Skip to main content
Status Page Contact Us
AARNet Home
Please note: AARNet is planning to decommission CloudStor at the end of 2023 (FileSender will continue as a standalone service). We will be directly notifying users over the coming months. See FAQs for more information.

CloudStor updates - July 2022

  • Updated

File sharing upgrade and expiry

You can now add an expiration date when you share files with users and groups.

You can’t delete files and folders that have been shared with you.

New media viewer

CloudStor now has a Media Viewer app to replace the old Gallery and Video Player apps. The Media Viewer brings a more robust and reliable viewing experience to CloudStor.

Upgrade to authentication and authorisation 

We’re improving security by adding OAuth2 protocol for apps accessing your CloudStor drive. Instead of using a sync password in the CloudStor desktop or mobile app, you will be able to sign in using your home institution’s login credentials.

OAuth2 is a standard protocol for internet authentication and authorisation. It allows an app to use a service’s usual authentication method to log users in, without exposing any of the login details to the app. Instead, the app receives a unique token – like a password that it can use to identify you and the app itself – at regular intervals from the service once you’ve logged in.

OAuth2 has advantages over storing a sync password or app password within an app:

  • The app never sees your login information, so you’re not sharing your credentials as widely. Your login information can’t be harvested from the app, because the app never stores that information.
  • You can revoke access to a specific app on a device, because every single app/device combination receives unique tokens. CloudStor will know exactly which tokens to revoke.
  • Because it integrates with your institution’s authentication service, you can use any usual multi-factor authentication that your institution might have set up. This improves security around your CloudStor account.
  • You only need to remember your institutional login details, not an extra sync password. This also cuts down on time spent requesting a manual reset of a forgotten sync password.

Adding multi-factor authentication support for app logins

OAuth2 protocol supports multi-factor authentication (MFA). This often involves a single-use password sent to your mobile phone or email.

If your home institution uses MFA for your logins, you will now be able to sign in through an app like the CloudStor desktop or mobile app using multi-factor authentication.

How you log in will change

This upgrade will affect how you log in to CloudStor from apps.

If you’re accessing CloudStor using a:

  • Browser only: The way you log in will stay the same.
  • App that supports OAuth2: You’ll log in differently, using your institute login details, instead of a sync password. If you’re currently using an app password with one of these apps, you can continue to do so; but we recommend switching to OAuth2 for better security.
  • App that doesn’t support OAuth2: You’ll log in using an app password instead of a sync password.

Apps that support OAuth2 include:

  • CloudStor desktop app
  • CloudStor mobile app for iOS and Android
  • ownCloud desktop app.

Apps that don’t support OAuth2 include:

  • rclone
  • Rocket
  • Most other WebDAV clients.

You won’t be able to create a sync password

Your existing sync password will continue to work. However, we’re removing the ability to create or reset sync passwords in CloudStor.

If you need to access your CloudStor drive using an app that doesn’t support OAuth2, you can:

  • Set an app password instead.
  • Continue to use an existing sync password.

Old settings page:
old-settings-page.png

New settings page:
new-settings-page.png

Note: username, name, email and groups hidden from screenshots above

You’ll need to log back in after outages and reboots

Once you’ve logged in to CloudStor using OAuth2 protocol, the app will automatically keep you logged in behind the scenes by regularly requesting a new token from CloudStor.

Whenever your local app or the CloudStor server needs to restart, though, you’ll need to log in afterwards. You might also need to re-authorise the app that you’re using. If your app is running when you’re logged out, click Reopen browser to log in.

What you need to do now

If you’re using a sync password and an app to access your CloudStor drive, log out in the app, then log back in.

  1. Open the app and log out.
    log-out-cloudstor.png
  2. Log in.
    log-in-cloudstor.png
    The app will open a browser window to sign you in using the normal CloudStor login page.
  3. Enter your institutional login details.
    Once you’ve signed in, CloudStor will ask you if you want to authorise the app to access your drive.
  4. Click Authorise.
    authentication-successful.pngThe app will show that you’re logged in.
    log-out-cloudstor.png

What else has changed in CloudStor?

  • Addressed security vulnerabilities: CVE-2021-41182, CVE-2021-41183, CVE-2021-41184 for jQuery-ui
  • Addressed security vulnerabilities: CVE-2016-7103, CVE-2019-11358 for jQuery
  • Fixed image orientation in file preview
  • Web interface supports empty folder upload
  • Web interface will trim spaces while creating, uploading or renaming files and folders 
  • MOVE is faster on db
  • OpenIDConnect app fix
  • Updated sabre/dav to resolve an issue with moving files into a folder named with only a number
  • Improved file cleanup when a user cancels an upload for a public link
  • Optimise memory usage in Expire Trashbin Background job

Related articles