Server: Push notification on successful login
Is your feature request related to a problem? Please describe.
It would be great to receive a notification when a new device accesses my nextcloud account. That would be a good extra layer of security.
Describe the solution you'd like
A simple notification of the nextcloud app with the ability to open the account settings (/settings/user/security) directly in the browser.
Example from Google:
robingenz
All 13 comments
Nice idea, but this should be in server repo, as this first has to be done there.
tobiasKaminsky
on 8 Jul 2019
@nextcloud/server-triage I do like the idea as it gives an additional layer of trust.
Clients do not have to do anything, I assume, as we can already have a link (like proposed).
tobiasKaminsky
on 8 Jul 2019
yeah I like it as well (there is a similar ticket by me already somewhere).
Long story short i do not think 17 but let me assign myself so I do not forget.
rullzer
on 8 Jul 2019
@rullzer please update the labels accordingly if accepted ;)
skjnldsv
on 8 Jul 2019
Well, this is pretty much what suspicious login does?
georgehrke
on 8 Jul 2019
And if you want to be informed about __every__ login, not only suspicious ones, you can use the Push-Notification Two Factor Backend, which has the additional benefit, that you have to approve logins first.
georgehrke
on 8 Jul 2019
@georgehrke there is a difference:
- suspicious login: warns if strange/random ip logs into account (with existing app token or via browser)
- new system: inform that you created a new app token / an unknown browser logged in for the very first time
tobiasKaminsky
on 8 Jul 2019
I commented this somewhere else already. It's a bit unfortunate in our current system.
The new session/app token can as a first step remove all notifications... aaaaand the feature is lost. So this would need some hardcoded changes to prevent this specific case.
nickvergessen
on 8 Jul 2019
Why is this possible at all? Is there really a use case for this?
serverNoooob
tobiasKaminsky
on 9 Jul 2019
Why an app token can delete notifications?
So you can have a "Mark all notifications read" button in the android app and they don't pop up on another device afterwards again.
nickvergessen
on 9 Jul 2019
The need of the function is clear to me, but I understand it as if all notifications are always removed after adding a new app token…?
tobiasKaminsky
on 9 Jul 2019
The need of the function is clear to me, but I understand it as if all notifications are always removed after adding a new app token…?
no - but that's the attack vector one wants to protect against. I want to know when a new token is added, but if this new token deletes the push notification in time so that it doesn't show up anymore the protection you want to have is not there anymore. 😉
MorrisJobke
on 9 Jul 2019
Noooooooooooooooow I got it.
Thanks for explaining it again :-)
tobiasKaminsky
on 9 Jul 2019
Related issues
dl5rcw
·
3Comments
brylie
·
3Comments
blackcrack
·
3Comments
Django-BOfH
·
3Comments
mfechner
·
3Comments
Most helpful comment
yeah I like it as well (there is a similar ticket by me already somewhere).
Long story short i do not think 17 but let me assign myself so I do not forget.