Password policy not respected for recommended passwords on link shares

syntron commented 2 years ago

How to use GitHub

Please use the 👍 reaction to show that you are affected by the same issue.
Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
Subscribe to receive notifications on status change and new comments.

Steps to reproduce

Active all checkboxes in admin settings for Security => Password policy (Forbid common passwords, Enforce upper and lower case characters, enforce numeric characters, enforce special characters)
Create a link share for a file or directory
Use the proposed password

Expected behaviour

The password aligns to the rules defined in the settings; thus the workflow can be finished (create share => get link => share it)

Actual behaviour

The password policy is not considered for the proposed password. Thus, I get an error message that there is no number, no special character, ... After that, I can not restart the process as the first one is not finished. My current solution is to rename the file, start the process again and modify the proposed password such that it matches the rules.

Server configuration

Operating system: Opensuse leap 15.3

Web server: Apache2 - 2.4.43

Database: mariadb - 10.5.12

PHP version: php7 - 7.4.6

Nextcloud version: (see Nextcloud admin page) 22.2.2

Updated from an older Nextcloud/ownCloud or fresh install: update from owncloud

Where did you install Nextcloud from: original owncloud zip file / regular updates since then (stable branch)

Signing status:

Signing status

No errors have been found.

List of activated apps:

App list

Enabled: - accessibility: 1.8.0 - activity: 2.15.0 - analytics: 4.0.0 - announcementcenter: 6.1.1 - apporder: 0.13.0 - audioplayer: 3.2.2 - bookmarks: 10.0.2 - breezedark: 22.1.0 - bruteforcesettings: 2.2.0 - calendar: 2.3.4 - checksum: 1.1.2 - circles: 22.1.1 - cloud_federation_api: 1.5.0 - comments: 1.12.0 - contacts: 4.0.6 - contactsinteraction: 1.3.0 - dashboard: 7.2.0 - dav: 1.19.0 - deck: 1.5.5 - event_update_notification: 1.3.0 - extract: 1.3.2 - federatedfilesharing: 1.12.0 - federation: 1.12.0 - files: 1.17.0 - files_accesscontrol: 1.12.1 - files_automatedtagging: 1.12.0 - files_downloadactivity: 1.11.1 - files_external: 1.13.0 - files_fulltextsearch: 22.0.1 - files_markdown: 2.3.4 - files_mindmap: 0.0.25 - files_pdfviewer: 2.3.1 - files_retention: 1.11.1 - files_rightclick: 1.1.0 - files_sharing: 1.14.0 - files_trackdownloads: 1.11.0 - files_trashbin: 1.12.0 - files_versions: 1.15.0 - files_videoplayer: 1.11.0 - firstrunwizard: 2.11.0 - forms: 2.4.0 - fulltextsearch: 22.0.1 - fulltextsearch_elasticsearch: 22.0.1 - group_everyone: 0.1.8 - groupfolders: 10.0.0 - groupquota: 0.1.6 - guests: 2.1.0 - impersonate: 1.9.0 - logreader: 2.7.0 - lookup_server_connector: 1.10.0 - mail: 1.10.5 - maps: 0.1.9 - metadata: 0.14.0 - news: 16.2.1 - nextcloud_announcements: 1.11.0 - notes: 4.2.0 - notifications: 2.10.1 - oauth2: 1.10.0 - password_policy: 1.12.0 - passwords: 2021.11.20 - phonetrack: 0.6.9 - photos: 1.4.0 - polls: 3.3.0 - privacy: 1.6.0 - provisioning_api: 1.12.0 - quicknotes: 0.7.2 - quota_warning: 1.11.0 - ransomware_protection: 1.11.0 - recommendations: 1.1.0 - richdocuments: 4.2.3 - richdocumentscode: 6.4.1303 - serverinfo: 1.12.0 - settings: 1.4.0 - sharebymail: 1.12.0 - spreed: 12.1.2 - support: 1.5.0 - survey_client: 1.10.0 - suspicious_login: 4.0.0 - systemtags: 1.12.0 - tasks: 0.14.2 - text: 3.3.0 - theming: 1.13.0 - twofactor_admin: 3.1.0 - twofactor_backupcodes: 1.11.0 - twofactor_gateway: 0.19.0 - twofactor_nextcloud_notification: 3.3.1 - twofactor_totp: 6.1.0 - updatenotification: 1.12.0 - user_status: 1.2.0 - user_usage_report: 1.6.0 - viewer: 1.6.0 - weather_status: 1.2.0 - workflowengine: 2.4.0 Disabled: - admin_audit - browser_warning - dropit - encryption - files_fulltextsearch_tesseract - flowupload - issuetemplate - occweb - previewgenerator - user_ldap - whiteboard

Are you using external storage, if yes which one: local(via NIS/NFS)

Are you using encryption: no

Are you using an external user-backend, if yes which one: no

Client configuration

Browser: falkon 3.1.0

Operating system: opensuse leap 15.3

syntron commented 2 years ago

Some update here - it still fails! I nailed it down to the setting 'Enforce special characters' - deactivated the autogenerated passwort is OK; if active, sharing something fails with an 'invalid password' error ... (Nextcloud 24.0.2)

szaimen commented 1 year ago

Hi, please update to 24.0.9 or better 25.0.3 and report back if it fixes the issue. Thank you!

My goal is to add a label like e.g. 25-feedback to this ticket of an up-to-date major Nextcloud version where the bug could be reproduced. However this is not going to work without your help. So thanks for all your effort!

If you don't manage to reproduce the issue in time and the issue gets closed but you can reproduce the issue afterwards, feel free to create a new bug report with up-to-date information by following this link: https://github.com/nextcloud/server/issues/new?assignees=&labels=bug%2C0.+Needs+triage&template=BUG_REPORT.yml&title=%5BBug%5D%3A+

nextcloud / server