the oauth2 app

@SamuAlfageme SamuAlfageme mentioned this issue Mar 15, 2018
Merged
@felixboehm felixboehm removed this from the backlog milestone Apr 9, 2018
@SamuAlfageme SamuAlfageme mentioned this issue Apr 24, 2018
Closed
@PVince81 PVince81 added this to the backlog milestone Jul 31, 2018
@PVince81 PVince81 mentioned this issue Jul 31, 2018
Closed
@PVince81
Copy link
Contributor Author

I've now added an entry to the limitations of user-key encryption that need to be documented: owncloud-archive/documentation#4179 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
backlog
Development

No branches or pull requests
4 participants
@PVince81 @ogoffart @felixboehm @thommierother