upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-05-22 10:06:37 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 16

Merge pull request #60542 from nextcloud/share-api-remove-hashed-pw

Browse source 
don't put hashed password in share api response
This commit is contained in:
Andy Scherzinger 2026-05-20 10:36:32 +02:00 committed by GitHub
commit d6a7065b07
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 15 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
apps/files_sharing/lib/Controller/ShareAPIController.php
View file

@ -273,10 +273,10 @@ class ShareAPIController extends OCSController {
// "share_with" and "share_with_displayname" for passwords of link
// shares was deprecated in Nextcloud 15, use "password" instead.
$result['share_with'] = $share->getPassword();
$result['share_with'] = $this->formatPasswordField($share->getPassword());
$result['share_with_displayname'] = '(' . $this->l->t('Shared link') . ')';
$result['password'] = $share->getPassword();
$result['password'] = $this->formatPasswordField($share->getPassword());
$result['send_password_by_talk'] = $share->getSendPasswordByTalk();
@ -292,7 +292,7 @@ class ShareAPIController extends OCSController {
$result['token'] = $token;
} elseif ($share->getShareType() === IShare::TYPE_EMAIL) {
$result['share_with'] = $share->getSharedWith();
$result['password'] = $share->getPassword();
$result['password'] = $this->formatPasswordField($share->getPassword());
$result['password_expiration_time'] = $share->getPasswordExpirationTime() !== null ? $share->getPasswordExpirationTime()->format(\DateTime::ATOM) : null;
$result['send_password_by_talk'] = $share->getSendPasswordByTalk();
$result['share_with_displayname'] = $this->getDisplayNameFromAddressBook($share->getSharedWith(), 'EMAIL');
@ -351,6 +351,10 @@ class ShareAPIController extends OCSController {
return $result;
}
private function formatPasswordField(?string $password): ?string {
return ($password === null) ? null : 'redacted';
}
/**
* Check if one of the users address books knows the exact property, if
* not we return the full name.

16
apps/files_sharing/tests/Controller/ShareAPIControllerTest.php
View file

@ -807,8 +807,8 @@ class ShareAPIControllerTest extends TestCase {
$expected = [
'id' => '101',
'share_type' => IShare::TYPE_LINK,
'password' => 'password',
'share_with' => 'password',
'password' => 'redacted',
'share_with' => 'redacted',
'share_with_displayname' => '(Shared link)',
'send_password_by_talk' => false,
'uid_owner' => 'initiatorId',
@ -4405,8 +4405,8 @@ class ShareAPIControllerTest extends TestCase {
'file_source' => 3,
'file_parent' => 1,
'file_target' => 'myTarget',
'password' => 'mypassword',
'share_with' => 'mypassword',
'password' => 'redacted',
'share_with' => 'redacted',
'share_with_displayname' => '(Shared link)',
'send_password_by_talk' => false,
'mail_send' => 0,
@ -4450,8 +4450,8 @@ class ShareAPIControllerTest extends TestCase {
'file_source' => 3,
'file_parent' => 1,
'file_target' => 'myTarget',
'password' => 'mypassword',
'share_with' => 'mypassword',
'password' => 'redacted',
'share_with' => 'redacted',
'share_with_displayname' => '(Shared link)',
'send_password_by_talk' => true,
'mail_send' => 0,
@ -4768,7 +4768,7 @@ class ShareAPIControllerTest extends TestCase {
'mail_send' => 0,
'mimetype' => 'myFolderMimeType',
'has_preview' => false,
'password' => 'password',
'password' => 'redacted',
'send_password_by_talk' => false,
'hide_download' => 0,
'can_edit' => false,
@ -4813,7 +4813,7 @@ class ShareAPIControllerTest extends TestCase {
'mail_send' => 0,
'mimetype' => 'myFolderMimeType',
'has_preview' => false,
'password' => 'password',
'password' => 'redacted',
'send_password_by_talk' => true,
'hide_download' => 0,
'can_edit' => false,