Merge pull request #31220 from nextcloud/enhancement/31005/temporary-passwords

Temporary passwords for public non-anonymous protected shares (ie: files shared with an email recipient). 

2 files changed, 57 insertions, 3 deletions

diff --git a/lib/public/AppFramework/AuthPublicShareController.php b/lib/public/AppFramework/AuthPublicShareController.php
index 33adf7b5fe4..bd0e32f566d 100644
--- a/lib/public/AppFramework/AuthPublicShareController.php
+++ b/lib/public/AppFramework/AuthPublicShareController.php
@@ -85,11 +85,39 @@ abstract class AuthPublicShareController extends PublicShareController {
 	}
 
 	/**
+	 * The template to show after user identification
+	 *
+	 * @since 24.0.0
+	 */
+	protected function showIdentificationResult(bool $success): TemplateResponse {
+		return new TemplateResponse('core', 'publicshareauth', ['identityOk' => $success], 'guest');
+	}
+
+	/**
+	 * Validates that the provided identity is allowed to receive a temporary password
+	 *
+	 * @since 24.0.0
+	 */
+	protected function validateIdentity(?string $identityToken = null): bool {
+		return false;
+	}
+
+	/**
+	 * Generates a password
+	 *
+	 * @since 24.0.0
+	 */
+	protected function generatePassword(): void {
+	}
+
+	/**
 	 * Verify the password
 	 *
-	 * @since 14.0.0
+	 * @since 24.0.0
 	 */
-	abstract protected function verifyPassword(string $password): bool;
+	protected function verifyPassword(string $password): bool {
+		return false;
+	}
 
 	/**
 	 * Function called after failed authentication
@@ -120,12 +148,25 @@ abstract class AuthPublicShareController extends PublicShareController {
 	 *
 	 * @since 14.0.0
 	 */
-	final public function authenticate(string $password = '') {
+	final public function authenticate(string $password = '', string $passwordRequest = 'no', string $identityToken = '') {
 		// Already authenticated
 		if ($this->isAuthenticated()) {
 			return $this->getRedirect();
 		}
 
+		// Is user requesting a temporary password?
+		if ($passwordRequest == '') {
+			if ($this->validateIdentity($identityToken)) {
+				$this->generatePassword();
+				$response = $this->showIdentificationResult(true);
+				return $response;
+			} else {
+				$response = $this->showIdentificationResult(false);
+				$response->throttle();
+				return $response;
+			}
+		}
+
 		if (!$this->verifyPassword($password)) {
 			$this->authFailed();
 			$response = $this->showAuthFailed();
diff --git a/lib/public/Share/IShare.php b/lib/public/Share/IShare.php
index 8ff3f5f0394..1d3cf9bbbdf 100644
--- a/lib/public/Share/IShare.php
+++ b/lib/public/Share/IShare.php
@@ -448,6 +448,19 @@ interface IShare {
 	 */
 	public function getPassword();
 
+	/**
+	 * Set the password's expiration time of this share.
+	 *
+	 * @return self The modified object
+	 * @since 24.0.0
+	 */
+	public function setPasswordExpirationTime(?\DateTimeInterface $passwordExpirationTime = null): IShare;
+
+	/**
+	 * Get the password's expiration time of this share.
+	 * @since 24.0.0
+	 */
+	public function getPasswordExpirationTime(): ?\DateTimeInterface;
 
 	/**
 	 * Set if the recipient can start a conversation with the owner to get the