Commit graph

13374 commits

Author SHA1 Message Date
Martin Sucha
3e6422a889
Use newer digest algorithms in TLS error dialog
MD5 has been broken for a long time now and SHA1 has been
deprecated as well. SHA1 is not used when issuing new
publicly trusted certificates since 1 January 2016[1] and
there are more and more effective attacks[2][3] against it,
so display SHA1 fingerprint only for old certificates
to encourage use of safer digests by users.

So, we display SHA-256 and SHA-512 fingerprints instead in
the common case.

[1] https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-1.6.5.pdf
[2] https://shattered.io/static/shattered.pdf
[3] https://eprint.iacr.org/2019/459.pdf

Signed-off-by: Martin Sucha <git@mm.ms47.eu>
2019-09-04 22:06:12 +02:00
Roeland Jago Douma
0cb1f4d14b
Merge pull request #1394 from nextcloud/webflow-client-ssl-ca-chain
Windows: Workaround for CredWriteW used by QtKeychain
2019-09-04 20:04:45 +02:00
Michael Schuster
5ef9600007
Merge branch 'master' into webflow-client-ssl-ca-chain 2019-09-04 12:56:22 +02:00
Nextcloud bot
fcc84b6dc4
[tx-robot] updated from transifex 2019-09-04 03:07:24 +00:00
Nextcloud bot
86f559add4
[tx-robot] updated from transifex 2019-09-03 03:04:22 +00:00
Nextcloud bot
812e688572
[tx-robot] updated from transifex 2019-09-02 03:03:47 +00:00
Nextcloud bot
87bf0d9a7e
[tx-robot] updated from transifex 2019-09-01 03:09:08 +00:00
Nextcloud bot
bb9140d075
[tx-robot] updated from transifex 2019-08-31 03:03:58 +00:00
Michael Schuster
267224b258
Merge branch 'master' into webflow-client-ssl-ca-chain 2019-08-30 05:38:07 +02:00
Michael Schuster
61884d1ada
fix indents, add comment
Signed-off-by: Michael Schuster <michael@schuster.ms>
2019-08-30 05:35:36 +02:00
Nextcloud bot
29ff9f403e
[tx-robot] updated from transifex 2019-08-30 03:06:24 +00:00
Michael Schuster
b52292db92
Windows: Workaround for CredWriteW used by QtKeychain
Saving all client CA's within one credential may result in:
  Error: "Credential size exceeds maximum size of 2560"

Client CA certificates are now being stored in separate slots
within the keychain and are being processed by a queue mechanism.

IMPORTANT TODO:
forgetSensitiveData(): Invoked by "Log out" & "Remove account"

- Remove client CA certs and KEY!
  (uncomment "//deleteKeychainEntries();" )

  Disabled as long as selecting another cert is not supported by the UI.

Signed-off-by: Michael Schuster <michael@schuster.ms>
2019-08-30 04:56:01 +02:00
Nextcloud bot
57d0a17744
[tx-robot] updated from transifex 2019-08-29 03:03:24 +00:00
Roeland Jago Douma
85a2860e86
Merge pull request #1389 from nextcloud/webflow-client-ssl
Adds SSL client cert storage to webflow + Login Flow v2
2019-08-28 07:40:39 +02:00
Nextcloud bot
7fc95c4c52
[tx-robot] updated from transifex 2019-08-28 03:10:20 +00:00
Michael Schuster
2c4336ab2a
Merge branch 'master' into webflow-client-ssl 2019-08-28 00:30:36 +02:00
Roeland Jago Douma
d584bedcb6
Also store the CACertificates of the client side certificate
Else authentication will still fail in setups that have a chain of
certificates supplied.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-27 09:55:41 +02:00
Nextcloud bot
5c34f9e247
[tx-robot] updated from transifex 2019-08-27 03:04:46 +00:00
Michael Schuster
dbde585049
Adds SSL client cert storage to webflow + Login Flow v2
The previous commit 50cd6af394 - Build a webflowcredentials
changed:

src/gui/wizard/flow2authcredspage.cpp in line 135 to use WebFlowCredentials
instead of HttpCredentials.
But the WebFlowCredentials class didn't include code to store and load SSL client
certificates and keys from the keychain.

This commit migrates the useful stuff from the old HttpCredentials class
into WebFlowCredentials.

