Merge pull request #19982 from owncloud/fix-link-sharing-regression-master

Ensure the password is only hashed in case it's changed on the client…
author: Thomas Müller <thomas.mueller@tmit.eu> 2015-10-26 10:57:31 +0100
committer: Thomas Müller <thomas.mueller@tmit.eu> 2015-10-26 10:57:31 +0100
commit: d4d954b2d99af48c25acb51e6e86032d9685bc2a (patch)
tree: 96b4981f92f9c6bcd448517b1d91423cd59efca9 /core
parent: 1f32a3e485e33c56c559fc8f354ab82b0e5f7736 (diff)
parent: 9071e756a103319c6747974292463f30b89ab4e3 (diff)
download: nextcloud-server-d4d954b2d99af48c25acb51e6e86032d9685bc2a.tar.gz
nextcloud-server-d4d954b2d99af48c25acb51e6e86032d9685bc2a.zip
3 files changed, 36 insertions, 7 deletions
diff --git a/core/ajax/share.php b/core/ajax/share.php
index 4738d0e0827..a1c573900c9 100644
--- a/core/ajax/share.php
+++ b/core/ajax/share.php
@@ -48,9 +48,28 @@ if (isset($_POST['action']) && isset($_POST['itemType']) && isset($_POST['itemSo
 					$shareType = (int)$_POST['shareType'];
 					$shareWith = $_POST['shareWith'];
 					$itemSourceName = isset($_POST['itemSourceName']) ? (string)$_POST['itemSourceName'] : null;
-					if ($shareType === OCP\Share::SHARE_TYPE_LINK && $shareWith == '') {
-						$shareWith = null;
+
+					/*
+					 * Nasty nasty fix for https://github.com/owncloud/core/issues/19950
+					 */
+					$passwordChanged = null;
+					if (is_array($shareWith)) {
+						$passwordChanged = ($shareWith['passwordChanged'] === 'true');
+						if ($shareType === OCP\Share::SHARE_TYPE_LINK && $shareWith['password'] === '') {
+							$shareWith = null;
+						} else {
+							$shareWith = $shareWith['password'];
+						}
+					} else {
+						/*
+						 * We need this branch since the calendar and contacts also use this
+						 * endpoint
+						 */
+						if ($shareType === OCP\Share::SHARE_TYPE_LINK && $shareWith === '') {
+							$shareWith = null;
+						}
 					}
+
  					$itemSourceName=(isset($_POST['itemSourceName'])) ? (string)$_POST['itemSourceName']:'';
 
 					$token = OCP\Share::shareItem(
@@ -60,7 +79,8 @@ if (isset($_POST['action']) && isset($_POST['itemType']) && isset($_POST['itemSo
 						$shareWith,
 						$_POST['permissions'],
 						$itemSourceName,
-						(!empty($_POST['expirationDate']) ? new \DateTime((string)$_POST['expirationDate']) : null)
+						(!empty($_POST['expirationDate']) ? new \DateTime((string)$_POST['expirationDate']) : null),
+						$passwordChanged
 					);
 
 					if (is_string($token)) {
diff --git a/core/js/shareitemmodel.js b/core/js/shareitemmodel.js
index 1cf116f08f9..ae3cb0ce2e3 100644
--- a/core/js/shareitemmodel.js
+++ b/core/js/shareitemmodel.js
@@ -116,7 +116,8 @@
 
 			// TODO: use backbone's default value mechanism once this is a separate model
 			var requiredAttributes = [
-				{ name: 'password',	   defaultValue: '' },
+				{ name: 'password', defaultValue: '' },
+				{ name: 'passwordChanged', defaultValue: false },
 				{ name: 'permissions', defaultValue: OC.PERMISSION_READ },
 				{ name: 'expiration', defaultValue: this.configModel.getDefaultExpirationDateString() }
 			];
@@ -136,11 +137,16 @@
 				}
 			});
 
+			var password = {
+				password: attributes.password,
+				passwordChanged: attributes.passwordChanged
+			};
+
 			OC.Share.share(
 				itemType,
 				itemSource,
 				OC.Share.SHARE_TYPE_LINK,
-				attributes.password,
+				password,
 				attributes.permissions,
 				this.fileInfoModel.get('name'),
 				attributes.expiration,
@@ -208,6 +214,7 @@
 		 */
 		setPassword: function(password) {
 			this.get('linkShare').password = password;
+			this.get('linkShare').passwordChanged = true;
 		},
 
 		addShare: function(attributes, options) {
diff --git a/core/js/tests/specs/sharedialogviewSpec.js b/core/js/tests/specs/sharedialogviewSpec.js
index 0117f517d4c..1c05bf21968 100644
--- a/core/js/tests/specs/sharedialogviewSpec.js
+++ b/core/js/tests/specs/sharedialogviewSpec.js
@@ -146,7 +146,8 @@ describe('OC.Share.ShareDialogView', function() {
 
 			expect(fakeServer.requests[1].method).toEqual('POST');
 			var body = OC.parseQueryString(fakeServer.requests[1].requestBody);
-			expect(body.shareWith).toEqual('foo');
+			expect(body['shareWith[password]']).toEqual('foo');
+			expect(body['shareWith[passwordChanged]']).toEqual('true');
 
 			fetchStub.reset();
 
@@ -185,7 +186,8 @@ describe('OC.Share.ShareDialogView', function() {
 
 			expect(fakeServer.requests[1].method).toEqual('POST');
 			var body = OC.parseQueryString(fakeServer.requests[1].requestBody);
-			expect(body.shareWith).toEqual('foo');
+			expect(body['shareWith[password]']).toEqual('foo');
+			expect(body['shareWith[passwordChanged]']).toEqual('true');
 
 			fetchStub.reset();
author	Thomas Müller <thomas.mueller@tmit.eu>	2015-10-26 10:57:31 +0100
committer	Thomas Müller <thomas.mueller@tmit.eu>	2015-10-26 10:57:31 +0100
commit	d4d954b2d99af48c25acb51e6e86032d9685bc2a (patch)
tree	96b4981f92f9c6bcd448517b1d91423cd59efca9 /core
parent	1f32a3e485e33c56c559fc8f354ab82b0e5f7736 (diff)
parent	9071e756a103319c6747974292463f30b89ab4e3 (diff)
download	nextcloud-server-d4d954b2d99af48c25acb51e6e86032d9685bc2a.tar.gz nextcloud-server-d4d954b2d99af48c25acb51e6e86032d9685bc2a.zip