endorse password for share links #1894
Conversation
works like "enforce password protection", but let the user optionally remove the password protection after the password is set. endorseLinkPassword changed to enableLinkPasswordByDefault let the user set an empty password for share link label changed to better match workflow
|
@MorrisJobke, thanks for your PR! By analyzing the history of the files in this pull request, we identified @blizzz, @PVince81 and @LukasReschke to be potential reviewers. |
|
mmmm. Do we really want this? It feels like a very specific option. |
This is up for discussion now. @jancborchardt for simplify the possible settings vs @karlitschek for feature completeness The stage is yours 😉 |
|
Sounds like it can make sense, yes. Only being lax and forced about it is strange, this seems like a needed middle ground to do it properly. |
|
Rather strange UX and I don't really like it. A proper behaviour would be to actually show a confirmation dialogue or something like that which asks "Do you really not want to set any password?" or something like that… Otherwise this just seems like an confusing solution that increases code complexity… 👎 from my side. If we want that we should take care to do it with a better UX than this. Also we should make sure to add this to the API so that clients can behave similar like the web. |
|
It is a very specific usecase but not bad. I think it makes some sense 👍 |
|
👎 until this is fixed on the client side (e.g. desktop client) as well or a big warning is appended that this only works on web. This gives a wrong level of security plus would qualify for a bounty actually in our bounty program… (Client-Side Enforcement of Server-Side Security) (e.g. |
| @@ -47,6 +47,10 @@ | |||
| value="1" <?php if ($_['allowPublicUpload'] == 'yes') print_unescaped('checked="checked"'); ?> /> | |||
| <label for="allowPublicUpload"><?php p($l->t('Allow public uploads'));?></label><br/> | |||
|
|
|||
| <input type="checkbox" name="shareapi_enable_link_password_by_default" id="enableLinkPasswordByDefault" class="checkbox" | |||
| value="1" <?php if ($_['enableLinkPasswordByDefault'] === 'yes') print_unescaped('checked="checked"'); ?> /> | |||
| <label for="enableLinkPasswordByDefault"><?php p($l->t('Always ask for a password'));?></label><br/> | |||
There was a problem hiding this comment.
Needs to be adjusted. Or the clients fixed.
There was a problem hiding this comment.
(once that is fixed I'm "ok" with this change, not happy but "ok".)
|
|
Lets close this for now. We have no real use case for this already and it is only a partial solution that will cause more issues, than it solves. If someone feels the need for this - feel free to reopen this and work again on this. |
works like "enforce password protection", but let the
user optionally remove the password protection after the
password is set.
cc @rullzer @schiessle @nickvergessen
I tested this and it works