Merge pull request #49547 from nextcloud/backport/49493/stable30

[stable30] feat: Use inline password confirmation in external storage settings

apps/files_external/lib/Controller/AjaxController.php

@@ -83,7 +83,7 @@ class AjaxController extends Controller {
 	 * @return bool
 	 */
 	#[NoAdminRequired]
-	#[PasswordConfirmationRequired]
+	#[PasswordConfirmationRequired(strict: true)]
 	public function saveGlobalCredentials($uid, $user, $password) {
 		$currentUser = $this->userSession->getUser();
 		if ($currentUser === null) {

apps/files_external/lib/Controller/GlobalStoragesController.php

@@ -70,7 +70,7 @@ class GlobalStoragesController extends StoragesController {
 	 *
 	 * @return DataResponse
 	 */
-	#[PasswordConfirmationRequired]
+	#[PasswordConfirmationRequired(strict: true)]
 	public function create(
 		$mountPoint,
 		$backend,
@@ -136,7 +136,7 @@ class GlobalStoragesController extends StoragesController {
 	 *
 	 * @return DataResponse
 	 */
-	#[PasswordConfirmationRequired]
+	#[PasswordConfirmationRequired(strict: true)]
 	public function update(
 		$id,
 		$mountPoint,

apps/files_external/lib/Controller/StoragesController.php

@@ -301,7 +301,7 @@ abstract class StoragesController extends Controller {
 	 *
 	 * @return DataResponse
 	 */
-	#[PasswordConfirmationRequired]
+	#[PasswordConfirmationRequired(strict: true)]
 	public function destroy(int $id) {
 		try {
 			$this->service->removeStorage($id);

apps/files_external/lib/Controller/UserGlobalStoragesController.php

@@ -137,7 +137,7 @@ class UserGlobalStoragesController extends StoragesController {
 	 * @return DataResponse
 	 */
 	#[NoAdminRequired]
-	#[PasswordConfirmationRequired]
+	#[PasswordConfirmationRequired(strict: true)]
 	public function update(
 		$id,
 		$backendOptions,

apps/files_external/lib/Controller/UserStoragesController.php

@@ -100,7 +100,7 @@ class UserStoragesController extends StoragesController {
 	 * @return DataResponse
 	 */
 	#[NoAdminRequired]
-	#[PasswordConfirmationRequired]
+	#[PasswordConfirmationRequired(strict: true)]
 	public function create(
 		$mountPoint,
 		$backend,
@@ -156,7 +156,7 @@ class UserStoragesController extends StoragesController {
 	 * @return DataResponse
 	 */
 	#[NoAdminRequired]
-	#[PasswordConfirmationRequired]
+	#[PasswordConfirmationRequired(strict: true)]
 	public function update(
 		$id,
 		$mountPoint,
@@ -208,7 +208,7 @@ class UserStoragesController extends StoragesController {
 	 * {@inheritdoc}
 	 */
 	#[NoAdminRequired]
-	#[PasswordConfirmationRequired]
+	#[PasswordConfirmationRequired(strict: true)]
 	public function destroy(int $id) {
 		return parent::destroy($id);
 	}

apps/files_external/templates/settings.php

@@ -22,10 +22,8 @@ $l->t("Never");
 $l->t("Once every direct access");
 $l->t('Read only');
 
-script('files_external', [
-	'settings',
-	'templates'
-]);
+\OCP\Util::addScript('files_external', 'settings');
+\OCP\Util::addScript('files_external', 'templates');
 style('files_external', 'settings');
 
 // load custom JS

build/integration/features/bootstrap/ExternalStorage.php

@@ -48,7 +48,7 @@ trait ExternalStorage {
 	 * @param TableNode $fields
 	 */
 	public function loggedInUserCreatesExternalGlobalStorage(TableNode $fields): void {
-		$this->sendJsonWithRequestToken('POST', '/index.php/apps/files_external/globalstorages', $fields);
+		$this->sendJsonWithRequestTokenAndBasicAuth('POST', '/index.php/apps/files_external/globalstorages', $fields);
 		$this->theHTTPStatusCodeShouldBe('201');
 
 		$this->lastExternalStorageData = json_decode($this->response->getBody(), $asAssociativeArray = true);
@@ -62,7 +62,7 @@ trait ExternalStorage {
 	 * @param TableNode $fields
 	 */
 	public function loggedInUserUpdatesLastExternalUserglobalStorage(TableNode $fields): void {
-		$this->sendJsonWithRequestToken('PUT', '/index.php/apps/files_external/userglobalstorages/' . $this->lastExternalStorageData['id'], $fields);
+		$this->sendJsonWithRequestTokenAndBasicAuth('PUT', '/index.php/apps/files_external/userglobalstorages/' . $this->lastExternalStorageData['id'], $fields);
 		$this->theHTTPStatusCodeShouldBe('200');
 
 		$this->lastExternalStorageData = json_decode($this->response->getBody(), $asAssociativeArray = true);
@@ -100,4 +100,23 @@ trait ExternalStorage {
 		];
 		$this->sendingAToWithRequesttoken($method, $url, $body);
 	}
+
+	private function sendJsonWithRequestTokenAndBasicAuth(string $method, string $url, TableNode $fields): void {
+		$isFirstField = true;
+		$fieldsAsJsonString = '{';
+		foreach ($fields->getRowsHash() as $key => $value) {
+			$fieldsAsJsonString .= ($isFirstField ? '' : ',') . '"' . $key . '":' . $value;
+			$isFirstField = false;
+		}
+		$fieldsAsJsonString .= '}';
+
+		$body = [
+			'headers' => [
+				'Content-Type' => 'application/json',
+				'Authorization' => 'Basic ' . base64_encode('admin:admin'),
+			],
+			'body' => $fieldsAsJsonString,
+		];
+		$this->sendingAToWithRequesttoken($method, $url, $body);
+	}
 }

build/integration/files_features/external-storage.feature

@@ -17,14 +17,14 @@ Feature: external-storage
     And As an "user1"
     And accepting last share
     When creating a share with
-      | path | foo |
-      | shareType | 3 |
+      | path      | foo |
+      | shareType | 3   |
     Then the OCS status code should be "100"
     And the HTTP status code should be "200"
     And Share fields of last share match with
-      | id | A_NUMBER |
-      | url | AN_URL |
-      | token | A_TOKEN |
+      | id       | A_NUMBER             |
+      | url      | AN_URL               |
+      | token    | A_TOKEN              |
       | mimetype | httpd/unix-directory |
 
   Scenario: Shares don't overwrite external storage
@@ -69,9 +69,9 @@ Feature: external-storage
   Scenario: Save an external storage with password provided by user
     Given Logging in using web as "admin"
     And logged in user creates external global storage
-      | mountPoint     | "ExternalStorageTest" |
-      | backend        | "owncloud" |
-      | authMechanism  | "password::userprovided" |
+      | mountPoint     | "ExternalStorageTest"                           |
+      | backend        | "owncloud"                                      |
+      | authMechanism  | "password::userprovided"                        |
       | backendOptions | {"host":"http://localhost:8080","secure":false} |
     And fields of last external storage match with
       | status | 2 |
@@ -83,9 +83,9 @@ Feature: external-storage
   Scenario: Save an external storage again with an unmodified password provided by user
     Given Logging in using web as "admin"
     And logged in user creates external global storage
-      | mountPoint     | "ExternalStorageTest" |
-      | backend        | "owncloud" |
-      | authMechanism  | "password::userprovided" |
+      | mountPoint     | "ExternalStorageTest"                           |
+      | backend        | "owncloud"                                      |
+      | authMechanism  | "password::userprovided"                        |
       | backendOptions | {"host":"http://localhost:8080","secure":false} |
     And fields of last external storage match with
       | status | 2 |
@@ -99,9 +99,9 @@ Feature: external-storage
   Scenario: Save an external storage with global credentials provided by user
     Given Logging in using web as "admin"
     And logged in user creates external global storage
-      | mountPoint     | "ExternalStorageTest" |
-      | backend        | "owncloud" |
-      | authMechanism  | "password::global::user" |
+      | mountPoint     | "ExternalStorageTest"                           |
+      | backend        | "owncloud"                                      |
+      | authMechanism  | "password::global::user"                        |
       | backendOptions | {"host":"http://localhost:8080","secure":false} |
     And fields of last external storage match with
       | status | 2 |
@@ -113,9 +113,9 @@ Feature: external-storage
   Scenario: Save an external storage again with unmodified global credentials provided by user
     Given Logging in using web as "admin"
     And logged in user creates external global storage
-      | mountPoint     | "ExternalStorageTest" |
-      | backend        | "owncloud" |
-      | authMechanism  | "password::global::user" |
+      | mountPoint     | "ExternalStorageTest"                           |
+      | backend        | "owncloud"                                      |
+      | authMechanism  | "password::global::user"                        |
       | backendOptions | {"host":"http://localhost:8080","secure":false} |
     And fields of last external storage match with
       | status | 2 |

dist/8737-8737.js.license

@@ -34,7 +34,6 @@ SPDX-FileCopyrightText: Austin Andrews
 SPDX-FileCopyrightText: Anthony Fu <https://github.com/antfu>
 SPDX-FileCopyrightText: Anthony Fu <anthonyfu117@hotmail.com>
 SPDX-FileCopyrightText: Andris Reinman
-SPDX-FileCopyrightText: @nextcloud/password-confirmation developers
 SPDX-FileCopyrightText: @nextcloud/dialogs developers
 
 
@@ -70,7 +69,7 @@ This file is generated from multiple sources. Included packages:
 	- version: 3.0.2
 	- license: GPL-3.0-or-later
 - @nextcloud/password-confirmation
-	- version: 5.1.1
+	- version: 5.3.0
 	- license: MIT
 - @nextcloud/router
 	- version: 3.0.1

dist/core-common.js.license

@@ -93,7 +93,6 @@ SPDX-FileCopyrightText: Andrea Giammarchi
 SPDX-FileCopyrightText: Amit Gupta (https://solothought.com)
 SPDX-FileCopyrightText: Amit Gupta (https://amitkumargupta.work/)
 SPDX-FileCopyrightText: Alkemics
-SPDX-FileCopyrightText: @nextcloud/password-confirmation developers
 SPDX-FileCopyrightText: @nextcloud/dialogs developers
 
 
@@ -162,7 +161,7 @@ This file is generated from multiple sources. Included packages:
 	- version: 1.3.1
 	- license: GPL-3.0-or-later
 - @nextcloud/password-confirmation
-	- version: 5.1.1
+	- version: 5.3.0
 	- license: MIT
 - @nextcloud/paths
 	- version: 2.2.1

dist/core-login.js.license

@@ -43,7 +43,6 @@ SPDX-FileCopyrightText: Austin Andrews
 SPDX-FileCopyrightText: Anthony Fu <https://github.com/antfu>
 SPDX-FileCopyrightText: Andris Reinman
 SPDX-FileCopyrightText: Alkemics
-SPDX-FileCopyrightText: @nextcloud/password-confirmation developers
 SPDX-FileCopyrightText: @nextcloud/dialogs developers
 
 
@@ -85,7 +84,7 @@ This file is generated from multiple sources. Included packages:
 	- version: 3.0.2
 	- license: GPL-3.0-or-later
 - @nextcloud/password-confirmation
-	- version: 5.1.1
+	- version: 5.3.0
 	- license: MIT
 - @nextcloud/paths
 	- version: 2.2.1

dist/core-main.js.license

@@ -58,7 +58,6 @@ SPDX-FileCopyrightText: Anthony Fu <https://github.com/antfu>
 SPDX-FileCopyrightText: Anthony Fu <anthonyfu117@hotmail.com>
 SPDX-FileCopyrightText: Andris Reinman
 SPDX-FileCopyrightText: Alkemics
-SPDX-FileCopyrightText: @nextcloud/password-confirmation developers
 SPDX-FileCopyrightText: @nextcloud/dialogs developers
 
 
@@ -100,7 +99,7 @@ This file is generated from multiple sources. Included packages:
 	- version: 3.0.2
 	- license: GPL-3.0-or-later
 - @nextcloud/password-confirmation
-	- version: 5.1.1
+	- version: 5.3.0
 	- license: MIT
 - @nextcloud/paths
 	- version: 2.2.1

dist/federatedfilesharing-vue-settings-admin.js.license

@@ -29,7 +29,6 @@ SPDX-FileCopyrightText: David Clark
 SPDX-FileCopyrightText: Christoph Wurst
 SPDX-FileCopyrightText: Anthony Fu <https://github.com/antfu>
 SPDX-FileCopyrightText: Andris Reinman
-SPDX-FileCopyrightText: @nextcloud/password-confirmation developers
 SPDX-FileCopyrightText: @nextcloud/dialogs developers
 
 
@@ -62,7 +61,7 @@ This file is generated from multiple sources. Included packages:
 	- version: 3.0.2
 	- license: GPL-3.0-or-later
 - @nextcloud/password-confirmation
-	- version: 5.1.1
+	- version: 5.3.0
 	- license: MIT
 - @nextcloud/router
 	- version: 3.0.1

dist/files_external-settings.js.license

@@ -0,0 +1,237 @@
+SPDX-License-Identifier: MIT
+SPDX-License-Identifier: ISC
+SPDX-License-Identifier: GPL-3.0-or-later
+SPDX-License-Identifier: BSD-3-Clause
+SPDX-License-Identifier: AGPL-3.0-or-later
+SPDX-License-Identifier: (MPL-2.0 OR Apache-2.0)
+SPDX-FileCopyrightText: inherits developers
+SPDX-FileCopyrightText: escape-html developers
+SPDX-FileCopyrightText: debounce developers
+SPDX-FileCopyrightText: assert developers
+SPDX-FileCopyrightText: Varun A P
+SPDX-FileCopyrightText: Tobias Koppers @sokra
+SPDX-FileCopyrightText: T. Jameson Little <t.jameson.little@gmail.com>
+SPDX-FileCopyrightText: Roman Shtylman <shtylman@gmail.com>
+SPDX-FileCopyrightText: Raynos <raynos2@gmail.com>
+SPDX-FileCopyrightText: OpenJS Foundation and other contributors
+SPDX-FileCopyrightText: Nextcloud GmbH and Nextcloud contributors
+SPDX-FileCopyrightText: Matt Zabriskie
+SPDX-FileCopyrightText: Joyent
+SPDX-FileCopyrightText: Jordan Harband <ljharb@gmail.com>
+SPDX-FileCopyrightText: Jordan Harband
+SPDX-FileCopyrightText: John-David Dalton <john.david.dalton@gmail.com> (http://allyoucanleet.com/)
+SPDX-FileCopyrightText: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
+SPDX-FileCopyrightText: Guillaume Chau <guillaume.b.chau@gmail.com>
+SPDX-FileCopyrightText: GitHub Inc.
+SPDX-FileCopyrightText: Feross Aboukhadijeh
+SPDX-FileCopyrightText: Evan You
+SPDX-FileCopyrightText: Dr.-Ing. Mario Heiderich, Cure53 <mario@cure53.de> (https://cure53.de/)
+SPDX-FileCopyrightText: David Clark
+SPDX-FileCopyrightText: Christoph Wurst
+SPDX-FileCopyrightText: Anthony Fu <https://github.com/antfu>
+SPDX-FileCopyrightText: Andris Reinman
+SPDX-FileCopyrightText: @nextcloud/dialogs developers
+
+
+This file is generated from multiple sources. Included packages:
+- @nextcloud/auth
+	- version: 2.4.0
+	- license: GPL-3.0-or-later
+- @nextcloud/axios
+	- version: 2.5.1
+	- license: GPL-3.0-or-later
+- @nextcloud/browser-storage
+	- version: 0.4.0
+	- license: GPL-3.0-or-later
+- @nextcloud/dialogs
+	- version: 6.0.1
+	- license: AGPL-3.0-or-later
+- semver
+	- version: 7.6.3
+	- license: ISC
+- @nextcloud/event-bus
+	- version: 3.3.1
+	- license: GPL-3.0-or-later
+- @nextcloud/initial-state
+	- version: 2.2.0
+	- license: GPL-3.0-or-later
+- @nextcloud/l10n
+	- version: 3.1.0
+	- license: GPL-3.0-or-later
+- @nextcloud/logger
+	- version: 3.0.2
+	- license: GPL-3.0-or-later
+- @nextcloud/password-confirmation
+	- version: 5.3.0
+	- license: MIT
+- @nextcloud/router
+	- version: 3.0.1
+	- license: GPL-3.0-or-later
+- @vueuse/core
+	- version: 11.0.1
+	- license: MIT
+- @vueuse/shared
+	- version: 11.0.1
+	- license: MIT
+- debounce
+	- version: 2.1.0
+	- license: MIT
+- @nextcloud/vue
+	- version: 8.17.1
+	- license: AGPL-3.0-or-later
+- assert
+	- version: 2.1.0
+	- license: MIT
+- available-typed-arrays
+	- version: 1.0.7
+	- license: MIT
+- axios
+	- version: 1.7.7
+	- license: MIT
+- base64-js
+	- version: 1.5.1
+	- license: MIT
+- call-bind
+	- version: 1.0.7
+	- license: MIT
+- console-browserify
+	- version: 1.2.0
+	- license: MIT
+- css-loader
+	- version: 6.11.0
+	- license: MIT
+- define-data-property
+	- version: 1.1.4
+	- license: MIT
+- define-properties
+	- version: 1.2.1
+	- license: MIT
+- dompurify
+	- version: 3.1.6
+	- license: (MPL-2.0 OR Apache-2.0)
+- es-define-property
+	- version: 1.0.0
+	- license: MIT
+- es-errors
+	- version: 1.3.0
+	- license: MIT
+- escape-html
+	- version: 1.0.3
+	- license: MIT
+- floating-vue
+	- version: 1.0.0-beta.19
+	- license: MIT
+- focus-trap
+	- version: 7.5.4
+	- license: MIT
+- for-each
+	- version: 0.3.3
+	- license: MIT
+- function-bind
+	- version: 1.1.2
+	- license: MIT
+- get-intrinsic
+	- version: 1.2.4
+	- license: MIT
+- gopd
+	- version: 1.0.1
+	- license: MIT
+- has-property-descriptors
+	- version: 1.0.2
+	- license: MIT
+- has-proto
+	- version: 1.0.3
+	- license: MIT
+- has-symbols
+	- version: 1.0.3
+	- license: MIT
+- has-tostringtag
+	- version: 1.0.2
+	- license: MIT
+- hasown
+	- version: 2.0.2
+	- license: MIT
+- ieee754
+	- version: 1.2.1
+	- license: BSD-3-Clause
+- inherits
+	- version: 2.0.4
+	- license: ISC
+- is-arguments
+	- version: 1.1.1
+	- license: MIT
+- is-callable
+	- version: 1.2.7
+	- license: MIT
+- is-generator-function
+	- version: 1.0.10
+	- license: MIT
+- is-nan
+	- version: 1.3.2
+	- license: MIT
+- is-typed-array
+	- version: 1.1.13
+	- license: MIT
+- jquery
+	- version: 3.7.1
+	- license: MIT
+- lodash.get
+	- version: 4.4.2
+	- license: MIT
+- node-gettext
+	- version: 3.0.0
+	- license: MIT
+- buffer
+	- version: 6.0.3
+	- license: MIT
+- object-is
+	- version: 1.1.6
+	- license: MIT
+- object-keys
+	- version: 1.1.1
+	- license: MIT
+- object.assign
+	- version: 4.1.5
+	- license: MIT
+- inherits
+	- version: 2.0.3
+	- license: ISC
+- util
+	- version: 0.10.4
+	- license: MIT
+- path
+	- version: 0.12.7
+	- license: MIT
+- possible-typed-array-names
+	- version: 1.0.0
+	- license: MIT
+- process
+	- version: 0.11.10
+	- license: MIT
+- set-function-length
+	- version: 1.2.2
+	- license: MIT
+- style-loader
+	- version: 3.3.4
+	- license: MIT
+- tabbable
+	- version: 6.2.0
+	- license: MIT
+- toastify-js
+	- version: 1.12.0
+	- license: MIT
+- util
+	- version: 0.12.5
+	- license: MIT
+- vue
+	- version: 2.7.16
+	- license: MIT
+- webpack
+	- version: 5.94.0
+	- license: MIT
+- which-typed-array
+	- version: 1.1.15
+	- license: MIT
+- nextcloud
+	- version: 1.0.0
+	- license: AGPL-3.0-or-later

