-
Notifications
You must be signed in to change notification settings - Fork 123
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[feature/password-policy] Password Policy support #1325
Conversation
- ShareViewController: add "generate" button to the password field that uses the password policy's generator to generate a password - BottomButtonBar: add new alternative button to allow for an alternative main action; fix layout bug
- PasswordComposerViewController: - new view controller to compose passwords - interactive feedback based on OCPasswordPolicy - integration with password generator based on OCPasswordPolicy - ability to copy passwords to clipboard - ability to show/hide entered passwords - support for editing and creation of password strings - ShareViewController: - replace UIAlert with PasswordComposerViewController for entering passwords - add Generate button to generate a password based on the currently applicable password policy - add new "Share" button for links (in addition to "Create") that invoke the share sheet to directly share a link (including password) to the clipboard or directly to other apps like Mail or Messages - add missing localizations - BottomButtonBar: include alternativeButton in .modalActionRunning auto-enable/disable - SegmentViewItem / SegmentViewItemView: - add extension to easily create button segments - add support for UIImage rendering modes for .icon - ThemeCollection: add CSS entry for proper PasswordComposerViewController cell background coloring in dark mode
…ut from previous commit)
|
Some preliminary inputs meanwhile the Code Review finishes:
Those conditions will be always green, they are no real requirements.
|
- PasswordComposerViewController: add notification upon copying password to clipboard
Thanks for the feedback @jesmrec!
I added a message with 98de65c.
Good point. The code generating the policy from capabilities now no longer includes rules with a zero length requirement.
My choice of wording here was off by 1. It should be
For OC10 or if no policy is provided, a default policy is used: |
@felix-schwarz this is how password policy works in oC10: Open an admin account (list of files) > Top Left hamburger button > Market Look for Then, in oC10's admin dashboard, you'll find the setup for the password policy. Tick the conditions to fulfill and click on capabilities endpoint will return the following JSON object:
as you can see, nothing to do with oCIS response. It may not worth to implement support for this if oC10 is not going to be supportable in the st, but this is up to you. |
532b761
to
221fa07
Compare
Let's QA here... |
(1) [FIXED]A little UX improvement:
Indeed, this is the current behaviour for permission selection iPhoneXR v17.4.1 |
(2) [FIXED]In a non-oCIS server, the video taken with RPReplay_Final1711454487.MP4Should be either actioned or removed. iPhoneXR v17.4.1 |
(3) [FIXED]Look at the following steps:
Current: At this point, there is no way to recover the automatically generated password, because the edit mode lacks of
Expected: After generation of new password, there should be a way to get it to be shared. Options that come to my mind:
iPhoneXR v17.4.1 |
(4) [WONT FIX]Just a tiny detail about wording: The
I'd call the button iPhoneXR v17.4.1 |
- ios-sdk: - add basic support for OC10 password policies - fix password generator error due to "empty" password policies derived from capabilities (finding 2) - ShareViewController: - support for the requirement to set a password by disabling buttons and adding a warning triangle if no password is set (finding 1) - support for expiration date constraints: - support for the requirement by disabling buttons and adding a warning triangle if no date is set - add support for maximum date - add support for pre-setting an expiration date - add a "Copy" button next to the password if the password is known (finding 3) - clean up button creation code, avoiding duplication
@jesmrec Thanks for spotting all of this. Let me go through (1) - (4) in chronological order: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@felix-schwarz CR looks good to me, the only thing I would consider is to change At most / Less than xx bytes
.
Would be better to give the user a feedback who many characters are needed instead of bytes.
@hosy Thanks for the feedback. I fully agree that characters would be more intuitive here, yet the criteria from ocis really is about byte count which can vary per character depending on what character is entered. From the docs:
|
…ring.public.password.enforced in capabilities is false, but the respectively matching files_sharing.public.password.enforced_for is true
@jesmrec The issue here was that capabilities indicated Other than ocis, OC10 reports I've changed the implementation to enforce a password if the selected permissions match a respective Please run another test to verify you now get the same results. |
Tested for the following cases:
|
That means that you only mind the In my test server (oCIS 5.0.0), i'm getting:
with such setup, the viewer, uploaded, contributor and editor roles are password-enforced but the invited persons (this one requires login, so there is an existing security layer). Is that expected then? so |
@jesmrec If For So far as I understand it then, the server picks values for
Hope that clarifies it. |
Ok, that covers all the cases i tested in advance. We can move forward this one Approved |
* - SDK update - ShareViewController: add "generate" button to the password field that uses the password policy's generator to generate a password - BottomButtonBar: add new alternative button to allow for an alternative main action; fix layout bug * - SDK update: latest password policy progress and bug fixes - PasswordComposerViewController: - new view controller to compose passwords - interactive feedback based on OCPasswordPolicy - integration with password generator based on OCPasswordPolicy - ability to copy passwords to clipboard - ability to show/hide entered passwords - support for editing and creation of password strings - ShareViewController: - replace UIAlert with PasswordComposerViewController for entering passwords - add Generate button to generate a password based on the currently applicable password policy - add new "Share" button for links (in addition to "Create") that invoke the share sheet to directly share a link (including password) to the clipboard or directly to other apps like Mail or Messages - add missing localizations - BottomButtonBar: include alternativeButton in .modalActionRunning auto-enable/disable - SegmentViewItem / SegmentViewItemView: - add extension to easily create button segments - add support for UIImage rendering modes for .icon - ThemeCollection: add CSS entry for proper PasswordComposerViewController cell background coloring in dark mode * - add line to copy the password to the clipboard (accidentally left out from previous commit) * - update SDK to address findings - PasswordComposerViewController: add notification upon copying password to clipboard * Address findings (1) (2) (3) in #1325: - ios-sdk: - add basic support for OC10 password policies - fix password generator error due to "empty" password policies derived from capabilities (finding 2) - ShareViewController: - support for the requirement to set a password by disabling buttons and adding a warning triangle if no password is set (finding 1) - support for expiration date constraints: - support for the requirement by disabling buttons and adding a warning triangle if no date is set - add support for maximum date - add support for pre-setting an expiration date - add a "Copy" button next to the password if the password is known (finding 3) - clean up button creation code, avoiding duplication * - ShareViewController: enforce password requirement even if files_sharing.public.password.enforced in capabilities is false, but the respectively matching files_sharing.public.password.enforced_for is true --------- Co-authored-by: felix-schwarz <[email protected]>
Description
This PR implements password policy support throughout the iOS client app, including:
Related Issue
#973
Screenshots (if appropriate):
Types of changes
QA
Test Plan:
https://github.com/owncloud/QA/blob/master/Mobile/iOS/Executions/Version%2012.2/Password%20Policy.md
Reports: