upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-05-28 04:32:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 25

Merge pull request #60550 from nextcloud/backport/60542/stable32

Browse source 
[stable32] don't put hashed password in share api response
This commit is contained in:
Stephan Orbaugh 2026-05-20 16:03:07 +02:00 committed by GitHub
commit d2f0cad743
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 15 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
apps/files_sharing/lib/Controller/ShareAPIController.php
View file

@ -271,10 +271,10 @@ class ShareAPIController extends OCSController {
// "share_with" and "share_with_displayname" for passwords of link
// shares was deprecated in Nextcloud 15, use "password" instead.
$result['share_with'] = $share->getPassword();
$result['share_with'] = $this->formatPasswordField($share->getPassword());
$result['share_with_displayname'] = '(' . $this->l->t('Shared link') . ')';
$result['password'] = $share->getPassword();
$result['password'] = $this->formatPasswordField($share->getPassword());
$result['send_password_by_talk'] = $share->getSendPasswordByTalk();
@ -290,7 +290,7 @@ class ShareAPIController extends OCSController {
$result['token'] = $token;
} elseif ($share->getShareType() === IShare::TYPE_EMAIL) {
$result['share_with'] = $share->getSharedWith();
$result['password'] = $share->getPassword();
$result['password'] = $this->formatPasswordField($share->getPassword());
$result['password_expiration_time'] = $share->getPasswordExpirationTime() !== null ? $share->getPasswordExpirationTime()->format(\DateTime::ATOM) : null;
$result['send_password_by_talk'] = $share->getSendPasswordByTalk();
$result['share_with_displayname'] = $this->getDisplayNameFromAddressBook($share->getSharedWith(), 'EMAIL');
@ -359,6 +359,10 @@ class ShareAPIController extends OCSController {
return $result;
}
private function formatPasswordField(?string $password): ?string {
return ($password === null) ? null : 'redacted';
}
/**
* Check if one of the users address books knows the exact property, if
* not we return the full name.

16
apps/files_sharing/tests/Controller/ShareAPIControllerTest.php
View file

@ -796,8 +796,8 @@ class ShareAPIControllerTest extends TestCase {
$expected = [
'id' => 101,
'share_type' => IShare::TYPE_LINK,
'password' => 'password',
'share_with' => 'password',
'password' => 'redacted',
'share_with' => 'redacted',
'share_with_displayname' => '(Shared link)',
'send_password_by_talk' => false,
'uid_owner' => 'initiatorId',
@ -4380,8 +4380,8 @@ class ShareAPIControllerTest extends TestCase {
'file_source' => 3,
'file_parent' => 1,
'file_target' => 'myTarget',
'password' => 'mypassword',
'share_with' => 'mypassword',
'password' => 'redacted',
'share_with' => 'redacted',
'share_with_displayname' => '(Shared link)',
'send_password_by_talk' => false,
'mail_send' => 0,
@ -4439,8 +4439,8 @@ class ShareAPIControllerTest extends TestCase {
'file_source' => 3,
'file_parent' => 1,
'file_target' => 'myTarget',
'password' => 'mypassword',
'share_with' => 'mypassword',
'password' => 'redacted',
'share_with' => 'redacted',
'share_with_displayname' => '(Shared link)',
'send_password_by_talk' => true,
'mail_send' => 0,
@ -4784,7 +4784,7 @@ class ShareAPIControllerTest extends TestCase {
'mail_send' => 0,
'mimetype' => 'myFolderMimeType',
'has_preview' => false,
'password' => 'password',
'password' => 'redacted',
'send_password_by_talk' => false,
'hide_download' => 0,
'can_edit' => false,
@ -4840,7 +4840,7 @@ class ShareAPIControllerTest extends TestCase {
'mail_send' => 0,
'mimetype' => 'myFolderMimeType',
'has_preview' => false,
'password' => 'password',
'password' => 'redacted',
'send_password_by_talk' => true,
'hide_download' => 0,
'can_edit' => false,