should Shared secret be randomly created string like loopback secret?

pondersource / sciencemesh-php

Connect your Nextcloud server to Sciencemesh

MIT License

0 stars 1 forks source link

should Shared secret be randomly created string like loopback secret? #160

Open navid-shokri opened 1 year ago

navid-shokri commented 1 year ago

currently shared secret input is read-only but its value is constant and set to shared-secret -1 so we should make a decision about it there is a dilemma: 1- shared secret value should be an automated randomly generated string? 2- shared secret should be editable and set by the system administrator?

so according to this code, shared secret is randomly generated and it seems it generates once and is not editable.

navid-shokri commented 1 year ago

@michielbdejong @parhamin2010 please let have a meeting about this Issue.

michielbdejong commented 1 year ago

Moving this issue because it's not specific to oc-sciencemesh We talked about that in the standup; this is our conclusion:

loopback secret should be generated on-the-fly if missing, and should not be shown in the admin settings dialog. The server admin has no interest in viewing or changing it.

michielbdejong commented 1 year ago

the shared secret should be editable by the server admin and also prefilled on-the-fly if missing (don't allow it to be empty string or some easy-to-guess default like "shared-secret-1")

Sorry for not thinking this through to this level of detail earlier!

shokri-navid commented 1 year ago

The final result should be as described below: 1- LoopBackSecret should be removed from the page. 2- SharedSecret should be filled with a randomly generated string and editable to enable the user to change the config to desired the value.

parhamin2010 commented 1 year ago

Here's the PR for NC: https://github.com/pondersource/nc-sciencemesh/pull/246