Is there a way to disallow webdav access for users that have 2fa enabled on their account?
I couldn’t find any configuration to allow this kind of behaviour so I’d better code it myself.
I know I need to check for the existence of 2FA devices on
SeafileDomainController.authDomainUser for the specified user, I don’t know however how to aproach it, since
CcnetThreadedRpcClient has no methods that would allow the server to check that.
Maybe Web API can you help
I would like to ask when webdav access via normal password is disabled if 2FA is used.
@daniel.pan Back in October 2019 you announced this would come with 7.1.
My server runs with Seafile Pro 7.1.7. Even if I set ENABLE_WEBDAV_SECRET = True
I am able to login with normal user credentials.
This feature seems to be not implemented yet?
This feature is not implemented yet as very few people need this.
I don’t understand your argument here.
Obviously there was some demand over the last two years.
Furthermore the basic structures for a seperate password are already implemented for sso users.
Alternatively you can just disable webdav for users who enabled 2fa, as you announced.
For me it comes with some bitter taste if a feature is announced with concrete release information but then doesn’t got implemented.
Thanks for your feedback. We will add this feature definitely in version 8.0.