Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Talk non protected filesharing atleast with guests #3458

Open
thechonta opened this issue May 5, 2020 · 1 comment
Open

Talk non protected filesharing atleast with guests #3458

thechonta opened this issue May 5, 2020 · 1 comment
Labels
1. to develop enhancement feature: upload & shares & voice 📤🎙️ Sharing files into a chat and audio recordings
Milestone
💔 Backlog

Comments

@thechonta
Copy link

Steps to reproduce

Create a Chat
Allow Guest with Password
Share File in Chat (tested only with txt file)
Guest user klick on shared file, it will open in Browswer
Copy the Link
Open Link in another Browser
Access to the file without authentication

Expected behaviour

I would expect, that the link needs the same password as the Chatroom would have.

Actual behaviour

The File can be viewed and downloaded.
I don't use txt Files with onlyoffce maybe that's why onlyoffce can not open it.

Server configuration detail

Operating system: Linux 5.0.0-1031-azure nextcloud/server#33-Ubuntu SMP Thu Feb 6 22:26:13 UTC 2020 x86_64

Webserver: Apache/2.4.29 (Ubuntu) (fpm-fcgi)

Database: pgsql PostgreSQL 10.12 (Ubuntu 10.12-0ubuntu0.18.04.1) on x86_64-pc-linux-gnu, compiled by gcc (Ubuntu 7.4.0-1ubuntu1~18.04.1) 7.4.0, 64-bit

PHP version:

7.2.24-0ubuntu0.18.04.3
Modules loaded: Core, date, libxml, openssl, pcre, zlib, filter, hash, Reflection, SPL, sodium, session, standard, cgi-fcgi, mysqlnd, PDO, xml, calendar, ctype, curl, dom, mbstring, fileinfo, ftp, gd, gettext, iconv, igbinary, imagick, intl, json, ldap, exif, mysqli, pdo_mysql, pdo_pgsql, pgsql, Phar, posix, readline, redis, shmop, SimpleXML, smbclient, sockets, sysvmsg, sysvsem, sysvshm, tokenizer, wddx, xmlreader, xmlwriter, xsl, zip, libsmbclient, Zend OPcache

Nextcloud version: 18.0.4 - 18.0.4.2

Updated from an older Nextcloud/ownCloud or fresh install:

Where did you install Nextcloud from: unknown

Signing status

Array
(
)

List of activated apps 
Enabled:
 - accessibility: 1.4.0
 - activity: 2.11.0
 - announcementcenter: 3.7.0
 - apporder: 0.9.0
 - calendar: 2.0.3
 - cloud_federation_api: 1.1.0
 - comments: 1.8.0
 - contacts: 3.3.0
 - dav: 1.14.0
 - deck: 0.8.2
 - documentserver_community: 0.1.5
 - event_update_notification: 1.0.1
 - extract: 1.2.4
 - federatedfilesharing: 1.8.0
 - federation: 1.8.0
 - files: 1.13.1
 - files_downloadactivity: 1.7.0
 - files_external: 1.9.0
 - files_fulltextsearch: 1.4.2
 - files_fulltextsearch_tesseract: 1.4.1
 - files_pdfviewer: 1.7.0
 - files_rightclick: 0.15.2
 - files_sharing: 1.10.1
 - files_trackdownloads: 1.7.0
 - files_trashbin: 1.8.0
 - files_versions: 1.11.0
 - files_videoplayer: 1.7.0
 - firstrunwizard: 2.7.0
 - fulltextsearch_elasticsearch: 1.5.1
 - groupfolders: 6.0.6
 - issuetemplate: 0.6.0
 - keeweb: 0.6.2
 - logreader: 2.3.0
 - lookup_server_connector: 1.6.0
 - mail: 1.3.4
 - maps: 0.1.6
 - metadata: 0.11.1
 - nextcloud_announcements: 1.7.0
 - notifications: 2.6.0
 - oauth2: 1.6.0
 - occweb: 0.0.7
 - onlyoffice: 4.1.4
 - password_policy: 1.8.0
 - photos: 1.0.0
 - polls: 1.4.3
 - previewgenerator: 2.3.0
 - privacy: 1.2.0
 - provisioning_api: 1.8.0
 - recommendations: 0.6.0
 - serverinfo: 1.8.0
 - settings: 1.0.0
 - sharebymail: 1.8.0
 - sharelisting: 0.3.0
 - spreed: 8.0.8
 - support: 1.1.0
 - survey_client: 1.6.0
 - systemtags: 1.8.0
 - tasks: 0.12.2
 - text: 2.0.0
 - theming: 1.9.0
 - twofactor_backupcodes: 1.7.0
 - updatenotification: 1.8.0
 - user_ldap: 1.8.0
 - viewer: 1.2.0
 - workflow_script: 1.3.1
 - workflowengine: 2.0.0
Disabled:
 - admin_audit
 - analytics
 - breezedark
 - encryption
 - files_inotify
 - fulltextsearch
Configuration (config/config.php) 
{
    "instanceid": "***REMOVED SENSITIVE VALUE***",
    "passwordsalt": "***REMOVED SENSITIVE VALUE***",
    "secret": "***REMOVED SENSITIVE VALUE***",
    "trusted_domains": [
        "",
        "",
        "",
        ""
    ],
    "datadirectory": "***REMOVED SENSITIVE VALUE***",
    "filesystem_check_changes": 1,
    "overwrite.cli.url": "http:\/\/",
    "skeletondirectory": "",
    "dbtype": "pgsql",
    "version": "18.0.4.2",
    "dbname": "***REMOVED SENSITIVE VALUE***",
    "dbhost": "***REMOVED SENSITIVE VALUE***",
    "dbport": "",
    "dbtableprefix": "oc_",
    "dbuser": "***REMOVED SENSITIVE VALUE***",
    "dbpassword": "***REMOVED SENSITIVE VALUE***",
    "logtimezone": "Europe\/Berlin",
    "installed": true,
    "memcache.distributed": "\\OC\\Memcache\\Redis",
    "filelocking.enabled": "true",
    "memcache.local": "\\OC\\Memcache\\Redis",
    "memcache.locking": "\\OC\\Memcache\\Redis",
    "redis": {
        "host": "***REMOVED SENSITIVE VALUE***",
        "port": 6379,
        "timeout": 0
    },
    "ldapIgnoreNamingRules": false,
    "ldapProviderFactory": "\\OCA\\User_LDAP\\LDAPProviderFactory",
    "mail_smtpmode": "smtp",
    "mail_from_address": "***REMOVED SENSITIVE VALUE***",
    "mail_domain": "***REMOVED SENSITIVE VALUE***",
    "mail_smtpauthtype": "PLAIN",
    "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
    "mail_smtpport": "25",
    "loglevel": 2,
    "maintenance": false,
    "trashbin_retention_obligation": "7,14",
    "versions_retention_obligation": "7,14",
    "cache_chunk_gc_ttl": 86400,
    "onlyoffice": {
        "verify_peer_off": true
    },
    "theme": "",
    "mysql.utf8mb4": true,
    "app_install_overwrite": [
        "occweb",
        "spreed",
        "issuetemplate",
        "keeweb",
        "sharelisting",
        "dashboard",
        "polls",
        "breezedark"
    ],
    "app.mail.verify-tls-peer": false,
    "updater.secret": "***REMOVED SENSITIVE VALUE***"
}

Are you using external storage, if yes which one: local/smb/sftp/...

Are you using encryption:

Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...

LDAP configuration (delete this par if not used)

Client configuration

Browser: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:75.0) Gecko/20100101 Firefox/75.0

Operating system:

Logs

Web server error log 
Insert your web server log here
Nextcloud log 
Insert your Nextcloud log here
Browser log

Insert your browser log here, this could for example include:

a) The javascript console log
b) The network log
c) ...
@kesselb kesselb transferred this issue from nextcloud/server May 5, 2020
@nickvergessen
Copy link
Member

So there are 2 issues here:

  1. Technical: It is impossible for us to get the password from the stored hash of the conversation password. So we would need to ask the user to provide the password while uploading a file (would work) and while sharing a file in another way to the conversation (not possible)

  2. User experience: This would basically mean that we can't show any info inline to guests. No Thumbnail and also no viewer integrations in Talk 9+

So yeah, I have mixed feelings about this, as I can see the expectations, but at the same time the technical limitations make this close to impossible to solve.

@nickvergessen nickvergessen added 1. to develop feature: upload & shares & voice 📤🎙️ Sharing files into a chat and audio recordings and removed 0. Needs triage labels May 6, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
1. to develop enhancement feature: upload & shares & voice 📤🎙️ Sharing files into a chat and audio recordings
Projects
None yet
Milestone
💔 Backlog
Development

No branches or pull requests
3 participants
@nickvergessen @kesselb @thechonta