diff options
author | Cyrille Bollu <cyrpub@bollu.be> | 2022-02-05 20:49:17 +0100 |
---|---|---|
committer | Cyrille Bollu <cyrpub@bollu.be> | 2022-04-11 21:58:24 +0200 |
commit | c6a5c07041d2e5d20771409aede8b755d28372ac (patch) | |
tree | 71051efd25c16bed5a419eb1670477f1f5471933 /core | |
parent | 60f946aba5862102a81100b09e26b37b6d59a3fa (diff) | |
download | nextcloud-server-c6a5c07041d2e5d20771409aede8b755d28372ac.tar.gz nextcloud-server-c6a5c07041d2e5d20771409aede8b755d28372ac.zip |
Adds a "Request password" button to the public share authentication page for shares
of type TYPE_EMAIL, when the "video verification" checkbox isn't checked. Users accessing
non-anonymous public shares (TYPE_EMAIL shares) can now request a temporary password themselves.
- Creates a migration step for the files_sharing app to add the 'password_expiration_time'
attribute to the oc_shares table.
- Makes share temporary passwords' expiration time configurable via a system value.
- Adds a system config value to allow permanent share passwords
-Fixes a typo in a comment in apps/files_sharing/src/components/SharingEntryLink.vue
See https://github.com/nextcloud/server/issues/31005
Signed-off-by: Cyrille Bollu <cyrpub@bollu.be>
Diffstat (limited to 'core')
-rw-r--r-- | core/css/publicshareauth.css | 7 | ||||
-rw-r--r-- | core/js/publicshareauth.js | 43 | ||||
-rw-r--r-- | core/templates/publicshareauth.php | 59 |
3 files changed, 104 insertions, 5 deletions
diff --git a/core/css/publicshareauth.css b/core/css/publicshareauth.css index c3713ff0e8b..0120c8731b9 100644 --- a/core/css/publicshareauth.css +++ b/core/css/publicshareauth.css @@ -7,6 +7,7 @@ form fieldset > p { position: relative; } +#email, #password { margin: 5px 0; padding-right: 45px; @@ -17,8 +18,10 @@ form fieldset > p { min-width: 0; /* FF hack for to override default value */ } -input[type='submit'], -input[type='submit'].icon-confirm { +#password-input-form input[type='submit'], +#email-input-form input[type='submit'], +#email-input-form input[type='submit'].icon-confirm, +#password-input-form input[type='submit'].icon-confirm { position: absolute; top: 0px; right: -5px; diff --git a/core/js/publicshareauth.js b/core/js/publicshareauth.js index af061954506..374d7e92e16 100644 --- a/core/js/publicshareauth.js +++ b/core/js/publicshareauth.js @@ -1,11 +1,52 @@ +function showEmailAddressPromptForm() { + // Shows email prompt + var emailInput = document.getElementById('email-input-form'); + emailInput.style.display="block"; + + // Shows back button + var backButton = document.getElementById('request-password-back-button'); + backButton.style.display="block"; + + // Hides password prompt and 'request password' button + var passwordRequestButton = document.getElementById('request-password-button-not-talk'); + var passwordInput = document.getElementById('password-input-form'); + passwordRequestButton.style.display="none"; + passwordInput.style.display="none"; + + // Hides identification result messages, if any + var identificationResultSuccess = document.getElementById('identification-success'); + var identificationResultFailure = document.getElementById('identification-failure'); + if (identificationResultSuccess) { + identificationResultSuccess.style.display="none"; + } + if (identificationResultFailure) { + identificationResultFailure.style.display="none"; + } +} + document.addEventListener('DOMContentLoaded', function() { + // Enables password submit button only when user has typed something in the password field var passwordInput = document.getElementById('password'); var passwordButton = document.getElementById('password-submit'); var eventListener = function() { passwordButton.disabled = passwordInput.value.length === 0; }; - passwordInput.addEventListener('click', eventListener); passwordInput.addEventListener('keyup', eventListener); passwordInput.addEventListener('change', eventListener); + + // Enables email request button only when user has typed something in the email field + var emailInput = document.getElementById('email'); + var emailButton = document.getElementById('password-request'); + eventListener = function() { + emailButton.disabled = emailInput.value.length === 0; + }; + emailInput.addEventListener('click', eventListener); + emailInput.addEventListener('keyup', eventListener); + emailInput.addEventListener('change', eventListener); + + // Adds functionality to the request password button + var passwordRequestButton = document.getElementById('request-password-button-not-talk'); + passwordRequestButton.addEventListener('click', showEmailAddressPromptForm); + }); diff --git a/core/templates/publicshareauth.php b/core/templates/publicshareauth.php index 96c5bc89111..74303ce02ea 100644 --- a/core/templates/publicshareauth.php +++ b/core/templates/publicshareauth.php @@ -5,7 +5,13 @@ style('core', 'publicshareauth'); script('core', 'publicshareauth'); ?> -<form method="post"> + +<!-- password prompt form. It should be hidden when we show the email prompt form --> +<?php if (!isset($_['identityOk'])): ?> + <form method="post" id="password-input-form"> +<?php else: ?> + <form method="post" id="password-input-form" style="display:none;"> +<?php endif; ?> <fieldset class="warning"> <?php if (!isset($_['wrongpw'])): ?> <div class="warning-info"><?php p($l->t('This share is password-protected')); ?></div> @@ -21,8 +27,57 @@ autocomplete="new-password" autocapitalize="off" autocorrect="off" autofocus /> <input type="hidden" name="sharingToken" value="<?php p($_['share']->getToken()) ?>" id="sharingToken"> - <input type="submit" id="password-submit" + <input type="hidden" name="sharingType" value="<?php p($_['share']->getShareType()) ?>" id="sharingType"> + <input type="submit" id="password-submit" class="svg icon-confirm input-button-inline" value="" disabled="disabled" /> </p> </fieldset> </form> + +<!-- email prompt form. It should initially be hidden --> +<?php if (isset($_['identityOk'])): ?> + <form method="post" id="email-input-form"> +<?php else: ?> + <form method="post" id="email-input-form" style="display:none;"> +<?php endif; ?> + <fieldset class="warning"> + <div class="warning-info" id="email-prompt"><?php p($l->t('Please type in your email address to request a temporary password')); ?></div> + <p> + <input type="email" id="email" name="identityToken" placeholder="<?php p($l->t('Email address')); ?>" /> + <input type="submit" id="password-request" name="passwordRequest" class="svg icon-confirm input-button-inline" value="" disabled="disabled"/> + <input type="hidden" name="requesttoken" value="<?php p($_['requesttoken']) ?>" /> + <input type="hidden" name="sharingToken" value="<?php p($_['share']->getToken()) ?>" id="sharingToken"> + <input type="hidden" name="sharingType" value="<?php p($_['share']->getShareType()) ?>" id="sharingType"> + </p> + <?php if (isset($_['identityOk'])): ?> + <?php if ($_['identityOk']): ?> + <div class="warning-info" id="identification-success"><?php p($l->t('Password sent!')); ?></div> + <?php else: ?> + <div class="warning" id="identification-failure"><?php p($l->t('You are not authorized to request a password for this share')); ?></div> + <?php endif; ?> + <?php endif; ?> + </fieldset> +</form> + +<!-- request password button --> +<?php if (!isset($_['identityOk']) && $_['share']->getShareType() === $_['share']::TYPE_EMAIL && !$_['share']->getSendPasswordByTalk()): ?> + <input type="button" + id="request-password-button-not-talk" + value="<?php p($l->t('Request password')); ?>" + class="primary" /> +<?php endif; ?> + +<!-- back to showShare button --> +<form method="get"> + <fieldset> + <input type="submit" + id="request-password-back-button" + value="<?php p($l->t('Back')); ?>" + class="primary" +<?php if (isset($_['identityOk'])): ?> + style="display:block;" /> +<?php else: ?> + style="display:none;" /> +<?php endif; ?> + </fieldset> +</form> |