Ensure the password is only hashed in case it's changed on the client - fixes #19950
This commit is contained in:
Thomas Müller
parent
dc32bf4594
commit
4f5ff9c105
|
|
@ -116,7 +116,8 @@
|
|||
|
||||
// TODO: use backbone's default value mechanism once this is a separate model
|
||||
var requiredAttributes = [
|
||||
{ name: 'password', defaultValue: '' },
|
||||
{ name: 'password', defaultValue: '' },
|
||||
{ name: 'passwordChanged', defaultValue: false },
|
||||
{ name: 'permissions', defaultValue: OC.PERMISSION_READ },
|
||||
{ name: 'expiration', defaultValue: this.configModel.getDefaultExpirationDateString() }
|
||||
];
|
||||
|
|
@ -136,11 +137,16 @@
|
|||
}
|
||||
});
|
||||
|
||||
var password = {
|
||||
password: attributes.password,
|
||||
passwordChanged: attributes.passwordChanged
|
||||
};
|
||||
|
||||
OC.Share.share(
|
||||
itemType,
|
||||
itemSource,
|
||||
OC.Share.SHARE_TYPE_LINK,
|
||||
attributes.password,
|
||||
password,
|
||||
attributes.permissions,
|
||||
this.fileInfoModel.get('name'),
|
||||
attributes.expiration,
|
||||
|
|
@ -208,6 +214,7 @@
|
|||
*/
|
||||
setPassword: function(password) {
|
||||
this.get('linkShare').password = password;
|
||||
this.get('linkShare').passwordChanged = true;
|
||||
},
|
||||
|
||||
addShare: function(attributes, options) {
|
||||
|
|
|
|||
|
|
@ -775,15 +775,19 @@ class Share extends Constants {
|
|||
$updateExistingShare = true;
|
||||
}
|
||||
|
||||
// Generate hash of password - same method as user passwords
|
||||
if (is_string($shareWith) && $shareWith !== '') {
|
||||
self::verifyPassword($shareWith);
|
||||
$shareWith = \OC::$server->getHasher()->hash($shareWith);
|
||||
// Generate hash of password if the password was changed on the client
|
||||
if (isset($shareWith['passwordChanged']) && $shareWith['passwordChanged'] === 'true') {
|
||||
$shareWith = $shareWith['password'];
|
||||
if (is_string($shareWith) && $shareWith !== '') {
|
||||
self::verifyPassword($shareWith);
|
||||
$shareWith = \OC::$server->getHasher()->hash($shareWith);
|
||||
}
|
||||
} else {
|
||||
// reuse the already set password, but only if we change permissions
|
||||
// otherwise the user disabled the password protection
|
||||
if ($checkExists && (int)$permissions !== (int)$oldPermissions) {
|
||||
// reuse the existing password if it was not updated from the client
|
||||
if ($updateExistingShare) {
|
||||
$shareWith = $checkExists['share_with'];
|
||||
} else {
|
||||
$shareWith = '';
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue