[Bug]: share by mail: password not automatically set although passwords enforced

LM-vb commented 9 months ago

⚠️ This issue respects the following points: ⚠️

[X] This is a bug, not a question or a configuration/webserver/proxy issue.
[X] This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
[X] Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
[X] I agree to follow Nextcloud's Code of Conduct.

Bug description

If creating a share by mail and the usage of a password is enforced (Administration settings -> Sharing -> Allow users to share via link an emails -> Enforce password protection), the password field is not prefilled (as it was until NC 28.0.2). A click on "Save share" leads to an error message and the share is not being created.

Steps to reproduce

Pick a file/folder to share by mail
Type in email
Click "Save share"

Expected behavior

A password should be automatically created and inserted/suggested in the password field.

Installation method

Community Manual installation with Archive

Nextcloud Server version

28

Operating system

Other

PHP engine version

PHP 8.3

Web server

Apache (supported)

Database engine version

PostgreSQL

Is this bug present after an update or on a fresh install?

Updated from a MINOR version (ex. 22.1 to 22.2)

Are you using the Nextcloud Server Encryption module?

Encryption is Disabled

What user-backends are you using?

[X] Default user-backend (database)
[ ] LDAP/ Active Directory
[ ] SSO - SAML
[ ] Other

Configuration report

{
    "system": {
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "***REMOVED SENSITIVE VALUE***"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "pgsql",
        "default_phone_region": "DE",
        "version": "28.0.3.2",
        "overwrite.cli.url": "***REMOVED SENSITIVE VALUE***",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "skeletondirectory": "",
        "memcache.local": "\\OC\\Memcache\\Redis",
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "filelocking.enabled": true,
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": 0,
            "dbindex": 0,
            "timeout": 0
        },
        "session_lifetime": 3600,
        "session_keepalive": false,
        "tempdirectory": "***REMOVED SENSITIVE VALUE***",
        "remember_login_cookie_lifetime": 0,
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpmode": "smtp",
        "mail_sendmailmode": "smtp",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "25",
        "maintenance": false,
        "theme": "",
        "loglevel": 2,
        "log.condition": {
            "apps": [
                "admin_audit"
            ]
        },
        "default_language": "en",
        "default_locale": "en_GB",
        "knowledgebaseenabled": false,
        "simpleSignUpLink.shown": false,
        "auth.webauthn.enabled": false,
        "updater.release.channel": "stable",
        "trashbin_retention_obligation": "auto, 30",
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "maintenance_window_start": 2,
        "updater.secret": "***REMOVED SENSITIVE VALUE***"
    }
}

List of activated Apps

Enabled:
  - activity: 2.20.0
  - admin_audit: 1.18.0
  - announcementcenter: 6.7.0
  - bruteforcesettings: 2.8.0
  - checksum: 1.2.3
  - cloud_federation_api: 1.11.0
  - comments: 1.18.0
  - contactsinteraction: 1.9.0
  - dav: 1.29.1
  - federatedfilesharing: 1.18.0
  - files: 2.0.0
  - files_automatedtagging: 1.18.0
  - files_pdfviewer: 2.9.0
  - files_reminders: 1.1.0
  - files_sharing: 1.20.0
  - files_trashbin: 1.18.0
  - files_versions: 1.21.0
  - files_zip: 1.5.0
  - impersonate: 1.15.0
  - logreader: 2.13.0
  - lookup_server_connector: 1.16.0
  - nextcloud_announcements: 1.17.0
  - notifications: 2.16.0
  - oauth2: 1.16.3
  - password_policy: 1.18.0
  - photos: 2.4.0
  - privacy: 1.12.0
  - provisioning_api: 1.18.0
  - quota_warning: 1.18.0
  - related_resources: 1.3.0
  - serverinfo: 1.18.0
  - settings: 1.10.1
  - sharebymail: 1.18.0
  - support: 1.11.0
  - survey_client: 1.16.0
  - systemtags: 1.18.0
  - theming: 2.3.0
  - twofactor_backupcodes: 1.17.0
  - updatenotification: 1.18.0
  - viewer: 2.2.0
  - workflowengine: 2.10.0
Disabled:
  - circles: 28.0.0-dev (installed 22.1.1)
  - contacts: 5.5.2 (installed 5.5.2)
  - dashboard: 7.8.0 (installed 7.0.0)
  - encryption: 2.16.0
  - extract: 1.3.6 (installed 1.3.6)
  - federation: 1.18.0 (installed 1.10.1)
  - files_downloadactivity: 1.16.0 (installed 1.16.0)
  - files_external: 1.20.0
  - files_retention: 1.17.0 (installed 1.17.0)
  - files_rightclick: 0.15.1 (installed 1.6.0)
  - firstrunwizard: 2.17.0 (installed 2.9.0)
  - flow_notifications: 1.8.0 (installed 1.8.0)
  - mediadc: 0.3.8 (installed 0.3.8)
  - previewgenerator: 5.4.0 (installed 5.4.0)
  - quicknotes: 0.8.22 (installed 0.8.22)
  - recommendations: 2.0.0 (installed 0.8.0)
  - suspicious_login: 6.0.0
  - text: 3.9.1 (installed 3.1.0)
  - theming_customcss: 1.15.0 (installed 1.15.0)
  - twofactor_totp: 10.0.0-beta.2
  - user_ldap: 1.19.0
  - user_status: 1.8.1 (installed 1.0.1)
  - weather_status: 1.8.0 (installed 1.0.0)

