-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sharing: password policy breaks using password protection #1269
Comments
There are some further Problems with passwords:
where can I express my appreciation about collective and still show my lack of understanding, how such an feature can go live? |
Thanks @Solar-Simon I will try your workaround but as you told it seems strange something so unreliable went live. |
Interesting, thanks all for your reports. So far I'm unable to reproduce any of the problems you describe, so let's try to get a better understanding:
@estux please open the developer tools of your browser (Ctrl-Shift-I on Firefox/Chrome) and there the "Network" tab. Then create a new share and add a password to it. When clicking on "Update share", you should see a
@Solar-Simon this is intended behaviour. The password is stored in a hashed format on the server. The server doesn't know about the plaintext password, so it's impossible to display it later on. It's the same e.g. for password protected shares of files.
@Solar-Simon I'm unable to reproduce this. Could you please also open the developer tools of your browser (Ctrl-Shift-I on Firefox/Chrome) and see if any errors are logged there? Please also describe in detail what happens if you select "Can edit" on a share without a password being set.
Could you provide a screencast of this? In my tests on different instances this works as expected. Again: any errors logged? Any further details you can share? |
Hello @mejo- just did what you asked and:
Should I share privately all the stack content? Thanks for your reply! |
Ok, so here's the culprit 😉 Can you once again reproduce the issue, have a look into the server side |
When I try to remove password:
|
|
Aha, thanks so much! So you have a password policy in place an the provided password doesn't match this policy. For now, can you try to create/update the share with a password that matches your password policy? |
ya true, but in files if I dont set a password its no problem. files does not enforce a password in general. Only if i set one and it does not meet requirements, there is an error.
Like I alread said with password its possible. |
is this really neccassary? As soon someone has access to this layer, one already has access to remove/change the password or remove the hole link. What is the risk of seeing the password an being able to change it? For me this means, when I create a link and tell the password to person a and person b. Now Person b is losing the password and I also don't write it done somewhere: I have to create a new Passwoerd and also Person a now needs to be contacted again. |
Hello @mejo- this time I did my homework completely and checked everything that is possible to help you.
So, as a user I would expect a prompt remembering me there's a password policy to respect when I enter the password. Thanks for your help and patience! |
Dear @estux, thanks for your thorough testing. I fully agree that the behaviour you experience is a bug. If you set a password, you expect the password protection to be in place unless the app shows a clear error message. I'll look into a fix for this as soon as I find time to do so. |
@mejo- Glad to help when I can :) Thank you so much for considering this and looking into it! |
Describe the bug
I just upgraded Collectives to 2.11 to try the new password protection feature (as it's very useful for me) but when I load the Collective as a visitor (link opened in anonymous browsing mode) the password protection is not enforced. It seems like it doesn't save the password when setted.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
The password should be asked before showing the Collective.
Screenshots
If applicable, add screenshots to help explain your problem.
Server details:
Client details:
Logs
Nextcloud log (data/nextcloud.log)
Browser log
The text was updated successfully, but these errors were encountered: