fix(files_sharing): Only send password on change

The password param should never be sent if the intention is not remove it or update it. This commit adapts the frontend and backend to this rule to avoid weird bugs especially around updating new shares. Signed-off-by: nfebe <fenn25.fn@gmail.com>
2026-02-20 00:12:30 -05:00 · 2025-10-06 16:05:52 +01:00 · 2025-10-06 16:05:52 +01:00 · a28834b163
commit a28834b163
parent 30b5f00b0d
3 changed files with 20 additions and 7 deletions
--- a/apps/files_sharing/lib/Controller/ShareAPIController.php
+++ b/apps/files_sharing/lib/Controller/ShareAPIController.php
@ -1344,10 +1344,13 @@ class ShareAPIController extends OCSController {
 				$share->setPermissions($permissions);
 			}

-			if ($password === '') {
-				$share->setPassword(null);
-			} elseif ($password !== null) {
-				$share->setPassword($password);
+			$passwordParamSent = $password !== null;
+			if ($passwordParamSent) {
+				if ($password === '') {
+					$share->setPassword(null);
+				} else {
+					$share->setPassword($password);
+				}
 			}

 			if ($label !== null) {
--- a/apps/files_sharing/src/mixins/SharesMixin.js
+++ b/apps/files_sharing/src/mixins/SharesMixin.js
@ -316,7 +316,9 @@ export default {
 				// share api controller accepts
 				for (const name of propertyNames) {
 					if (name === 'password') {
-						properties[name] = this.share.newPassword ?? this.share.password
+						if (this.share.newPassword !== undefined) {
+							properties[name] = this.share.newPassword
+						}
 						continue
 					}

--- a/apps/files_sharing/src/views/SharingDetailsTab.vue
+++ b/apps/files_sharing/src/views/SharingDetailsTab.vue
@ -1054,7 +1054,11 @@ export default {

 		async saveShare() {
 			const permissionsAndAttributes = ['permissions', 'attributes', 'note', 'expireDate']
-			const publicShareAttributes = ['label', 'password', 'hideDownload']
+			const publicShareAttributes = ['label', 'hideDownload']
+			// Only include password if it's being actively changed
+			if (this.hasUnsavedPassword) {
+				publicShareAttributes.push('password')
+			}
 			if (this.config.allowCustomTokens) {
 				publicShareAttributes.push('token')
 			}
@ -1221,7 +1225,11 @@ export default {
 		 * "sendPasswordByTalk".
 		 */
 		onPasswordProtectedByTalkChange() {
-			this.queueUpdate('sendPasswordByTalk', 'password')
+			if (this.isEmailShareType || this.hasUnsavedPassword) {
+				this.queueUpdate('sendPasswordByTalk', 'password')
+			} else {
+				this.queueUpdate('sendPasswordByTalk')
+			}
 		},

 		isValidShareAttribute(value) {