-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Public share link requests for credentials. #18731
Comments
@SergioBertolinSG is this a regression on master ? |
Works for me on master (85b62c7). |
Yes a regression. |
Clear the cache maybe ? This is not enough information to be able to reproduce or fix it. |
Same problem with cache cleared. I forgot to mention that the public share has to have a password (edited in the steps). |
I've fixed the problem installing the last version of Firefox. |
It is still happening. It happens only with plain text files. When opening the share and entering the password a dialog for credentials appears. (And it shouldn't). |
Confirmed.... And it's probably because of that ¦@#°% Gallery app ;) |
Apparently, it's not phewww... But I still need to see if I can prevent making Ajax calls before the password is entered. What I'm seeing in the POST request is a 307 and 2 oc_sessionPassphrase with different passwords in them. |
Could be related to #18891 (double passphrase) |
Still happening on master from git. Tested on safari. (Working fine in firefox) |
Is Safari maybe somehow auto-filling the password field ? Can you try clearing the autofill cache ? |
I've cleaned all the browsing data, and using chrome it happens the same behaviour as @SergioBertolinSG has said. |
@LukasReschke are you able to reproduce this on your mac? |
@oparoz is the text preview sending the password to the Webdav endpoint ? |
Hmm, but the password isn't appended behind the ":". Let me check how I did it with the "move to webdav" branch. |
Hmm, it seems I'm not passing the password either. If the browser has a session cookie related to this public share, it should be able to reuse it when doing webdav requests. |
The token is used as the username. There is no password |
Steps to reproduce (for clarity)
At this point the popup appears for the Webdav call. |
I suspect it might be related to the recent refactoring in publicwebdav to use "ServerFactory". I'll try and debug the server. |
Hmmm no, it looks like this never worked before. |
Hmmmmmmm it works on my Webdav branch #16902 which uses public webdav for the file list and also text preview. I'll try and find out why it works there... |
Aha, this one: e6f007d I'll make a separate PR for that |
👯 |
Fix is here #19402 |
@PVince81 This happens in stable8.1 as well. backport? |
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Steps to reproduce
EDIT II 1. Share publicly a plain text file by link
EDIT I 2. Add a password to the public link.
3. Open the link from a different browser without being logged in.
Expected behaviour
Anonymous user can open the link.
Actual behaviour
Link redirects to the login page.
Server configuration
Operating system:
Ubuntu 14.04
Web server:
Apache
Database:
MySQL
PHP version:
5.5.9
ownCloud version: (see ownCloud admin page)
master branch (8.2alpha)
Updated from an older ownCloud or fresh install:
Fresh
List of activated apps:
Default in community edition..
The content of config/config.php:
Are you using external storage, if yes which one: local/smb/sftp/...
No
Are you using encryption:
No
Logs
Client configuration
browser
Chrome 41
The text was updated successfully, but these errors were encountered: