Open JanH77 opened 3 years ago
I agree @JanH77 . The personal email could be used to receive the token instead of the company email. I hope it is easy to implement and @rullzer it helps us. Thanks in advance
The now integrated possibility to set multiple notification addresses is independent of this issue, right?
Since there now may be several notification email addresses, the question is what the best solution is. I see two options:
Thoughts? @blizzz @juliushaertl
I like both options. I think the first option much easier on the end users side since now we can add multiple emails under a user account. But the question i have is would that mean you'll get two emails at the same time? when logging in and requesting for a 2FA email verification; one would go to Primary email and one to secondary email?
Im trying to picture the process from step one too successfully logging in.
I agree with @nursoda , from user perspective option one will be the better more logical choice.
However, I could think about following solution (if this is possible):
Complexity arises from edge cases: What shall happen if the user sets everything as aforementioned and then e.g. deletes the previously (in twofactor_email) "selected" address?
I only had one email under my account my work email and I also added my personal email as soon as I changed my primary email from work to personal the 2FA Email changed automatically. Now that I'm on my personal as primary, I deleted the personal but the email still remained under 2FA email but then as I made my work email again primary it changed under 2FA Email.
let the user select by dropdown which of the email addresses configured in /settings/user to be used
Yes, I also like that and consider it a good solution in terms of UI and UX. But it would require to catch a lot of corner cases in code that I have no influence in (and at least now don't want to write PRs for). If we'd go for that, at some considerations would have to be made. That is why I tend not to implement that. Here are my thoughts:
If one would implement this, one would need to decide
And one would need to find out / know
Given all that, and until (UI/UX) veto from Nextcloud staff side, I tend to implement the much simpler way: Keep all config necessary within code and config/DB of the Two-Factor Email app. That way no modification by the server team is needed. My idea is to implement this (any help appreciated):
In both cases we need to know / decide
In my use case, we wanted to force users to keep the same original email address that they were assigned at account creation in case they were terminated from their employer and therefore had no need to access our data. I wrote a little php script that sets users email addresses back to the original if users try to change them. It does require that admins use the full email address as the username. My script also forces all users enabled with 2FA-email. https://github.com/nextcloud/server/issues/34938
Using the 2-factor email provider, I can see following security problem: If the email account is compromised, an attacker would be able to request a password reset for the nextcloud account and with the same email address he can request the 2FA token. This would give the attacker easy access to the cloud system.
Can you add a feature that a different email address (than the standard address connected to the account), can be used for 2-factor email provider?