-
Notifications
You must be signed in to change notification settings - Fork 159
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[full-ci] Rework auth handling (#7072)
Introduce new authentication architecture Co-authored-by: Benedikt Kulmann <benedikt@kulmann.biz>
- Loading branch information
Showing
179 changed files
with
2,659 additions
and
1,922 deletions.
There are no files selected for viewing
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
Bugfix: Logout deleted user on page reload | ||
|
||
A user that gets disabled or deleted in the backend now sees an authentication error page upon page reload. | ||
From there they can now properly reach the login page to log in again via a different user (or leave the page entirely). | ||
|
||
https://github.com/owncloud/web/issues/4677 | ||
https://github.com/owncloud/web/issues/4564 | ||
https://github.com/owncloud/web/issues/4795 | ||
https://github.com/owncloud/web/pull/7072 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
Bugfix: Access token renewal | ||
|
||
Access token renewals had some flaws which have been fixed as follows: | ||
- OAuth2: access token renewal was not working at all, fixed by switching to authorization code flow with PKCE extension and by migrating from the unmaintained `oidc-client` library to `oidc-client-ts`. | ||
- OpenID Connect: when `offline_access` scope was not requested each token renewal caused a redirect to `/`, which was due to a faulty token update implementation and is fixed. | ||
|
||
WARNING: With a setup of ownCloud 10.x.x + oauth2-app older than v0.5.3 this bugfix is a breaking change. | ||
There was a bug in the oauth2-app that required to add the `clientSecret` in the `auth` section of the `config.json` file (although code flow with PKCE doesn't need it). | ||
To mitigate this, please add the `clientSecret` for your `clientId` to the `config.json` file. If the oauth2-app v0.5.3 or newer is | ||
used that's not needed. | ||
|
||
https://github.com/owncloud/web/issues/7030 | ||
https://github.com/owncloud/web/pull/7072 |
9 changes: 9 additions & 0 deletions
9
changelog/unreleased/enhancement-blocking-application-bootstrap
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
Enhancement: Loading context blocks application bootstrap | ||
|
||
The bootstrap architecture has been improved to ensure that the respective context (user or public link) | ||
is fully resolved before applications can finalize their boot process and switch over to rendering their content. | ||
This means that application developers can rely on user data / public link data being loaded (including | ||
e.g. capabilities) when the web runtime triggers the boot processes and rendering of applications. | ||
|
||
https://github.com/owncloud/web/issues/7030 | ||
https://github.com/owncloud/web/pull/7072 |
10 changes: 10 additions & 0 deletions
10
changelog/unreleased/enhancement-resolve-bookmarked-public-links-with-password
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
Enhancement: Resolve bookmarked public links with password protection | ||
|
||
Bookmarks to a public link (e.g. when user navigated into a subfolder and then created a bookmark) or | ||
to an app that was opened from a public link (e.g. photo opened in preview app) now properly resolve | ||
the public link context before loading the bookmarked content. This includes a roundtrip to the | ||
password input prompt for password protected public link, e.g. when a password was set in the first | ||
place, has been changed in the meantime, etc. | ||
|
||
https://github.com/owncloud/web/issues/7030 | ||
https://github.com/owncloud/web/pull/7072 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.