Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue related to config OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD #6401

Closed
PrajwolAmatya opened this issue May 29, 2023 · 3 comments
Closed

Issue related to config OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD #6401

PrajwolAmatya opened this issue May 29, 2023 · 3 comments
Labels
Type:Bug Type:Discussion

Comments

@PrajwolAmatya
Copy link
Contributor

PrajwolAmatya commented May 29, 2023
edited
Loading

Describe the bug

While running the API test with config OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD to true, and if we do not set password for upload, edit or contribute permissions, the returned response is 200.

It works fine manually.

Steps to reproduce

Steps to reproduce the behavior:

  1. Set the config OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD to true.
  2. Upload a file testfile.txt
  3. Create a public link curl -k -X POST https://localhost:9200/ocs/v1.php/apps/files_sharing/api/v1/shares -d'shareType=3&path=/testfile.txt&permissions=3' -uadmin:admin -v

Actual behavior

The response returns status code 200, and the link is created without password.
Actual Response:

> POST /ocs/v1.php/apps/files_sharing/api/v1/shares HTTP/1.1
> Host: localhost:9200
> Authorization: Basic YWRtaW46YWRtaW4=
> User-Agent: curl/7.81.0
> Accept: */*
> Content-Length: 43
> Content-Type: application/x-www-form-urlencoded
> 
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Content-Length: 1429
< Content-Type: text/xml; charset=utf-8
< Date: Tue, 30 May 2023 06:58:55 GMT
< Ocs-Api-Version: 1
< Vary: Origin
< 
<?xml version="1.0" encoding="UTF-8"?>
<ocs><meta><status>ok</status><statuscode>100</statuscode><message>OK</message></meta><data><id>oaTkAGKolCvrSud</id><share_type>3</share_type><uid_owner>admin</uid_owner><displayname_owner>Admin</displayname_owner><additional_info_owner>admin@example.org</additional_info_owner><permissions>1</permissions><stime>1685429935</stime><parent></parent><expiration></expiration><token>ScIBxsPOPnlySKw</token><uid_file_owner>admin</uid_file_owner><displayname_file_owner>Admin</displayname_file_owner><additional_info_file_owner>admin@example.org</additional_info_file_owner><state>0</state><path>/textfile.txt</path><item_type>file</item_type><mimetype>text/plain</mimetype><storage_id>shared::/textfile.txt</storage_id><storage>0</storage><item_source>e4e96167-5b8d-4c5f-93cd-e55a48f854ef$720baacf-e428-40a1-8df8-90ddf97a8b7f!c9f9bfa4-c22d-42a8-81a1-92c54731c2c2</item_source><file_source>e4e96167-5b8d-4c5f-93cd-e55a48f854ef$720baacf-e428-40a1-8df8-90ddf97a8b7f!c9f9bfa4-c22d-42a8-81a1-92* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Connection #0 to host localhost left intact
c54731c2c2</file_source><file_parent>e4e96167-5b8d-4c5f-93cd-e55a48f854ef$720baacf-e428-40a1-8df8-90ddf97a8b7f!720baacf-e428-40a1-8df8-90ddf97a8b7f</file_parent><file_target>/textfile.txt</file_target><share_with_user_type>0</share_with_user_type><share_with_additional_info></share_with_additional_info><mail_send>0</mail_send><name></name><url>https://localhost:9200/s/ScIBxsPOPnlySKw</url></data></ocs>%

Now, if we update the public link using command:
curl -k -X PUT https://localhost:9200/ocs/v1.php/apps/files_sharing/api/v1/shares/<share_id> -d'permissions=3' -uadmin:admin -v

Then it returns the response:

> PUT /ocs/v1.php/apps/files_sharing/api/v1/shares/oaTkAGKolCvrSud HTTP/1.1
> Host: localhost:9200
> Authorization: Basic YWRtaW46YWRtaW4=
> User-Agent: curl/7.81.0
> Accept: */*
> Content-Length: 12
> Content-Type: application/x-www-form-urlencoded
> 
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Content-Length: 163
< Content-Type: text/xml; charset=utf-8
< Date: Tue, 30 May 2023 07:01:10 GMT
< Ocs-Api-Version: 1
< Vary: Origin
< 
<?xml version="1.0" encoding="UTF-8"?>
* Connection #0 to host localhost left intact
<ocs><meta><status>error</status><statuscode>400</statuscode><message>No updates specified in request</message></meta></ocs>

Is this the actual behavior?
@PrajwolAmatya PrajwolAmatya changed the title Setting enforce passwords on uploader, editor or contributor shares to true not working Issue related to config OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD May 29, 2023
@PrajwolAmatya
Copy link
Contributor Author

It works when we fisrt set the permission to read and then update the link to edit permission, then the enforce-password config works fine. Is it supposed to have that behavior?

@micbar
Copy link
Contributor

micbar commented Jun 2, 2023

It works when we fisrt set the permission to read and then update the link to edit permission, then the enforce-password config works fine. Is it supposed to have that behavior?

This is the User Flow in the WebUI

The api should also enforce passwords when creating a public share. @kobergj

@micbar micbar added the Type:Bug label Jun 2, 2023
@micbar micbar moved this from Qualification to Prio 2 in Infinite Scale Team Board Jun 2, 2023
@micbar micbar moved this from Prio 2 to Prio 3 or less in Infinite Scale Team Board Jun 2, 2023
This was referenced Jun 2, 2023
Merged
Closed
@PrajwolAmatya PrajwolAmatya mentioned this issue Jun 16, 2023
Closed
@dragonchaser dragonchaser self-assigned this Jun 21, 2023
@dragonchaser
Copy link
Contributor

see cs3org/reva#3970

@dragonchaser dragonchaser removed their assignment Jun 21, 2023
@2403905 2403905 mentioned this issue Jun 20, 2023
Merged
@github-project-automation github-project-automation bot moved this from Prio 3 or less to Done in Infinite Scale Team Board Jun 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type:Bug Type:Discussion
Projects
Infinite Scale Team Board
Archived in project
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dragonchaser @micbar @PrajwolAmatya