dist/files_external-settings.js.map.license

@@ -0,0 +1 @@
+files_external-settings.js.license

dist/files_sharing-public-file-request.js

@@ -1,2 +1,2 @@
-(()=>{"use strict";var e,r,t,o={38943:(e,r,t)=>{var o=t(85168),n=t(85471);const a=(0,t(35947).YK)().setApp("files_sharing").detectUser().build(),i=localStorage.getItem("nick"),l=localStorage.getItem("publicAuthPromptShown");i&&l?a.debug(`Public auth prompt already shown. Current nickname is '${i}'`):(0,o.Ss)((0,n.$V)((()=>Promise.all([t.e(4208),t.e(5315)]).then(t.bind(t,45315)))),{},(()=>localStorage.setItem("publicAuthPromptShown","true")))}},n={};function a(e){var r=n[e];if(void 0!==r)return r.exports;var t=n[e]={id:e,loaded:!1,exports:{}};return o[e].call(t.exports,t,t.exports,a),t.loaded=!0,t.exports}a.m=o,e=[],a.O=(r,t,o,n)=>{if(!t){var i=1/0;for(s=0;s<e.length;s++){t=e[s][0],o=e[s][1],n=e[s][2];for(var l=!0,c=0;c<t.length;c++)(!1&n||i>=n)&&Object.keys(a.O).every((e=>a.O[e](t[c])))?t.splice(c--,1):(l=!1,n<i&&(i=n));if(l){e.splice(s--,1);var u=o();void 0!==u&&(r=u)}}return r}n=n||0;for(var s=e.length;s>0&&e[s-1][2]>n;s--)e[s]=e[s-1];e[s]=[t,o,n]},a.n=e=>{var r=e&&e.__esModule?()=>e.default:()=>e;return a.d(r,{a:r}),r},a.d=(e,r)=>{for(var t in r)a.o(r,t)&&!a.o(e,t)&&Object.defineProperty(e,t,{enumerable:!0,get:r[t]})},a.f={},a.e=e=>Promise.all(Object.keys(a.f).reduce(((r,t)=>(a.f[t](e,r),r)),[])),a.u=e=>e+"-"+e+".js?v="+{5315:"c25bc40dd61746b63446",5706:"3153330af47fc26a725a",6127:"374a617a5ed71ccd7362"}[e],a.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window)return window}}(),a.o=(e,r)=>Object.prototype.hasOwnProperty.call(e,r),r={},t="nextcloud:",a.l=(e,o,n,i)=>{if(r[e])r[e].push(o);else{var l,c;if(void 0!==n)for(var u=document.getElementsByTagName("script"),s=0;s<u.length;s++){var d=u[s];if(d.getAttribute("src")==e||d.getAttribute("data-webpack")==t+n){l=d;break}}l||(c=!0,(l=document.createElement("script")).charset="utf-8",l.timeout=120,a.nc&&l.setAttribute("nonce",a.nc),l.setAttribute("data-webpack",t+n),l.src=e),r[e]=[o];var p=(t,o)=>{l.onerror=l.onload=null,clearTimeout(f);var n=r[e];if(delete r[e],l.parentNode&&l.parentNode.removeChild(l),n&&n.forEach((e=>e(o))),t)return t(o)},f=setTimeout(p.bind(null,void 0,{type:"timeout",target:l}),12e4);l.onerror=p.bind(null,l.onerror),l.onload=p.bind(null,l.onload),c&&document.head.appendChild(l)}},a.r=e=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},a.nmd=e=>(e.paths=[],e.children||(e.children=[]),e),a.j=9804,(()=>{var e;a.g.importScripts&&(e=a.g.location+"");var r=a.g.document;if(!e&&r&&(r.currentScript&&"SCRIPT"===r.currentScript.tagName.toUpperCase()&&(e=r.currentScript.src),!e)){var t=r.getElementsByTagName("script");if(t.length)for(var o=t.length-1;o>-1&&(!e||!/^http(s?):/.test(e));)e=t[o--].src}if(!e)throw new Error("Automatic publicPath is not supported in this browser");e=e.replace(/#.*$/,"").replace(/\?.*$/,"").replace(/\/[^\/]+$/,"/"),a.p=e})(),(()=>{a.b=document.baseURI||self.location.href;var e={9804:0};a.f.j=(r,t)=>{var o=a.o(e,r)?e[r]:void 0;if(0!==o)if(o)t.push(o[2]);else{var n=new Promise(((t,n)=>o=e[r]=[t,n]));t.push(o[2]=n);var i=a.p+a.u(r),l=new Error;a.l(i,(t=>{if(a.o(e,r)&&(0!==(o=e[r])&&(e[r]=void 0),o)){var n=t&&("load"===t.type?"missing":t.type),i=t&&t.target&&t.target.src;l.message="Loading chunk "+r+" failed.\n("+n+": "+i+")",l.name="ChunkLoadError",l.type=n,l.request=i,o[1](l)}}),"chunk-"+r,r)}},a.O.j=r=>0===e[r];var r=(r,t)=>{var o,n,i=t[0],l=t[1],c=t[2],u=0;if(i.some((r=>0!==e[r]))){for(o in l)a.o(l,o)&&(a.m[o]=l[o]);if(c)var s=c(a)}for(r&&r(t);u<i.length;u++)n=i[u],a.o(e,n)&&e[n]&&e[n][0](),e[n]=0;return a.O(s)},t=self.webpackChunknextcloud=self.webpackChunknextcloud||[];t.forEach(r.bind(null,0)),t.push=r.bind(null,t.push.bind(t))})(),a.nc=void 0;var i=a.O(void 0,[4208],(()=>a(38943)));i=a.O(i)})();
-//# sourceMappingURL=files_sharing-public-file-request.js.map?v=a31493a9509a98f89072
+(()=>{"use strict";var e,r,t,o={38943:(e,r,t)=>{var o=t(85168),n=t(85471);const a=(0,t(35947).YK)().setApp("files_sharing").detectUser().build(),i=localStorage.getItem("nick"),l=localStorage.getItem("publicAuthPromptShown");i&&l?a.debug(`Public auth prompt already shown. Current nickname is '${i}'`):(0,o.Ss)((0,n.$V)((()=>Promise.all([t.e(4208),t.e(5315)]).then(t.bind(t,45315)))),{},(()=>localStorage.setItem("publicAuthPromptShown","true")))}},n={};function a(e){var r=n[e];if(void 0!==r)return r.exports;var t=n[e]={id:e,loaded:!1,exports:{}};return o[e].call(t.exports,t,t.exports,a),t.loaded=!0,t.exports}a.m=o,e=[],a.O=(r,t,o,n)=>{if(!t){var i=1/0;for(d=0;d<e.length;d++){t=e[d][0],o=e[d][1],n=e[d][2];for(var l=!0,c=0;c<t.length;c++)(!1&n||i>=n)&&Object.keys(a.O).every((e=>a.O[e](t[c])))?t.splice(c--,1):(l=!1,n<i&&(i=n));if(l){e.splice(d--,1);var u=o();void 0!==u&&(r=u)}}return r}n=n||0;for(var d=e.length;d>0&&e[d-1][2]>n;d--)e[d]=e[d-1];e[d]=[t,o,n]},a.n=e=>{var r=e&&e.__esModule?()=>e.default:()=>e;return a.d(r,{a:r}),r},a.d=(e,r)=>{for(var t in r)a.o(r,t)&&!a.o(e,t)&&Object.defineProperty(e,t,{enumerable:!0,get:r[t]})},a.f={},a.e=e=>Promise.all(Object.keys(a.f).reduce(((r,t)=>(a.f[t](e,r),r)),[])),a.u=e=>e+"-"+e+".js?v="+{5315:"c25bc40dd61746b63446",5706:"3153330af47fc26a725a",6127:"374a617a5ed71ccd7362"}[e],a.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window)return window}}(),a.o=(e,r)=>Object.prototype.hasOwnProperty.call(e,r),r={},t="nextcloud:",a.l=(e,o,n,i)=>{if(r[e])r[e].push(o);else{var l,c;if(void 0!==n)for(var u=document.getElementsByTagName("script"),d=0;d<u.length;d++){var s=u[d];if(s.getAttribute("src")==e||s.getAttribute("data-webpack")==t+n){l=s;break}}l||(c=!0,(l=document.createElement("script")).charset="utf-8",l.timeout=120,a.nc&&l.setAttribute("nonce",a.nc),l.setAttribute("data-webpack",t+n),l.src=e),r[e]=[o];var p=(t,o)=>{l.onerror=l.onload=null,clearTimeout(f);var n=r[e];if(delete r[e],l.parentNode&&l.parentNode.removeChild(l),n&&n.forEach((e=>e(o))),t)return t(o)},f=setTimeout(p.bind(null,void 0,{type:"timeout",target:l}),12e4);l.onerror=p.bind(null,l.onerror),l.onload=p.bind(null,l.onload),c&&document.head.appendChild(l)}},a.r=e=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},a.nmd=e=>(e.paths=[],e.children||(e.children=[]),e),a.j=9804,(()=>{var e;a.g.importScripts&&(e=a.g.location+"");var r=a.g.document;if(!e&&r&&(r.currentScript&&"SCRIPT"===r.currentScript.tagName.toUpperCase()&&(e=r.currentScript.src),!e)){var t=r.getElementsByTagName("script");if(t.length)for(var o=t.length-1;o>-1&&(!e||!/^http(s?):/.test(e));)e=t[o--].src}if(!e)throw new Error("Automatic publicPath is not supported in this browser");e=e.replace(/#.*$/,"").replace(/\?.*$/,"").replace(/\/[^\/]+$/,"/"),a.p=e})(),(()=>{a.b=document.baseURI||self.location.href;var e={9804:0};a.f.j=(r,t)=>{var o=a.o(e,r)?e[r]:void 0;if(0!==o)if(o)t.push(o[2]);else{var n=new Promise(((t,n)=>o=e[r]=[t,n]));t.push(o[2]=n);var i=a.p+a.u(r),l=new Error;a.l(i,(t=>{if(a.o(e,r)&&(0!==(o=e[r])&&(e[r]=void 0),o)){var n=t&&("load"===t.type?"missing":t.type),i=t&&t.target&&t.target.src;l.message="Loading chunk "+r+" failed.\n("+n+": "+i+")",l.name="ChunkLoadError",l.type=n,l.request=i,o[1](l)}}),"chunk-"+r,r)}},a.O.j=r=>0===e[r];var r=(r,t)=>{var o,n,i=t[0],l=t[1],c=t[2],u=0;if(i.some((r=>0!==e[r]))){for(o in l)a.o(l,o)&&(a.m[o]=l[o]);if(c)var d=c(a)}for(r&&r(t);u<i.length;u++)n=i[u],a.o(e,n)&&e[n]&&e[n][0](),e[n]=0;return a.O(d)},t=self.webpackChunknextcloud=self.webpackChunknextcloud||[];t.forEach(r.bind(null,0)),t.push=r.bind(null,t.push.bind(t))})(),a.nc=void 0;var i=a.O(void 0,[4208],(()=>a(38943)));i=a.O(i)})();
+//# sourceMappingURL=files_sharing-public-file-request.js.map?v=41b3b344718a1663d892

dist/settings-apps-view-4529.js.license

@@ -50,7 +50,6 @@ SPDX-FileCopyrightText: Antoni Andre <antoniandre.web@gmail.com>
 SPDX-FileCopyrightText: Anthony Fu <https://github.com/antfu>
 SPDX-FileCopyrightText: Andris Reinman
 SPDX-FileCopyrightText: Alkemics
-SPDX-FileCopyrightText: @nextcloud/password-confirmation developers
 SPDX-FileCopyrightText: @nextcloud/dialogs developers
 
 
@@ -101,7 +100,7 @@ This file is generated from multiple sources. Included packages:
 	- version: 3.0.2
 	- license: GPL-3.0-or-later
 - @nextcloud/password-confirmation
-	- version: 5.1.1
+	- version: 5.3.0
 	- license: MIT
 - @nextcloud/paths
 	- version: 2.2.1

dist/settings-users-3239.js.license

@@ -54,7 +54,6 @@ SPDX-FileCopyrightText: Andris Reinman
 SPDX-FileCopyrightText: Amit Gupta (https://solothought.com)
 SPDX-FileCopyrightText: Amit Gupta (https://amitkumargupta.work/)
 SPDX-FileCopyrightText: Alkemics
-SPDX-FileCopyrightText: @nextcloud/password-confirmation developers
 SPDX-FileCopyrightText: @nextcloud/dialogs developers
 
 
@@ -105,7 +104,7 @@ This file is generated from multiple sources. Included packages:
 	- version: 3.0.2
 	- license: GPL-3.0-or-later
 - @nextcloud/password-confirmation
-	- version: 5.1.1
+	- version: 5.3.0
 	- license: MIT
 - @nextcloud/paths
 	- version: 2.2.1

dist/settings-vue-settings-admin-basic-settings.js.license

@@ -33,7 +33,6 @@ SPDX-FileCopyrightText: Christoph Wurst
 SPDX-FileCopyrightText: Austin Andrews
 SPDX-FileCopyrightText: Anthony Fu <https://github.com/antfu>
 SPDX-FileCopyrightText: Andris Reinman
-SPDX-FileCopyrightText: @nextcloud/password-confirmation developers
 SPDX-FileCopyrightText: @nextcloud/dialogs developers
 
 
@@ -75,7 +74,7 @@ This file is generated from multiple sources. Included packages:
 	- version: 1.3.1
 	- license: GPL-3.0-or-later
 - @nextcloud/password-confirmation
-	- version: 5.1.1
+	- version: 5.3.0
 	- license: MIT
 - @nextcloud/router
 	- version: 3.0.1

dist/settings-vue-settings-admin-security.js.license

@@ -40,7 +40,6 @@ SPDX-FileCopyrightText: David Clark
 SPDX-FileCopyrightText: Christoph Wurst
 SPDX-FileCopyrightText: Anthony Fu <https://github.com/antfu>
 SPDX-FileCopyrightText: Andris Reinman
-SPDX-FileCopyrightText: @nextcloud/password-confirmation developers
 SPDX-FileCopyrightText: @nextcloud/dialogs developers
 
 
@@ -82,7 +81,7 @@ This file is generated from multiple sources. Included packages:
 	- version: 3.0.2
 	- license: GPL-3.0-or-later
 - @nextcloud/password-confirmation
-	- version: 5.1.1
+	- version: 5.3.0
 	- license: MIT
 - @nextcloud/router
 	- version: 3.0.1

dist/settings-vue-settings-apps-users-management.js.license

@@ -40,7 +40,6 @@ SPDX-FileCopyrightText: Christoph Wurst
 SPDX-FileCopyrightText: Anthony Fu <https://github.com/antfu>
 SPDX-FileCopyrightText: Andris Reinman
 SPDX-FileCopyrightText: Alkemics
-SPDX-FileCopyrightText: @nextcloud/password-confirmation developers
 SPDX-FileCopyrightText: @nextcloud/dialogs developers
 
