Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: show ToS on non-files public pages (calendar/collectives/talk), Files on Nextcloud 31 and Login-flow #1046

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

fix: show ToS on non-files public pages (calendar/collectives/talk), Files on Nextcloud 31 and Login-flow #1046

wants to merge 6 commits into from
+85 −40

Conversation

ShGKme
Copy link

@ShGKme ShGKme commented Feb 5, 2025
edited
Loading

Resolves

ToS checks for public pages by #sharingToken element. It doesn't work:

  • In Nextcloud 31+ (must use initial state via @nextcloud/sharing)
  • For pages, that are public, but not Files, e.g.
    • Calendar
    • Collectives
    • Talk

Instead - check for the current user.

How to test

  1. Enable ToS, add terms of settings
  2. Enable ToS for public pages
  3. Create a calendar
  4. Share calendar by link
  5. Open as a guest

Changed behavior for logged-in users on public pages

image

  • Before:
    • Logged-in users have to accept ToS on public shares (because it is a public share)
  • After:
    • Logged-in users don't have to accept ToS on public shares (because they a logged-in)

Login flow

  • Fix: Accept ToS during login flow v2 #989
  • Because login pages are also "public" pages, they are now manually excluded
  • Except the login flow grant pages
  • As a side effect - it fixes the client

How to test

  1. Enable ToS, add terms of settings
  2. Enable ToS for logged-in users
  3. Try to log in in the Files client (Login Flow v2)
    • Before: login fails and you see login flow again
    • After: you need to accept ToS on the last step
  4. Try to log in in the Talk Desktop (Login Flow v1)
    • Before: login is a success, but you cannot send/see files
    • After: you need to accept ToS on the last step

Screenshots

Before After
image image

@ShGKme
chore(deps): add @nextcloud/auth
05301a8 
Signed-off-by: Grigorii K. Shartsev <[email protected]>
@ShGKme ShGKme self-assigned this Feb 5, 2025
GretaD
GretaD approved these changes Feb 6, 2025
View reviewed changes
Copy link
Collaborator

@GretaD GretaD left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tested and it works as described. I would like Joas to have a saying if the approach is what we want

@ShGKme ShGKme changed the title fix(public): support non-files and Files on Nextcloud 31 fix(public): support non-files public pages (calendar/collectives) and Files on Nextcloud 31 Feb 6, 2025
@ShGKme

This comment was marked as resolved.

Sign in to view
@nextcloud-command nextcloud-command force-pushed the fix/new-public-share-support branch from fc3d7e7 to 6ecb7da Compare February 6, 2025 10:51
@ShGKme

This comment was marked as resolved.

Sign in to view
nickvergessen
nickvergessen reviewed Feb 6, 2025
View reviewed changes
Copy link
Member

@nickvergessen nickvergessen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changed behavior for logged-in users on public pages

✔️ Sounds like a desired change

There is one more change - it also applied to the login page, which might be unexpected

Similarly the registration app should be excluded, as it has a dedicated integration with the app.

src/public.js Outdated Show resolved Hide resolved
@nickvergessen
Copy link
Member

nickvergessen commented Feb 6, 2025
edited
Loading

it also applied to the login page, which might be unexpected

To fix login and registration app, I suggest to check those parts in
https://github.com/nextcloud/terms_of_service/blob/master/lib/AppInfo/Application.php#L89
like /login/ is already checked for logged in users.

Also we need to check what happens with 2FA apps

@ShGKme ShGKme marked this pull request as draft February 6, 2025 15:22
@ShGKme ShGKme force-pushed the fix/new-public-share-support branch from 6ecb7da to 6c770c3 Compare February 7, 2025 16:22
@ShGKme ShGKme changed the title fix(public): support non-files public pages (calendar/collectives) and Files on Nextcloud 31 fix(public): show ToS on non-files public pages (calendar/collectives) and Files on Nextcloud 31 Feb 7, 2025
@ShGKme
Copy link
Author

ShGKme commented Feb 7, 2025

it also applied to the login page, which might be unexpected

Fixed with an exception for login flow grant. It also fixes the issue with the clients.

@ShGKme ShGKme changed the title fix(public): show ToS on non-files public pages (calendar/collectives) and Files on Nextcloud 31 fix: show ToS on non-files public pages (calendar/collectives/talk), Files on Nextcloud 31 and Login-flow Feb 7, 2025
@ShGKme ShGKme marked this pull request as ready for review February 7, 2025 16:33
ShGKme
ShGKme commented Feb 7, 2025
View reviewed changes
lib/AppInfo/Application.php Outdated
Comment on lines 88 to 105
// Skip login-related pages
// TODO: Add a universal way to specify skipped pages instead of hardcoding
$skipPatterns = [
// Login
'#^/login$#',
// Login Flow Grant must have the terms of service
// so that the user can accept them before using the app
// TODO: add a checkbox on the login instead, like on the Registration app
'#^/login/(?!flow/grant|v2/grant)#',
// SAML
'#^/saml$#',
'#^/saml/#',
// user_oidc
'#^/code$#',
'#^/sls$#',
'#^/id4me$#',
'#^/id4me/code$#',
];
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cc @julien-nc for this part

Copy link
Author

@ShGKme ShGKme Feb 7, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added /apps/<appname> prefixes in a fixup

@ShGKme
Copy link
Author

ShGKme commented Feb 7, 2025
edited
Loading

Tested:

  • Login
  • Login + twofactor_totp
  • Login Flow v1 (via Talk Desktop)
  • Login Flow v2 (via Files Android)
  • Login + user_saml
  • Login + user_oidc

ShGKme added 3 commits February 7, 2025 17:55
@ShGKme
fix(public): support non-files and Files on Nextcloud 31
0fd5702 
Signed-off-by: Grigorii K. Shartsev <[email protected]>
Signed-off-by: nextcloud-command <[email protected]>
@ShGKme
fix: hide ToS on login except login flow for clients
048310e 
Signed-off-by: Grigorii K. Shartsev <[email protected]>
@ShGKme
chore(assets): Recompile assets
0ac77b5 
Signed-off-by: Grigorii K. Shartsev <[email protected]>
@ShGKme ShGKme force-pushed the fix/new-public-share-support branch from 6c770c3 to 0ac77b5 Compare February 7, 2025 16:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nickvergessen nickvergessen nickvergessen left review comments

@GretaD GretaD GretaD approved these changes

@julien-nc julien-nc Awaiting requested review from julien-nc

@tobiasKaminsky tobiasKaminsky Awaiting requested review from tobiasKaminsky

Assignees

@ShGKme ShGKme

Labels
3. to review bug
Projects
None yet
Milestone
No milestone
3 participants
@ShGKme @nickvergessen @GretaD