Merge pull request #31220 from nextcloud/enhancement/31005/temporary-passwords

Temporary passwords for public non-anonymous protected shares (ie: files shared with an email recipient).
author: Vincent Petry <vincent@nextcloud.com> 2022-04-12 09:46:31 +0200
committer: GitHub <noreply@github.com> 2022-04-12 09:46:31 +0200
commit: 483741ff36ab5ce56d37f65226b76afffb858356 (patch)
tree: a50478ba2112ef95d8899ce8d994c1b27a49cdf7 /core
parent: 4626bfbc83c3b5779d6688c0b9357514e08799ed (diff)
parent: c6a5c07041d2e5d20771409aede8b755d28372ac (diff)
download: nextcloud-server-483741ff36ab5ce56d37f65226b76afffb858356.tar.gz
nextcloud-server-483741ff36ab5ce56d37f65226b76afffb858356.zip
3 files changed, 104 insertions, 5 deletions
diff --git a/core/css/publicshareauth.css b/core/css/publicshareauth.css
index c3713ff0e8b..0120c8731b9 100644
--- a/core/css/publicshareauth.css
+++ b/core/css/publicshareauth.css
@@ -7,6 +7,7 @@ form fieldset > p {
 	position: relative;
 }
 
+#email,
 #password {
 	margin: 5px 0;
 	padding-right: 45px;
@@ -17,8 +18,10 @@ form fieldset > p {
 	min-width: 0; /* FF hack for to override default value */
 }
 
-input[type='submit'],
-input[type='submit'].icon-confirm {
+#password-input-form input[type='submit'],
+#email-input-form input[type='submit'],
+#email-input-form input[type='submit'].icon-confirm,
+#password-input-form input[type='submit'].icon-confirm {
 	position: absolute;
 	top: 0px;
 	right: -5px;
diff --git a/core/js/publicshareauth.js b/core/js/publicshareauth.js
index af061954506..374d7e92e16 100644
--- a/core/js/publicshareauth.js
+++ b/core/js/publicshareauth.js
@@ -1,11 +1,52 @@
+function showEmailAddressPromptForm() {
+	// Shows email prompt
+	var emailInput = document.getElementById('email-input-form');
+	emailInput.style.display="block";
+
+	// Shows back button
+	var backButton = document.getElementById('request-password-back-button');
+	backButton.style.display="block";
+
+	// Hides password prompt and 'request password' button
+	var passwordRequestButton = document.getElementById('request-password-button-not-talk');
+	var passwordInput = document.getElementById('password-input-form');
+	passwordRequestButton.style.display="none";
+	passwordInput.style.display="none";
+
+	// Hides identification result messages, if any
+	var identificationResultSuccess = document.getElementById('identification-success');
+	var identificationResultFailure = document.getElementById('identification-failure');
+	if (identificationResultSuccess) {
+		identificationResultSuccess.style.display="none";
+	}
+	if (identificationResultFailure) {
+		identificationResultFailure.style.display="none";
+	}
+}
+
 document.addEventListener('DOMContentLoaded', function() {
+	// Enables password submit button only when user has typed something in the password field
 	var passwordInput = document.getElementById('password');
 	var passwordButton = document.getElementById('password-submit');
 	var eventListener = function() {
 		passwordButton.disabled = passwordInput.value.length === 0;
 	};
-
 	passwordInput.addEventListener('click', eventListener);
 	passwordInput.addEventListener('keyup', eventListener);
 	passwordInput.addEventListener('change', eventListener);
+
+	// Enables email request button only when user has typed something in the email field
+	var emailInput = document.getElementById('email');
+	var emailButton = document.getElementById('password-request');
+	eventListener = function() {
+		emailButton.disabled = emailInput.value.length === 0;
+	};
+	emailInput.addEventListener('click', eventListener);
+	emailInput.addEventListener('keyup', eventListener);
+	emailInput.addEventListener('change', eventListener);
+
+	// Adds functionality to the request password button
+	var passwordRequestButton = document.getElementById('request-password-button-not-talk');
+	passwordRequestButton.addEventListener('click', showEmailAddressPromptForm);
+
 });
diff --git a/core/templates/publicshareauth.php b/core/templates/publicshareauth.php
index 96c5bc89111..74303ce02ea 100644
--- a/core/templates/publicshareauth.php
+++ b/core/templates/publicshareauth.php
@@ -5,7 +5,13 @@
 	style('core', 'publicshareauth');
 	script('core', 'publicshareauth');
 ?>
-<form method="post">
+
+<!-- password prompt form. It should be hidden when we show the email prompt form -->
+<?php if (!isset($_['identityOk'])): ?>
+	<form method="post" id="password-input-form">
+<?php else: ?>
+	<form method="post" id="password-input-form" style="display:none;">
+<?php endif; ?>
 	<fieldset class="warning">
 		<?php if (!isset($_['wrongpw'])): ?>
 			<div class="warning-info"><?php p($l->t('This share is password-protected')); ?></div>
@@ -21,8 +27,57 @@
 				autocomplete="new-password" autocapitalize="off" autocorrect="off"
 				autofocus />
 			<input type="hidden" name="sharingToken" value="<?php p($_['share']->getToken()) ?>" id="sharingToken">
-			<input type="submit" id="password-submit" 
+			<input type="hidden" name="sharingType" value="<?php p($_['share']->getShareType()) ?>" id="sharingType">
+			<input type="submit" id="password-submit"
 				class="svg icon-confirm input-button-inline" value="" disabled="disabled" />
 		</p>
 	</fieldset>
 </form>
+
+<!-- email prompt form. It should initially be hidden -->
+<?php if (isset($_['identityOk'])): ?>
+	<form method="post" id="email-input-form">
+<?php else: ?>
+	<form method="post" id="email-input-form" style="display:none;">
+<?php endif; ?>
+	<fieldset class="warning">
+		<div class="warning-info" id="email-prompt"><?php p($l->t('Please type in your email address to request a temporary password')); ?></div>
+		 <p>
+			<input type="email" id="email" name="identityToken" placeholder="<?php p($l->t('Email address')); ?>" />
+			<input type="submit" id="password-request" name="passwordRequest" class="svg icon-confirm input-button-inline" value="" disabled="disabled"/>
+			<input type="hidden" name="requesttoken" value="<?php p($_['requesttoken']) ?>" />
+			<input type="hidden" name="sharingToken" value="<?php p($_['share']->getToken()) ?>" id="sharingToken">
+			<input type="hidden" name="sharingType" value="<?php p($_['share']->getShareType()) ?>" id="sharingType">
+		</p>
+		<?php if (isset($_['identityOk'])): ?>
+			<?php if ($_['identityOk']): ?>
+				<div class="warning-info" id="identification-success"><?php p($l->t('Password sent!')); ?></div>
+			<?php else: ?>
+				<div class="warning" id="identification-failure"><?php p($l->t('You are not authorized to request a password for this share')); ?></div>
+			<?php endif; ?>
+		<?php endif; ?>
+	</fieldset>
+</form>
+
+<!-- request password button -->
+<?php if (!isset($_['identityOk']) && $_['share']->getShareType() === $_['share']::TYPE_EMAIL && !$_['share']->getSendPasswordByTalk()): ?>
+	<input type="button"
+		id="request-password-button-not-talk"
+		value="<?php p($l->t('Request password')); ?>"
+		class="primary" />
+<?php endif; ?>
+
+<!-- back to showShare button -->
+<form method="get">
+	<fieldset>
+		<input type="submit"
+			id="request-password-back-button"
+			value="<?php p($l->t('Back')); ?>"
+			class="primary"
+<?php if (isset($_['identityOk'])): ?>
+			style="display:block;" />
+<?php else: ?>
+			style="display:none;" />
+<?php endif; ?>
+	</fieldset>
+</form>
author	Vincent Petry <vincent@nextcloud.com>	2022-04-12 09:46:31 +0200
committer	GitHub <noreply@github.com>	2022-04-12 09:46:31 +0200
commit	483741ff36ab5ce56d37f65226b76afffb858356 (patch)
tree	a50478ba2112ef95d8899ce8d994c1b27a49cdf7 /core
parent	4626bfbc83c3b5779d6688c0b9357514e08799ed (diff)
parent	c6a5c07041d2e5d20771409aede8b755d28372ac (diff)
download	nextcloud-server-483741ff36ab5ce56d37f65226b76afffb858356.tar.gz nextcloud-server-483741ff36ab5ce56d37f65226b76afffb858356.zip