From 31b47dc973ddf48bb9d5a9fd7ff30db89e33c164 Mon Sep 17 00:00:00 2001
From: Ilja Neumann <ineumann@owncloud.com>
Date: Tue, 5 Mar 2019 20:04:03 +0100
Subject: [PATCH] Dont't expose hashed password in ocs api

---
 apps/files_sharing/lib/API/Share20OCS.php       | 4 ++--
 apps/files_sharing/tests/API/Share20OCSTest.php | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/apps/files_sharing/lib/API/Share20OCS.php b/apps/files_sharing/lib/API/Share20OCS.php
index 2b86d56fd041..fc14d2b24930 100644
--- a/apps/files_sharing/lib/API/Share20OCS.php
+++ b/apps/files_sharing/lib/API/Share20OCS.php
@@ -214,8 +214,8 @@ protected function formatShare(\OCP\Share\IShare $share, $received = false) {
 			$result['share_with'] = $share->getSharedWith();
 			$result['share_with_displayname'] = $group !== null ? $group->getDisplayName() : $share->getSharedWith();
 		} elseif ($share->getShareType() === \OCP\Share::SHARE_TYPE_LINK) {
-			$result['share_with'] = $share->getPassword();
-			$result['share_with_displayname'] = $share->getPassword();
+			$result['share_with'] = '***redacted***';
+			$result['share_with_displayname'] = '***redacted***';
 			$result['name'] = $share->getName();
 
 			$result['token'] = $share->getToken();
diff --git a/apps/files_sharing/tests/API/Share20OCSTest.php b/apps/files_sharing/tests/API/Share20OCSTest.php
index 7d0b04804b24..dcdd0b149fed 100644
--- a/apps/files_sharing/tests/API/Share20OCSTest.php
+++ b/apps/files_sharing/tests/API/Share20OCSTest.php
@@ -437,8 +437,8 @@ public function dataGetShare() {
 		$expected = [
 			'id' => 101,
 			'share_type' => Share::SHARE_TYPE_LINK,
-			'share_with' => 'password',
-			'share_with_displayname' => 'password',
+			'share_with' => '***redacted***',
+			'share_with_displayname' => '***redacted***',
 			'uid_owner' => 'initiatorId',
 			'displayname_owner' => 'initiatorDisplay',
 			'item_type' => 'folder',
@@ -2647,8 +2647,8 @@ public function dataFormatShare() {
 				'file_source' => 3,
 				'file_parent' => 1,
 				'file_target' => 'myTarget',
-				'share_with' => 'mypassword',
-				'share_with_displayname' => 'mypassword',
+				'share_with' => '***redacted***',
+				'share_with_displayname' => '***redacted***',
 				'mail_send' => 0,
 				'url' => 'myLink',
 				'mimetype' => 'myMimeType',