 
@@ -85,7 +84,7 @@ This file is generated from multiple sources. Included packages:
 	- version: 3.0.2
 	- license: GPL-3.0-or-later
 - @nextcloud/password-confirmation
-	- version: 5.1.1
+	- version: 5.3.0
 	- license: MIT
 - @nextcloud/paths
 	- version: 2.2.1

dist/settings-vue-settings-personal-info.js.license

@@ -47,7 +47,6 @@ SPDX-FileCopyrightText: Chen Fengyuan
 SPDX-FileCopyrightText: Austin Andrews
 SPDX-FileCopyrightText: Anthony Fu <https://github.com/antfu>
 SPDX-FileCopyrightText: Andris Reinman
-SPDX-FileCopyrightText: @nextcloud/password-confirmation developers
 SPDX-FileCopyrightText: @nextcloud/dialogs developers
 
 
@@ -98,7 +97,7 @@ This file is generated from multiple sources. Included packages:
 	- version: 1.3.1
 	- license: GPL-3.0-or-later
 - @nextcloud/password-confirmation
-	- version: 5.1.1
+	- version: 5.3.0
 	- license: MIT
 - @nextcloud/router
 	- version: 3.0.1

dist/settings-vue-settings-personal-security.js.license

@@ -36,7 +36,6 @@ SPDX-FileCopyrightText: Chen Fengyuan
 SPDX-FileCopyrightText: Austin Andrews
 SPDX-FileCopyrightText: Anthony Fu <https://github.com/antfu>
 SPDX-FileCopyrightText: Andris Reinman
-SPDX-FileCopyrightText: @nextcloud/password-confirmation developers
 SPDX-FileCopyrightText: @nextcloud/dialogs developers
 
 
@@ -78,7 +77,7 @@ This file is generated from multiple sources. Included packages:
 	- version: 3.0.2
 	- license: GPL-3.0-or-later
 - @nextcloud/password-confirmation
-	- version: 5.1.1
+	- version: 5.3.0
 	- license: MIT
 - @nextcloud/router
 	- version: 3.0.1

dist/settings-vue-settings-personal-webauthn.js.license

@@ -30,7 +30,6 @@ SPDX-FileCopyrightText: David Clark
 SPDX-FileCopyrightText: Christoph Wurst
 SPDX-FileCopyrightText: Anthony Fu <https://github.com/antfu>
 SPDX-FileCopyrightText: Andris Reinman
-SPDX-FileCopyrightText: @nextcloud/password-confirmation developers
 SPDX-FileCopyrightText: @nextcloud/dialogs developers
 
 
@@ -63,7 +62,7 @@ This file is generated from multiple sources. Included packages:
 	- version: 3.0.2
 	- license: GPL-3.0-or-later
 - @nextcloud/password-confirmation
-	- version: 5.1.1
+	- version: 5.3.0
 	- license: MIT
 - @nextcloud/router
 	- version: 3.0.1

dist/sharebymail-vue-settings-admin-sharebymail.js.license

@@ -29,7 +29,6 @@ SPDX-FileCopyrightText: David Clark
 SPDX-FileCopyrightText: Christoph Wurst
 SPDX-FileCopyrightText: Anthony Fu <https://github.com/antfu>
 SPDX-FileCopyrightText: Andris Reinman
-SPDX-FileCopyrightText: @nextcloud/password-confirmation developers
 SPDX-FileCopyrightText: @nextcloud/dialogs developers
 
 
@@ -62,7 +61,7 @@ This file is generated from multiple sources. Included packages:
 	- version: 3.0.2
 	- license: GPL-3.0-or-later
 - @nextcloud/password-confirmation
-	- version: 5.1.1
+	- version: 5.3.0
 	- license: MIT
 - @nextcloud/router
 	- version: 3.0.1

dist/twofactor_backupcodes-settings.js.license

@@ -8,6 +8,7 @@ SPDX-FileCopyrightText: inherits developers
 SPDX-FileCopyrightText: escape-html developers
 SPDX-FileCopyrightText: debounce developers
 SPDX-FileCopyrightText: assert developers
+SPDX-FileCopyrightText: Varun A P
 SPDX-FileCopyrightText: Tobias Koppers @sokra
 SPDX-FileCopyrightText: T. Jameson Little <t.jameson.little@gmail.com>
 SPDX-FileCopyrightText: Roman Shtylman <shtylman@gmail.com>
@@ -28,7 +29,7 @@ SPDX-FileCopyrightText: David Clark
 SPDX-FileCopyrightText: Christoph Wurst
 SPDX-FileCopyrightText: Anthony Fu <https://github.com/antfu>
 SPDX-FileCopyrightText: Andris Reinman
-SPDX-FileCopyrightText: @nextcloud/password-confirmation developers
+SPDX-FileCopyrightText: @nextcloud/dialogs developers
 
 
 This file is generated from multiple sources. Included packages:
@@ -41,6 +42,9 @@ This file is generated from multiple sources. Included packages:
 - @nextcloud/browser-storage
 	- version: 0.4.0
 	- license: GPL-3.0-or-later
+- @nextcloud/dialogs
+	- version: 6.0.1
+	- license: AGPL-3.0-or-later
 - semver
 	- version: 7.6.3
 	- license: ISC
@@ -57,7 +61,7 @@ This file is generated from multiple sources. Included packages:
 	- version: 3.0.2
 	- license: GPL-3.0-or-later
 - @nextcloud/password-confirmation
-	- version: 5.1.1
+	- version: 5.3.0
 	- license: MIT
 - @nextcloud/router
 	- version: 3.0.1
@@ -185,6 +189,15 @@ This file is generated from multiple sources. Included packages:
 - object.assign
 	- version: 4.1.5
 	- license: MIT
+- inherits
+	- version: 2.0.3
+	- license: ISC
+- util
+	- version: 0.10.4
+	- license: MIT
+- path
+	- version: 0.12.7
+	- license: MIT
 - possible-typed-array-names
 	- version: 1.0.0
 	- license: MIT
@@ -200,6 +213,9 @@ This file is generated from multiple sources. Included packages:
 - tabbable
 	- version: 6.2.0
 	- license: MIT
+- toastify-js
+	- version: 1.12.0
+	- license: MIT
 - util
 	- version: 0.12.5
 	- license: MIT

dist/workflowengine-workflowengine.js.license

@@ -43,7 +43,6 @@ SPDX-FileCopyrightText: David Clark
 SPDX-FileCopyrightText: Christoph Wurst
 SPDX-FileCopyrightText: Anthony Fu <https://github.com/antfu>
 SPDX-FileCopyrightText: Andris Reinman
-SPDX-FileCopyrightText: @nextcloud/password-confirmation developers
 SPDX-FileCopyrightText: @nextcloud/dialogs developers
 
 
@@ -85,7 +84,7 @@ This file is generated from multiple sources. Included packages:
 	- version: 3.0.2
 	- license: GPL-3.0-or-later
 - @nextcloud/password-confirmation
-	- version: 5.1.1
+	- version: 5.3.0
 	- license: MIT
 - @nextcloud/router
 	- version: 3.0.1

lib/private/AppFramework/DependencyInjection/DIContainer.php

@@ -23,6 +23,7 @@ use OC\Diagnostics\EventLogger;
 use OC\Log\PsrLoggerAdapter;
 use OC\ServerContainer;
 use OC\Settings\AuthorizedGroupMapper;
+use OC\User\Manager as UserManager;
 use OCA\WorkflowEngine\Manager;
 use OCP\AppFramework\Http\IOutput;
 use OCP\AppFramework\IAppContainer;
@@ -255,6 +256,8 @@ class DIContainer extends SimpleContainer implements IAppContainer {
 					$c->get(ITimeFactory::class),
 					$c->get(\OC\Authentication\Token\IProvider::class),
 					$c->get(LoggerInterface::class),
+					$c->get(IRequest::class),
+					$c->get(UserManager::class),
 				)
 			);
 			$dispatcher->registerMiddleware(

lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php

@@ -8,6 +8,7 @@ namespace OC\AppFramework\Middleware\Security;
 use OC\AppFramework\Middleware\Security\Exceptions\NotConfirmedException;
 use OC\AppFramework\Utility\ControllerMethodReflector;
 use OC\Authentication\Token\IProvider;
+use OC\User\Manager;
 use OCP\AppFramework\Controller;
 use OCP\AppFramework\Http\Attribute\PasswordConfirmationRequired;
 use OCP\AppFramework\Middleware;
@@ -16,6 +17,7 @@ use OCP\Authentication\Exceptions\ExpiredTokenException;
 use OCP\Authentication\Exceptions\InvalidTokenException;
 use OCP\Authentication\Exceptions\WipeTokenException;
 use OCP\Authentication\Token\IToken;
+use OCP\IRequest;
 use OCP\ISession;
 use OCP\IUserSession;
 use OCP\Session\Exceptions\SessionNotAvailableException;
@@ -24,75 +26,67 @@ use Psr\Log\LoggerInterface;
 use ReflectionMethod;
 
 class PasswordConfirmationMiddleware extends Middleware {
-	/** @var ControllerMethodReflector */
-	private $reflector;
-	/** @var ISession */
-	private $session;
-	/** @var IUserSession */
-	private $userSession;
-	/** @var ITimeFactory */
-	private $timeFactory;
-	/** @var array */
-	private $excludedUserBackEnds = ['user_saml' => true, 'user_globalsiteselector' => true];
-	private IProvider $tokenProvider;
+	private array $excludedUserBackEnds = ['user_saml' => true, 'user_globalsiteselector' => true];
 
-	/**
-	 * PasswordConfirmationMiddleware constructor.
-	 *
-	 * @param ControllerMethodReflector $reflector
-	 * @param ISession $session
-	 * @param IUserSession $userSession
-	 * @param ITimeFactory $timeFactory
-	 */
-	public function __construct(ControllerMethodReflector $reflector,
-		ISession $session,
-		IUserSession $userSession,
-		ITimeFactory $timeFactory,
-		IProvider $tokenProvider,
+	public function __construct(
+		private ControllerMethodReflector $reflector,
+		private ISession $session,
+		private IUserSession $userSession,
+		private ITimeFactory $timeFactory,
+		private IProvider $tokenProvider,
 		private readonly LoggerInterface $logger,
+		private readonly IRequest $request,
+		private readonly Manager $userManager,
 	) {
-		$this->reflector = $reflector;
-		$this->session = $session;
-		$this->userSession = $userSession;
-		$this->timeFactory = $timeFactory;
-		$this->tokenProvider = $tokenProvider;
 	}
 
 	/**
-	 * @param Controller $controller
-	 * @param string $methodName
 	 * @throws NotConfirmedException
 	 */
-	public function beforeController($controller, $methodName) {
+	public function beforeController(Controller $controller, string $methodName) {
 		$reflectionMethod = new ReflectionMethod($controller, $methodName);
 
-		if ($this->hasAnnotationOrAttribute($reflectionMethod, 'PasswordConfirmationRequired', PasswordConfirmationRequired::class)) {
-			$user = $this->userSession->getUser();
-			$backendClassName = '';
-			if ($user !== null) {
-				$backend = $user->getBackend();
-				if ($backend instanceof IPasswordConfirmationBackend) {
-					if (!$backend->canConfirmPassword($user->getUID())) {
-						return;
-					}
+		if (!$this->needsPasswordConfirmation($reflectionMethod)) {
+			return;
+		}
+
+		$user = $this->userSession->getUser();
+		$backendClassName = '';
+		if ($user !== null) {
+			$backend = $user->getBackend();
+			if ($backend instanceof IPasswordConfirmationBackend) {
+				if (!$backend->canConfirmPassword($user->getUID())) {
+					return;
 				}
-
-				$backendClassName = $user->getBackendClassName();
 			}
 
-			try {
-				$sessionId = $this->session->getId();
-				$token = $this->tokenProvider->getToken($sessionId);
-			} catch (SessionNotAvailableException|InvalidTokenException|WipeTokenException|ExpiredTokenException) {
-				// States we do not deal with here.
-				return;
-			}
-			$scope = $token->getScopeAsArray();
-			if (isset($scope[IToken::SCOPE_SKIP_PASSWORD_VALIDATION]) && $scope[IToken::SCOPE_SKIP_PASSWORD_VALIDATION] === true) {
-				// Users logging in from SSO backends cannot confirm their password by design
-				return;
+			$backendClassName = $user->getBackendClassName();
+		}
+
+		try {
+			$sessionId = $this->session->getId();
+			$token = $this->tokenProvider->getToken($sessionId);
+		} catch (SessionNotAvailableException|InvalidTokenException|WipeTokenException|ExpiredTokenException) {
+			// States we do not deal with here.
+			return;
+		}
+
+		$scope = $token->getScopeAsArray();
+		if (isset($scope[IToken::SCOPE_SKIP_PASSWORD_VALIDATION]) && $scope[IToken::SCOPE_SKIP_PASSWORD_VALIDATION] === true) {
+			// Users logging in from SSO backends cannot confirm their password by design
+			return;
+		}
+
+		if ($this->isPasswordConfirmationStrict($reflectionMethod)) {
+			$authHeader = $this->request->getHeader('Authorization');
+			[, $password] = explode(':', base64_decode(substr($authHeader, 6)), 2);
+			$loginResult = $this->userManager->checkPassword($user->getUid(), $password);
+			if ($loginResult === false) {
+				throw new NotConfirmedException();
 			}
 
+			$this->session->set('last-password-confirm', $this->timeFactory->getTime());
+		} else {
 			$lastConfirm = (int) $this->session->get('last-password-confirm');
 			// TODO: confirm excludedUserBackEnds can go away and remove it
 			if (!isset($this->excludedUserBackEnds[$backendClassName]) && $lastConfirm < ($this->timeFactory->getTime() - (30 * 60 + 15))) { // allow 15 seconds delay
@@ -101,24 +95,22 @@ class PasswordConfirmationMiddleware extends Middleware {
 		}
 	}
 
-	/**
-	 * @template T
-	 *
-	 * @param ReflectionMethod $reflectionMethod
-	 * @param string $annotationName
-	 * @param class-string<T> $attributeClass
-	 * @return boolean
-	 */
-	protected function hasAnnotationOrAttribute(ReflectionMethod $reflectionMethod, string $annotationName, string $attributeClass): bool {
-		if (!empty($reflectionMethod->getAttributes($attributeClass))) {
+	private function needsPasswordConfirmation(ReflectionMethod $reflectionMethod): bool {
+		$attributes = $reflectionMethod->getAttributes(PasswordConfirmationRequired::class);
+		if (!empty($attributes)) {
 			return true;
 		}
 
