Built-in share-by-email password protection enforcement not working properly

[kungknut]

Hi!

I'm not really sure whether this issue is supposed to be reported here or somewhere else. If it's not supposed to be reported here, please tell me and I'll move it.

Steps to reproduce

1. Tick the "Enforce password protection" in admin section.
2. Create a file share.
3. Tick and untick the "Hide filelist" for this specific share.
4. Untick "Password protection".

Expected behaviour

I should not be able to untick "Password protection".

Actual behaviour

"Password protection" becomes optional.

Additional

To be clear, this is where the problem is although the picture does not show it. If the page is reloaded after step three above, the problem disappear. If not and the "Password protection" is unticked, the new setting is saved and this share is accessible without entering a password.

General server configuration

Operating system: Linux WEBSRV01 4.9.0-3-amd64 #1 SMP Debian 4.9.30-2+deb9u3 (2017-08-06) x86_64

Web server: Apache (apache2handler)

Database: mysql 10.1.26 (MariaDB)

PHP version: 7.0.19-1

PHP-modules loaded

 - Core
 - date
 - libxml
 - openssl
 - pcre
 - zlib
 - filter
 - hash
 - Reflection
 - SPL
 - session
 - standard
 - apache2handler
 - mysqlnd
 - PDO
 - xml
 - apcu
 - apc
 - bz2
 - calendar
 - ctype
 - curl
 - dom
 - mbstring
 - fileinfo
 - ftp
 - gd
 - gettext
 - iconv
 - json
 - exif
 - mysqli
 - pdo_mysql
 - Phar
 - posix
 - readline
 - shmop
 - SimpleXML
 - sockets
 - sysvmsg
 - sysvsem
 - sysvshm
 - tokenizer
 - wddx
 - xmlreader
 - xmlwriter
 - xsl
 - zip
 - Zend OPcache

Nextcloud configuration

Nextcloud version: 12.0.2 - 12.0.2.0

Updated from an older Nextcloud/ownCloud or fresh install: Fresh install

Where did you install Nextcloud from: Nextcloud.com

Are you using external storage, if yes which one: files_external is disabled

Are you using encryption: No

Are you using an external user-backend, if yes which one: No

Signing status

[]

Enabled apps

 - activity: 2.5.2
 - apporder: 0.4.0
 - bruteforcesettings: 1.0.2
 - comments: 1.2.0
 - dav: 1.3.0
 - federatedfilesharing: 1.2.0
 - federation: 1.2.0
 - files: 1.7.2
 - files_clipboard: 0.6.4
 - files_pdfviewer: 1.1.1
 - files_sharing: 1.4.0
 - files_texteditor: 2.4.1
 - files_trashbin: 1.2.0
 - files_versions: 1.5.0
 - files_videoplayer: 1.1.0
 - firstrunwizard: 2.1
 - gallery: 17.0.0
 - issuetemplate: 0.2.2
 - logreader: 2.0.0
 - lookup_server_connector: 1.0.0
 - nextcloud_announcements: 1.1
 - notifications: 2.0.0
 - oauth2: 1.0.5
 - password_policy: 1.2.2
 - provisioning_api: 1.2.0
 - serverinfo: 1.2.0
 - sharebymail: 1.2.0
 - survey_client: 1.0.0
 - systemtags: 1.2.0
 - theming: 1.3.0
 - twofactor_backupcodes: 1.1.1
 - twofactor_totp: 1.3.1
 - updatenotification: 1.2.0
 - workflowengine: 1.2.0

Disabled apps

 - admin_audit
 - encryption
 - files_external
 - files_retention
 - socialsharing_email
 - user_external
 - user_ldap

Content of config/config.php

{
    "instanceid": "***REMOVED SENSITIVE VALUE***",
    "passwordsalt": "***REMOVED SENSITIVE VALUE***",
    "secret": "***REMOVED SENSITIVE VALUE***",
    "trusted_domains": [
        "***REMOVED SENSITIVE VALUE***"
    ],
    "datadirectory": "\/nextcloud\/***REMOVED SENSITIVE VALUE***",
    "overwrite.cli.url": "https:\/\/***REMOVED SENSITIVE VALUE***",
    "dbtype": "mysql",
    "version": "12.0.2.0",
    "dbname": "c0_nextcloud",
    "dbhost": "localhost",
    "dbport": "",
    "dbtableprefix": "oc_",
    "dbuser": "***REMOVED SENSITIVE VALUE***",
    "dbpassword": "***REMOVED SENSITIVE VALUE***",
    "installed": true,
    "mail_smtpmode": "smtp",
    "mail_smtpauthtype": "LOGIN",
    "mail_smtpsecure": "ssl",
    "mail_from_address": "noreply",
    "mail_domain": "***REMOVED SENSITIVE VALUE***",
    "mail_smtpauth": 1,
    "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
    "mail_smtpport": "465",
    "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
    "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
    "memcache.local": "\\OC\\Memcache\\APCu"
}

Client configuration

Browser: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36

Operating system: Windows 7

Logs

Web server error log

No entries related to this error

Nextcloud log (data/nextcloud.log)

No entries related to this error

[kungknut]

Update: Upgraded to Nextcloud 12.0.3 by fresh install and the problem is still there.

[blizzz]

@nextcloud/sharing

[rullzer]

@schiessle you played with those settings some time ago if I remember correctly

[hottwister]

Hello, found same issue in NC 15.0.4
Steps to reproduce:

1. Ensure that Enforce password protect' checkbox is set in Setting
2. Share a folder by mail
3. Ensure password protection is can't be unset
4. Add Change permissinos
5. See that Paswsord protection checkbox is now active and u cat unset it

[29bde]

Hi,

I can confirm this is still an issue under NC 16.0.0 stable

[skjnldsv]

Fixed in 18