nursoda
commented
1 month ago Actually, I expect twofactor_email to work unchanged (when manually enabled as "untested app") as long as there are no real big breaking changes in nextcloud server and its OCA / OCP frameworks. There are however some security concerns with these frameworks that have been addresses. Thus, a rebuild is necessary. That rebuild rendered several other security issues with development dependencies. I tried to fix them but was not able to. I thought that this is due to older framework components, so I had the app rebased on twofactor_totp as v3. Unfortunately, my dev did not finish the job so far as that I could release it. I tried to fix it myself which obviously wasn't a good idea since I failed after putting several days work in it. I had to do other stuff since then and so, that's the current status. I'm working on it and I got offered both financial support (to hire a dev) and a hand with development. I'll try to do it with the guys a asked beforehand first but will use these resources if we don't succeed. Thanks for such offers, greatly appreciated. Even more, I'd be honored if somebody would like to co-maintain.
But beware that neither Nextcloud nor this app will ever meet the criteria of 'provable security'. This is a formal thing. To do that on a highly asynchronous system as Nextcloud seems not viable to me.
BluePixel4k
twofactor_email (still) works for me in Nextcloud 30 after being enabled manually.
As before, I can:
IMPORTANT
I am NOT claiming that the app provides provable security (which I think is why it is not certified with NC after v28), only that the flow works and allows logins.