-		if ($this->reflector->hasAnnotation($annotationName)) {
-			$this->logger->debug($reflectionMethod->getDeclaringClass()->getName() . '::' . $reflectionMethod->getName() . ' uses the @' . $annotationName . ' annotation and should use the #[' . $attributeClass . '] attribute instead');
+		if ($this->reflector->hasAnnotation('PasswordConfirmationRequired')) {
+			$this->logger->debug($reflectionMethod->getDeclaringClass()->getName() . '::' . $reflectionMethod->getName() . ' uses the @' . 'PasswordConfirmationRequired' . ' annotation and should use the #[PasswordConfirmationRequired] attribute instead');
 			return true;
 		}
 
 		return false;
 	}
+
+	private function isPasswordConfirmationStrict(ReflectionMethod $reflectionMethod): bool {
+		$attributes = $reflectionMethod->getAttributes(PasswordConfirmationRequired::class);
+		return !empty($attributes) && ($attributes[0]->newInstance()->getStrict());
+	}
 }

lib/public/AppFramework/Http/Attribute/PasswordConfirmationRequired.php

@@ -18,4 +18,21 @@ use Attribute;
  */
 #[Attribute]
 class PasswordConfirmationRequired {
+	/**
+	 * @param bool $strict - Whether password confirmation needs to happen in the request.
+	 *
+	 * @since 31.0.0
+	 */
+	public function __construct(
+		protected bool $strict = false,
+	) {
+	}
+
+	/**
+	 * @since 31.0.0
+	 */
+	public function getStrict(): bool {
+		return $this->strict;
+	}
+
 }

package-lock.json

@@ -25,7 +25,7 @@
         "@nextcloud/l10n": "^3.1.0",
         "@nextcloud/logger": "^3.0.2",
         "@nextcloud/moment": "^1.3.1",
-        "@nextcloud/password-confirmation": "^5.1.1",
+        "@nextcloud/password-confirmation": "^5.3.0",
         "@nextcloud/paths": "^2.2.1",
         "@nextcloud/router": "^3.0.0",
         "@nextcloud/sharing": "^0.2.3",
@@ -4921,12 +4921,13 @@
       }
     },
     "node_modules/@nextcloud/password-confirmation": {
-      "version": "5.1.1",
-      "resolved": "https://registry.npmjs.org/@nextcloud/password-confirmation/-/password-confirmation-5.1.1.tgz",
-      "integrity": "sha512-UlQcjVe/fr/JaJ6TWaRM+yBLIEZRU6RWMy0JoExcA6UVJs2HJrRIyVMuiCLuIYlH23ReJH+z7zFI3+V7vdeJ1Q==",
-      "license": "MIT",
+      "version": "5.3.0",
+      "resolved": "https://registry.npmjs.org/@nextcloud/password-confirmation/-/password-confirmation-5.3.0.tgz",
+      "integrity": "sha512-i5W0ElClgnN8W186F9QigGDb1jsk/02n3cqQfXDLGbagisotF6TYhqFrxj6aYprzELZJgbjaMo3Fc7UDvpP3Ow==",
       "dependencies": {
+        "@nextcloud/auth": "^2.4.0",
         "@nextcloud/axios": "^2.5.0",
+        "@nextcloud/dialogs": "^6.0.1",
         "@nextcloud/l10n": "^3.1.0",
         "@nextcloud/router": "^3.0.1"
       },

package.json

@@ -53,7 +53,7 @@
     "@nextcloud/l10n": "^3.1.0",
     "@nextcloud/logger": "^3.0.2",
     "@nextcloud/moment": "^1.3.1",
-    "@nextcloud/password-confirmation": "^5.1.1",
+    "@nextcloud/password-confirmation": "^5.3.0",
     "@nextcloud/paths": "^2.2.1",
     "@nextcloud/router": "^3.0.0",
     "@nextcloud/sharing": "^0.2.3",

tests/lib/AppFramework/Middleware/Security/PasswordConfirmationMiddlewareTest.php

@@ -10,6 +10,7 @@ use OC\AppFramework\Middleware\Security\Exceptions\NotConfirmedException;
 use OC\AppFramework\Middleware\Security\PasswordConfirmationMiddleware;
 use OC\AppFramework\Utility\ControllerMethodReflector;
 use OC\Authentication\Token\IProvider;
+use OC\User\Manager;
 use OCP\AppFramework\Utility\ITimeFactory;
 use OCP\Authentication\Token\IToken;
 use OCP\IRequest;
@@ -23,20 +24,24 @@ use Test\TestCase;
 class PasswordConfirmationMiddlewareTest extends TestCase {
 	/** @var ControllerMethodReflector */
 	private $reflector;
-	/** @var ISession|\PHPUnit\Framework\MockObject\MockObject */
+	/** @var ISession&\PHPUnit\Framework\MockObject\MockObject */
 	private $session;
-	/** @var IUserSession|\PHPUnit\Framework\MockObject\MockObject */
+	/** @var IUserSession&\PHPUnit\Framework\MockObject\MockObject */
 	private $userSession;
-	/** @var IUser|\PHPUnit\Framework\MockObject\MockObject */
+	/** @var IUser&\PHPUnit\Framework\MockObject\MockObject */
 	private $user;
 	/** @var PasswordConfirmationMiddleware */
 	private $middleware;
 	/** @var PasswordConfirmationMiddlewareController */
 	private $controller;
-	/** @var ITimeFactory|\PHPUnit\Framework\MockObject\MockObject */
+	/** @var ITimeFactory&\PHPUnit\Framework\MockObject\MockObject */
 	private $timeFactory;
-	private IProvider|\PHPUnit\Framework\MockObject\MockObject $tokenProvider;
+	private IProvider&\PHPUnit\Framework\MockObject\MockObject $tokenProvider;
 	private LoggerInterface $logger;
+	/** @var IRequest&\PHPUnit\Framework\MockObject\MockObject */
+	private IRequest $request;
+	/** @var Manager&\PHPUnit\Framework\MockObject\MockObject */
+	private Manager $userManager;
 
 	protected function setUp(): void {
 		$this->reflector = new ControllerMethodReflector();
@@ -46,6 +51,8 @@ class PasswordConfirmationMiddlewareTest extends TestCase {
 		$this->timeFactory = $this->createMock(ITimeFactory::class);
 		$this->tokenProvider = $this->createMock(IProvider::class);
 		$this->logger = $this->createMock(LoggerInterface::class);
+		$this->request = $this->createMock(IRequest::class);
+		$this->userManager = $this->createMock(Manager::class);
 		$this->controller = new PasswordConfirmationMiddlewareController(
 			'test',
 			$this->createMock(IRequest::class)
@@ -58,6 +65,8 @@ class PasswordConfirmationMiddlewareTest extends TestCase {
 			$this->timeFactory,
 			$this->tokenProvider,
 			$this->logger,
+			$this->request,
+			$this->userManager,
 		);
 	}
 

webpack.modules.js

@@ -44,6 +44,7 @@ module.exports = {
 	},
 	files_external: {
 		init: path.join(__dirname, 'apps/files_external/src', 'init.ts'),
+		settings: path.join(__dirname, 'apps/files_external/src', 'settings.js'),
 	},
 	files_reminders: {
 		init: path.join(__dirname, 'apps/files_reminders/src', 'init.ts'),