Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion apps/dav/lib/Connector/LegacyPublicAuth.php
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ protected function validateUserPass($username, $password) {
\OC_User::setIncognitoMode(true);

// check if the share is password protected
if ($share->getPassword() !== null) {
if ($share->isPasswordProtected()) {
if ($share->getShareType() === IShare::TYPE_LINK
|| $share->getShareType() === IShare::TYPE_EMAIL
|| $share->getShareType() === IShare::TYPE_CIRCLE) {
Expand Down
6 changes: 3 additions & 3 deletions apps/dav/lib/Connector/Sabre/PublicAuth.php
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ public function check(RequestInterface $request, ResponseInterface $response): a
try {
$this->throttler->sleepDelayOrThrowOnMax($this->request->getRemoteAddress(), self::BRUTEFORCE_ACTION);

if (count($_COOKIE) > 0 && !$this->request->passesStrictCookieCheck() && $this->getShare()->getPassword() !== null) {
if (count($_COOKIE) > 0 && !$this->request->passesStrictCookieCheck() && $this->getShare()->isPasswordProtected()) {
throw new PreconditionFailed('Strict cookie check failed');
}

Expand Down Expand Up @@ -142,7 +142,7 @@ private function checkToken(): array {
}

// If the share is protected but user is not authenticated
if ($share->getPassword() !== null) {
if ($share->isPasswordProtected()) {
$this->throttler->registerAttempt(self::BRUTEFORCE_ACTION, $this->request->getRemoteAddress());
throw new NotAuthenticated();
}
Expand Down Expand Up @@ -176,7 +176,7 @@ protected function validateUserPass($username, $password) {
\OC_User::setIncognitoMode(true);

// check if the share is password protected
if ($share->getPassword() !== null) {
if ($share->isPasswordProtected()) {
if ($share->getShareType() === IShare::TYPE_LINK
|| $share->getShareType() === IShare::TYPE_EMAIL
|| $share->getShareType() === IShare::TYPE_CIRCLE) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -98,8 +98,7 @@ public function createFederatedShare($shareWith, $token, $password = '') {
$authenticated = in_array($share->getId(), $allowedShareIds)
|| $this->shareManager->checkPassword($share, $password);

$storedPassword = $share->getPassword();
if (!empty($storedPassword) && !$authenticated) {
if ($share->isPasswordProtected() && !$authenticated) {
$response = new JSONResponse(
['message' => 'No permission to access the share'],
Http::STATUS_BAD_REQUEST
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
<?php

/**
* SPDX-FileCopyrightText: 2016 Nextcloud GmbH and Nextcloud contributors
* SPDX-FileCopyrightText: 2016-2026 Nextcloud GmbH and Nextcloud contributors
* SPDX-License-Identifier: AGPL-3.0-or-later
*/

Expand Down Expand Up @@ -60,7 +60,7 @@ public function isValidToken(): bool {

#[\Override]
protected function isPasswordProtected(): bool {
return $this->share->getPassword() !== null;
return $this->share->isPasswordProtected();
}

/**
Expand Down Expand Up @@ -181,7 +181,7 @@ public function directLink(string $token) {
}

// Password protected shares have no direct link!
if ($share->getPassword() !== null) {
if ($share->isPasswordProtected()) {
return new DataResponse([], Http::STATUS_FORBIDDEN);
}

Expand Down
4 changes: 2 additions & 2 deletions apps/files_sharing/lib/Controller/ShareController.php
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
<?php

/**
* SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
* SPDX-FileCopyrightText: 2016-2026 Nextcloud GmbH and Nextcloud contributors
* SPDX-FileCopyrightText: 2016 ownCloud, Inc.
* SPDX-License-Identifier: AGPL-3.0-only
*/
Expand Down Expand Up @@ -176,7 +176,7 @@ public function isValidToken(): bool {

#[\Override]
protected function isPasswordProtected(): bool {
return $this->share->getPassword() !== null;
return $this->share->isPasswordProtected();
}

#[\Override]
Expand Down
4 changes: 2 additions & 2 deletions apps/files_sharing/lib/Controller/ShareInfoController.php
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
<?php

/**
* SPDX-FileCopyrightText: 2016 Nextcloud GmbH and Nextcloud contributors
* SPDX-FileCopyrightText: 2016-2026 Nextcloud GmbH and Nextcloud contributors
* SPDX-License-Identifier: AGPL-3.0-or-later
*/

Expand Down Expand Up @@ -70,7 +70,7 @@ public function info(string $t, ?string $password = null, ?string $dir = null, i
return $response;
}

if ($share->getPassword() && !$this->shareManager->checkPassword($share, $password)) {
if ($share->isPasswordProtected() && !$this->shareManager->checkPassword($share, $password)) {
$response = new JSONResponse([], Http::STATUS_FORBIDDEN);
$response->throttle(['token' => $t]);
return $response;
Expand Down
6 changes: 3 additions & 3 deletions lib/private/Share20/Manager.php
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
<?php

/**
* SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
* SPDX-FileCopyrightText: 2016-2026 Nextcloud GmbH and Nextcloud contributors
* SPDX-FileCopyrightText: 2016 ownCloud, Inc.
* SPDX-License-Identifier: AGPL-3.0-only
*/
Expand Down Expand Up @@ -1427,8 +1427,8 @@ private function checkShare(IShare $share, int &$added = 1): void {
#[Override]
public function checkPassword(IShare $share, ?string $password): bool {

// if there is no password on the share object / passsword is null, there is nothing to check
if ($password === null || $share->getPassword() === null) {
// if the share is not password protected, there is nothing to check
if (!$share->isPasswordProtected()) {
return false;
}

Expand Down
10 changes: 9 additions & 1 deletion lib/private/Share20/Share.php
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
<?php

/**
* SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
* SPDX-FileCopyrightText: 2016-2026 Nextcloud GmbH and Nextcloud contributors
* SPDX-FileCopyrightText: 2016 ownCloud, Inc.
* SPDX-License-Identifier: AGPL-3.0-only
*/
Expand Down Expand Up @@ -507,6 +507,14 @@ public function getPassword() {
return $this->password;
}

/**
* @inheritdoc
*/
#[\Override]
public function isPasswordProtected(): bool {
return $this->password !== '' && $this->password !== null;
}

/**
* @inheritdoc
*/
Expand Down
9 changes: 8 additions & 1 deletion lib/public/Share/IShare.php
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
<?php

/**
* SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
* SPDX-FileCopyrightText: 2016-2026 Nextcloud GmbH and Nextcloud contributors
* SPDX-FileCopyrightText: 2016 ownCloud, Inc.
* SPDX-License-Identifier: AGPL-3.0-only
*/
Expand Down Expand Up @@ -468,6 +468,13 @@ public function setPassword($password);
*/
public function getPassword();

/**
* Returns whether the share is password protected by any means (e.g. password or OTP)
* @return bool
* @since 35.0.0
*/
public function isPasswordProtected(): bool;

/**
* Set the password's expiration time of this share.
*
Expand Down
1 change: 1 addition & 0 deletions tests/lib/Share20/ManagerTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -4143,6 +4143,7 @@ public function testCheckPasswordValidPassword(): void {
$share = $this->createMock(IShare::class);
$share->method('getShareType')->willReturn(IShare::TYPE_LINK);
$share->method('getPassword')->willReturn('passwordHash');
$share->method('isPasswordProtected')->willReturn(true);

$this->hasher->method('verify')->with('password', 'passwordHash', '')->willReturn(true);

Expand Down