diff --git a/apps/files_external/js/settings.js b/apps/files_external/js/settings.js index f94d443419ec2..74dfb9300a047 100644 --- a/apps/files_external/js/settings.js +++ b/apps/files_external/js/settings.js @@ -271,7 +271,6 @@ StorageConfig.prototype = { * @param {Function} [options.error] error callback */ save: function(options) { - var self = this; var url = OC.generateUrl(this._url); var method = 'POST'; if (_.isNumber(this.id)) { @@ -279,6 +278,18 @@ StorageConfig.prototype = { url = OC.generateUrl(this._url + '/{id}', {id: this.id}); } + window.OC.PasswordConfirmation.requirePasswordConfirmation(() => this._save(method, url, options), options.error); + }, + + /** + * Private implementation of the save function (called after potential password confirmation) + * @param {string} method + * @param {string} url + * @param {{success: Function, error: Function}} options + */ + _save: function(method, url, options) { + self = this; + $.ajax({ type: method, url: url, @@ -352,6 +363,15 @@ StorageConfig.prototype = { } return; } + + window.OC.PasswordConfirmation.requirePasswordConfirmation(() => this._destroy(options), options.error) + }, + + /** + * Private implementation of the DELETE method called after password confirmation + * @param {{ success: Function, error: Function }} options + */ + _destroy: function(options) { $.ajax({ type: 'DELETE', url: OC.generateUrl(this._url + '/{id}', {id: this.id}), diff --git a/apps/files_external/lib/Controller/UserStoragesController.php b/apps/files_external/lib/Controller/UserStoragesController.php index c0a460fd8e316..c0f9f9ca0372c 100644 --- a/apps/files_external/lib/Controller/UserStoragesController.php +++ b/apps/files_external/lib/Controller/UserStoragesController.php @@ -34,6 +34,8 @@ use OCA\Files_External\NotFoundException; use OCA\Files_External\Service\UserStoragesService; use OCP\AppFramework\Http; +use OCP\AppFramework\Http\Attribute\NoAdminRequired; +use OCP\AppFramework\Http\Attribute\PasswordConfirmationRequired; use OCP\AppFramework\Http\DataResponse; use OCP\IConfig; use OCP\IGroupManager; @@ -120,9 +122,9 @@ public function show($id, $testOnly = true) { * @param array $mountOptions backend-specific mount options * * @return DataResponse - * - * @NoAdminRequired */ + #[NoAdminRequired] + #[PasswordConfirmationRequired] public function create( $mountPoint, $backend, @@ -176,9 +178,9 @@ public function create( * @param bool $testOnly whether to storage should only test the connection or do more things * * @return DataResponse - * - * @NoAdminRequired */ + #[NoAdminRequired] + #[PasswordConfirmationRequired] public function update( $id, $mountPoint, @@ -226,11 +228,10 @@ public function update( /** * Delete storage - * - * @NoAdminRequired - * * {@inheritdoc} */ + #[NoAdminRequired] + #[PasswordConfirmationRequired] public function destroy($id) { return parent::destroy($id); } diff --git a/apps/files_external/tests/js/settingsSpec.js b/apps/files_external/tests/js/settingsSpec.js index 4032f6f6a37d4..354bf7c6b51e4 100644 --- a/apps/files_external/tests/js/settingsSpec.js +++ b/apps/files_external/tests/js/settingsSpec.js @@ -32,9 +32,16 @@ describe('OCA.Files_External.Settings tests', function() { var clock; var select2Stub; var select2ApplicableUsers; + var passwordConfirmationStub; - beforeEach(function() { + beforeAll(() => { clock = sinon.useFakeTimers(); + passwordConfirmationStub = sinon.stub(window.OC.PasswordConfirmation, 'requirePasswordConfirmation'); + passwordConfirmationStub.callsArg(0); + }) + + beforeEach(function() { + passwordConfirmationStub.resetHistory() select2ApplicableUsers = []; select2Stub = sinon.stub($.fn, 'select2').callsFake(function(args) { if (args === 'val') { @@ -236,6 +243,8 @@ describe('OCA.Files_External.Settings tests', function() { var $saveButton = $tr.find('td.save .icon-checkmark'); $saveButton.click(); + sinon.assert.calledOnce(passwordConfirmationStub); + expect(fakeServer.requests.length).toEqual(1); var request = fakeServer.requests[0]; expect(request.url).toEqual(OC.getRootPath() + '/index.php/apps/files_external/globalstorages'); @@ -270,6 +279,8 @@ describe('OCA.Files_External.Settings tests', function() { var $saveButton = $tr.find('td.save .icon-checkmark'); $saveButton.click(); + sinon.assert.calledOnce(passwordConfirmationStub); + expect(fakeServer.requests.length).toEqual(1); var request = fakeServer.requests[0]; expect(request.url).toEqual(OC.getRootPath() + '/index.php/apps/files_external/globalstorages');