Nextcloud Signing status

No errors have been found.

Nextcloud Logs

No response

Additional info

Bug found in NC 28.0.3

sorbaugh commented 9 months ago

@Fenn-CS do you think this is a frontend issue only? can you provide a quick check 🙏

nfebe commented 9 months ago

@sorbaugh It appears to be at the frontend level

daveatpinellas commented 9 months ago

This bug seems to have been a backport into version 27 and now 27 is affected. I tried to apply 27.1.7 this morning and my post upgrade quality testing had this same issue. In version 27.1.7, the UI for automated password appears to be filled as expected. However when you attempt to save the link it fails and displays "Error creating the share: Passwords are enforced for link and mail shares". If you manually type in a password into the password field it works and the share is saved with success. I rolled back to my 27.1.6 snapshot and it immediately worked again as expected. So in some way, the automated password is being put into the UI but the variable is not being loaded correctly until a manual password is entered.

I have another test instance with 27.1.7 and can easily replicate. Happy to test patches.

screenshot

MalteP commented 8 months ago

When "Always ask for password" is enabled, but passwort not enforced, share links are created with a password while share by mail does not set a password.

Also share by mail seems to ignore the default link expiration date!

Tested on NC 28.0.3.

Settings: share_mail_settings

Share by mail - no password, no expiration date: share_mail

Share by link - working as expected: share_link

ElSi-DVT commented 8 months ago

Same problem here. (NC 27.1.7)

sanidzinic commented 8 months ago

Same Problem here, (NC 27.1.7)

dea-75 commented 8 months ago

On 28.0.4 (final) the problem persist :(

spideynn commented 8 months ago

Just upgraded to 28.0.4. It works if the default share permissions under Admin -> Sharing have some permissions enabled, but if the permissions are set to either all enabled or all disabled (view only) it breaks and the password doesn't generate.

LM-vb commented 8 months ago

I can confirm. This bug still exists in 28.0.4. Steps to reproduce are identical to the initial bug report.

daveatpinellas commented 8 months ago

Confirmed, still broken in 28.0.4 and 27.1.8.
27.1.8, the auto generated password is sitting in the UI but it seems not to 'see' it. The only work around is to hand type in your own password.

susnux commented 8 months ago

Fix in https://github.com/nextcloud/server/pull/44571

MalteP commented 7 months ago

When "Always ask for password" is enabled, but passwort not enforced, share links are created with a password while share by mail does not set a password.

Problem still persists on NC 28.0.5 and 29.0.0.

susnux commented 7 months ago

When "Always ask for password" is enabled, but passwort not enforced, share links are created with a password while share by mail does not set a password.

Problem still persists on NC 28.0.5 and 29.0.0.

@MalteP please open a new issue, this is unrelated to this one. This one was about enforced passwords, which is fixed now.

nextcloud / server