Skip to content

Add user:keys:verify command#43646

Merged
nickvergessen merged 1 commit intomasterfrom
feat/noid/occ-keys-test-command
Feb 28, 2024
Merged

Add user:keys:verify command#43646
nickvergessen merged 1 commit intomasterfrom
feat/noid/occ-keys-test-command

Conversation

@SystemKeeper
Copy link
Copy Markdown
Contributor

@SystemKeeper SystemKeeper commented Feb 18, 2024
edited
Loading

Summary

This occ command checks if the stored public key belongs to the stored private key. In case of a mismatch, some nextcloud functionality is broken (e.g. push proxy registration fails). While this should not happen, it is hard to debug when we end up in such a situation. The command is for verification only, in a next step we could add a second command to update the stored public key.

Checklist

@skjnldsv skjnldsv added the 2. developing Work in progress label Feb 21, 2024
@SystemKeeper SystemKeeper force-pushed the feat/noid/occ-keys-test-command branch 3 times, most recently from d0322ff to 1aa71d4 Compare February 24, 2024 17:11
@nextcloud nextcloud deleted a comment from github-actions Bot Feb 24, 2024
@SystemKeeper SystemKeeper mentioned this pull request Feb 24, 2024
Merged
@SystemKeeper SystemKeeper marked this pull request as ready for review February 24, 2024 17:14
@SystemKeeper SystemKeeper self-assigned this Feb 24, 2024
@SystemKeeper SystemKeeper added 3. to review Waiting for reviews and removed 2. developing Work in progress labels Feb 24, 2024
@SystemKeeper SystemKeeper requested review from a team, ArtificialOwl, come-nc, nickvergessen and sorbaugh and removed request for a team February 24, 2024 17:14
@SystemKeeper
Copy link
Copy Markdown
Contributor Author

SystemKeeper commented Feb 24, 2024

Doc add at nextcloud/documentation#11580

@SystemKeeper
Copy link
Copy Markdown
Contributor Author

SystemKeeper commented Feb 24, 2024
edited
Loading

I saw that on a production instance for a single user. Is it possible that two requests end up generating a new keypair and one wins to store the private key and one the public key? Otherwise I am not really sure how to end up in that situation. The instance in question uses S3 to store data, in case that makes a difference.

Ref

server/lib/private/Security/IdentityProof/Manager.php

Lines 99 to 103 in 1d8d43f

$folder = $this->appData->getFolder($id);
$folder->newFile('private')
->putContent($this->crypto->encrypt($privateKey));
$folder->newFile('public')
->putContent($publicKey);

Ref

@SystemKeeper SystemKeeper mentioned this pull request Feb 25, 2024
Closed
come-nc
come-nc reviewed Feb 26, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@come-nc come-nc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good apart from nitpick

Comment thread core/Command/User/Keys/Test.php Outdated
Comment thread core/Command/User/Keys/Test.php Outdated
Comment thread core/Command/User/Keys/Test.php Outdated
Comment thread core/Command/User/Keys/Test.php Outdated
@SystemKeeper SystemKeeper force-pushed the feat/noid/occ-keys-test-command branch 2 times, most recently from 92e56a1 to ccf1331 Compare February 27, 2024 11:30
@SystemKeeper
Copy link
Copy Markdown
Contributor Author

SystemKeeper commented Feb 27, 2024
edited
Loading

Good apart from nitpick

Thanks! Changed as suggested and updated the documentation.

@SystemKeeper SystemKeeper requested a review from come-nc February 27, 2024 11:33
@SystemKeeper SystemKeeper force-pushed the feat/noid/occ-keys-test-command branch from ccf1331 to a429e5a Compare February 27, 2024 11:35
come-nc
come-nc reviewed Feb 27, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@come-nc come-nc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn’t that be part of the encryption application actually?

@SystemKeeper
Copy link
Copy Markdown
Contributor Author

SystemKeeper commented Feb 27, 2024
edited
Loading

Since the keypair is handled in server (https://github.com/nextcloud/server/blob/master/lib/private/Security/IdentityProof/Manager.php) and is also used outside of encryption (e.g. for push at https://github.com/nextcloud/notifications/blob/8c752c19903c7db7e7ea766289258cc9f9df2130/lib/Push.php#L320), I don't think so?

nickvergessen
nickvergessen reviewed Feb 27, 2024
View reviewed changes
Comment thread core/Command/User/Keys/Test.php Outdated
@SystemKeeper SystemKeeper force-pushed the feat/noid/occ-keys-test-command branch from a429e5a to 5fd899e Compare February 27, 2024 21:41
@SystemKeeper
feat(occ): Add user:keys:test command
e23e89f 
Signed-off-by: Marcel Müller <marcel-mueller@gmx.de>
@SystemKeeper SystemKeeper force-pushed the feat/noid/occ-keys-test-command branch from 5fd899e to e23e89f Compare February 27, 2024 21:43
@SystemKeeper SystemKeeper changed the title Add user:keys:test command Add user:keys:verify command Feb 27, 2024
@nickvergessen nickvergessen merged commit 6f95feb into master Feb 28, 2024
@nickvergessen nickvergessen deleted the feat/noid/occ-keys-test-command branch February 28, 2024 08:20
@blizzz blizzz mentioned this pull request Mar 5, 2024
Merged
@SystemKeeper SystemKeeper mentioned this pull request Feb 9, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nickvergessen nickvergessen nickvergessen approved these changes

@come-nc come-nc come-nc approved these changes

@ArtificialOwl ArtificialOwl Awaiting requested review from ArtificialOwl ArtificialOwl is a code owner automatically assigned from nextcloud/server-backend

@sorbaugh sorbaugh Awaiting requested review from sorbaugh sorbaugh is a code owner automatically assigned from nextcloud/server-backend

Assignees

@SystemKeeper SystemKeeper

Labels

3. to review Waiting for reviews

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@SystemKeeper @nickvergessen @come-nc @skjnldsv