Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enforce Password & expiration date on mail sharing #11547

Closed
RumblyShip opened this issue Oct 2, 2018 · 5 comments
Closed

Enforce Password & expiration date on mail sharing #11547

RumblyShip opened this issue Oct 2, 2018 · 5 comments
Labels
1. to develop Accepted and waiting to be taken care of bug feature: sharing security

Comments

@RumblyShip
Copy link

RumblyShip commented Oct 2, 2018
edited
Loading

Steps to reproduce

  1. Upload a file
  2. Share via email
  3. Not forced to password protect

Expected behaviour

I would like a configuration option to enforce password use like the option that is available for sharing via a link

Actual behaviour

Able to share without a password

Server configuration

Operating system: Ubuntu 18.04

Web server: nginx
Database: MariaDB
PHP version: 7.2
Nextcloud version: 14.0.1
Updated from an older Nextcloud/ownCloud or fresh install: fresh install
Where did you install Nextcloud from: manual install
Signing status:

Signing status No errors have been found.

List of activated apps:

App list 
Enabled:
  - activity: 2.7.0
  - admin_audit: 1.4.0
  - bruteforcesettings: 1.1.0
  - cloud_federation_api: 0.0.1
  - dav: 1.6.0
  - federatedfilesharing: 1.4.0
  - files: 1.9.0
  - files_automatedtagging: 1.4.0
  - files_retention: 1.3.0
  - files_sharing: 1.6.2
  - logreader: 2.0.0
  - lookup_server_connector: 1.2.0
  - nextcloud_announcements: 1.3.0
  - notifications: 2.2.1
  - oauth2: 1.2.1
  - password_policy: 1.4.0
  - provisioning_api: 1.4.0
  - serverinfo: 1.4.0
  - sharebymail: 1.4.0
  - systemtags: 1.4.0
  - theming: 1.5.0
  - twofactor_backupcodes: 1.3.1
  - updatenotification: 1.4.1
  - user_ldap: 1.4.0
  - workflowengine: 1.4.0

Nextcloud configuration:

Config report 
{
    "system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "***REMOVED SENSITIVE VALUE***"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "14.0.1.1",
        "overwrite.cli.url": "***REMOVED SENSITIVE VALUE***",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "htaccess.RewriteBase": "\/",
        "skeletondirectory": "\/NCSkeleton",
        "memcache.local": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": 6379
        },
        "updater.release.channel": "production",
        "lost_password_link": "mailto:***REMOVED SENSITIVE VALUE***",
        "ldapIgnoreNamingRules": false,
        "ldapProviderFactory": "OCA\\User_LDAP\\LDAPProviderFactory",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpmode": "smtp",
        "mail_smtpauthtype": "LOGIN",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "25",
        "mail_smtpsecure": "tls",
        "simpleSignUpLink.shown": false
    }
}

Are you using external storage, if yes which one: local

Are you using encryption: no

Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory

Client configuration

Browser: Chrome
Operating system: Windows 10
@nextcloud-bot
Copy link
Member

GitMate.io thinks possibly related issues are #10644 (Link sharing broken with enforced password protection), #8785 (Password expiration), #10695 (Fix password enforce on public links), #5047 (Can't password protect shares because password email is sent from account email address), and #10238 (Add support for sending the password for a share by Nextcloud Talk).

@nextcloud-bot nextcloud-bot mentioned this issue Oct 19, 2018
Closed
@nextcloud-bot nextcloud-bot mentioned this issue Nov 5, 2018
Closed
@jancborchardt
Copy link
Member

@RumblyShip this is actually possible:
nextcloud password protect via email

Or do you mean that if "Enforce password protection" under link sharing in the Admin settings is enabled, that it should also be enforced for mail shares?
sharing enforce setting

@skjnldsv skjnldsv added the 1. to develop Accepted and waiting to be taken care of label May 21, 2019
@skjnldsv skjnldsv changed the title Enforce Password On All Share Methods Enforce Password & expiration date on mail sharing May 22, 2019
@skjnldsv
Copy link
Member

Actually, same goes for email expiration date, not only password

This was referenced May 22, 2019
Closed
Closed
@RumblyShip
Copy link
Author

I would like to see an option to enforce passwords in email sharing. We have a policy that anything shared externally requires a password to access.

Last I tested, this only was enforceable in link shares and not on email.

@skjnldsv
Copy link
Member

Fixed with #15719

@jasond2020 jasond2020 mentioned this issue Sep 4, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
1. to develop Accepted and waiting to be taken care of bug feature: sharing security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jancborchardt @skjnldsv @nextcloud-bot @RumblyShip