Skip to content

Add authentication to updater #233

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
LukasReschke merged 2 commits into from
Feb 9, 2016
Merged

Add authentication to updater #233

LukasReschke merged 2 commits into from
Feb 9, 2016

Conversation

@LukasReschke
Copy link
Member

@LukasReschke LukasReschke commented Feb 9, 2016

This adds some authentication to the updater using a shared secret in config.php. The whole process is cookieless and thus if somebody closes the tab all authentication is gone (which is desired from a security PoV)

To test this define an updater.secret in config.php and try to access it with a valid or invalid token.

The next step is to add the automagic login from core once this is in. We can do that using the new updatenotification app at owncloud/core#22238.

@VicDeo Please review.

@LukasReschke LukasReschke added this to the 9.0-current milestone Feb 9, 2016
@LukasReschke LukasReschke mentioned this pull request Feb 9, 2016
Closed
VicDeo
VicDeo reviewed Feb 9, 2016
View reviewed changes
app/bootstrap.php
define('CURRENT_DIR', getcwd());
}

session_start();
Copy link
Member

@VicDeo VicDeo Feb 9, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@LukasReschke please leave this in place. I use session to store info between ajax requests. :)

Copy link
Member Author

@LukasReschke LukasReschke Feb 9, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Back it is 😄

@LukasReschke
Copy link
Member Author

LukasReschke commented Feb 9, 2016

PS: The styling sucks. But this is something that we or @jancborchardt can fix later 🙈

@VicDeo
Copy link
Member

VicDeo commented Feb 9, 2016

@LukasReschke as or me I just steal markup and assets from core 🃏

@LukasReschke
Add authentication to updater
f72a52e 
This adds some authentication to the updater using a shared secret in `config.php`. The whole process is cookieless and thus if somebody closes the tab all authentication is gone (which is desired from a security PoV)

To test this define an `updater.secret` in `config.php` and try to access it with a valid or invalid token.

The next step is to add the automagic login from core once this is in. We can do that using the new updatenotification app at owncloud/core#22238.
@LukasReschke
Add symfony/polyfill-php56
1476048
@VicDeo
Copy link
Member

VicDeo commented Feb 9, 2016

@LukasReschke You're magician!
👍

LukasReschke added a commit that referenced this pull request Feb 9, 2016
@LukasReschke
Merge pull request #233 from owncloud/add-auth
2a86efb 
Add authentication to updater
@LukasReschke LukasReschke merged commit 2a86efb into master Feb 9, 2016
@LukasReschke LukasReschke deleted the add-auth branch February 9, 2016 17:26
@LukasReschke LukasReschke mentioned this pull request Feb 9, 2016
Closed
@VicDeo VicDeo mentioned this pull request Jun 13, 2016
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

9.0

Development

Successfully merging this pull request may close these issues.

3 participants

@LukasReschke @VicDeo