Successfully tested on Windows. Please test on other systems and verify it's safe! :)

Signed-off-by: Michael Schuster <michael@schuster.ms>
2019-08-27 03:32:21 +02:00
Michael Schuster
18404a128b
Merge pull request #1384 from nextcloud/login-flow-v2
Login flow v2
2019-08-26 21:48:40 +02:00
Roeland Jago Douma
302ca0e04e
Fix some compiler warnings
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-26 20:41:14 +02:00
Roeland Jago Douma
50cd6af394
Build a webflowcredentials
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-26 20:04:23 +02:00
Michael Schuster
fd8345ccbe
Login Flow V2: adds re-auth upon logout, improvements
- Implements re-auth upon logout -> login
- Improves UI and security

TODO:
- SSL: Client certificate login is possible at the first time only but missing after relaunch

Signed-off-by: Michael Schuster <michael@schuster.ms>
2019-08-26 20:03:15 +02:00
Michael Schuster
7add98e9a3
UI: don't let Flow2 and OAuth hide the wizard
Signed-off-by: Michael Schuster <michael@schuster.ms>
2019-08-26 20:03:15 +02:00
Michael Schuster
aa93a04fd6
fix comment typo in httpcredentials.cpp
Signed-off-by: Michael Schuster <michael@schuster.ms>
2019-08-26 20:03:15 +02:00
Michael Schuster
628bab92c4
fix comment typo in webflowcredentials.cpp
Signed-off-by: Michael Schuster <michael@schuster.ms>
2019-08-26 20:03:15 +02:00
Michael Schuster
12f2ea6728
Login Flow V2: remove static test url
Signed-off-by: Michael Schuster <michael@schuster.ms>
2019-08-26 20:03:15 +02:00
Michael Schuster
8fa55b97b4
Login Flow V2: 1st implementation, cleanup
This is the first draft of the Login Flow V2 authorization method.

See: https://docs.nextcloud.com/server/latest/developer_manual/client_apis/LoginFlow/index.html#login-flow-v2

- Adds the Login Fĺow V2 auth method
- Adds ability to reinitiate a new request via UI

TODO:
- Implement re-auth upon logout -> login
- Improve UI
- SSL: Client certificate login is possible at the first time only but missing after relaunch

Signed-off-by: Michael Schuster <michael@schuster.ms>
2019-08-26 20:03:15 +02:00
Michael Schuster
2742411abd
Login Flow V2: 1st test-implementation
Signed-off-by: Michael Schuster <michael@schuster.ms>
2019-08-26 20:03:15 +02:00
Nextcloud bot
9941d49579
[tx-robot] updated from transifex 2019-08-26 03:00:53 +00:00
Nextcloud bot
93f6bb2740
[tx-robot] updated from transifex 2019-08-25 03:03:22 +00:00
Nextcloud bot
95c6dd32e9
[tx-robot] updated from transifex 2019-08-24 03:03:25 +00:00
Nextcloud bot
c5f8b00a6b
[tx-robot] updated from transifex 2019-08-21 03:04:55 +00:00
Nextcloud bot
7135d441e6
[tx-robot] updated from transifex 2019-08-20 03:04:04 +00:00
Roeland Jago Douma
e0a1d78441
Merge pull request #1225 from edent/patch-1
Typo
2019-08-19 15:39:10 +02:00
Nextcloud bot
eb31925a00
[tx-robot] updated from transifex 2019-08-18 03:08:13 +00:00
Nextcloud bot
6f4de8f503
[tx-robot] updated from transifex 2019-08-17 03:06:09 +00:00
Nextcloud bot
db83302546
[tx-robot] updated from transifex 2019-08-16 03:01:55 +00:00
Nextcloud bot
c74db8677b
[tx-robot] updated from transifex 2019-08-15 03:02:27 +00:00
Nextcloud bot
7843660bbf
[tx-robot] updated from transifex 2019-08-14 03:05:59 +00:00
Camila Ayres
037b2338de
Merge pull request #1376 from nextcloud/updates-changelog
Update ChangeLog.
2019-08-12 15:20:23 +02:00
Camila San
cfa6f13620
Updates ChangeLog.
Signed-off-by: Camila San <hello@camila.codes>
2019-08-12 15:13:05 +02:00
Nextcloud bot
00d222891c
[tx-robot] updated from transifex 2019-08-12 03:03:59 +00:00
Nextcloud bot
1ed8c898e9
[tx-robot] updated from transifex 2019-08-11 03:06:12 +00:00
Nextcloud bot
c2f401a77a
[tx-robot] updated from transifex 2019-08-10 03:05:46 +00:00
Camila Ayres
169dea1627
Merge pull request #1372 from ivaradi/remove-libgnome-keyring
Remove dependency on libgnome-keyring0 on Eoan
2019-08-09 11:42:24 +02:00
István Váradi
1883c04a12 Remove dependency on libgnome-keyring0 on Eoan
Signed-off-by: István Váradi <ivaradi@varadiistvan.hu>
2019-08-09 06:47:59 +02:00
Nextcloud bot
ec70ee96f3
[tx-robot] updated from transifex 2019-08-09 03:04:25 +00:00
Nextcloud bot
0337507446
[tx-robot] updated from transifex 2019-08-08 03:04:58 +00:00
Nextcloud bot
890c7d731d
[tx-robot] updated from transifex 2019-08-07 03:03:54 +00:00