diff --git a/apps/files_sharing/lib/Controller/Share20OcsController.php b/apps/files_sharing/lib/Controller/Share20OcsController.php index 680e983d1ed2..de6f2df860e1 100644 --- a/apps/files_sharing/lib/Controller/Share20OcsController.php +++ b/apps/files_sharing/lib/Controller/Share20OcsController.php @@ -201,8 +201,12 @@ protected function formatShare(IShare $share, $received = false) { $result['share_with'] = $share->getSharedWith(); $result['share_with_displayname'] = $group !== null ? $group->getDisplayName() : $share->getSharedWith(); } elseif ($share->getShareType() === Share::SHARE_TYPE_LINK) { - $result['share_with'] = '***redacted***'; - $result['share_with_displayname'] = '***redacted***'; + if ($share->getPassword() !== null) { + // Misleading names ahead!: This fields are miss-used to + // read/write public link password-hashes + $result['share_with'] = '***redacted***'; + $result['share_with_displayname'] = '***redacted***'; + } $result['name'] = $share->getName(); $result['token'] = $share->getToken(); diff --git a/tests/acceptance/features/apiShareManagementBasic/createShare.feature b/tests/acceptance/features/apiShareManagementBasic/createShare.feature index 2ecd0782f726..e7b144a989c7 100644 --- a/tests/acceptance/features/apiShareManagementBasic/createShare.feature +++ b/tests/acceptance/features/apiShareManagementBasic/createShare.feature @@ -192,6 +192,7 @@ Feature: sharing Given using OCS API version "" When user "user0" creates a public link share using the sharing API with settings | path | welcome.txt | + | password | %public% | Then the OCS status code should be "" And the HTTP status code should be "200" And the fields of the last response should include @@ -208,6 +209,29 @@ Feature: sharing | 1 | 100 | | 2 | 200 | + @public_link_share-feature-required + Scenario Outline: Getting the share information of passwordless public-links hides credential placeholders + Given using OCS API version "" + When user "user0" creates a public link share using the sharing API with settings + | path | welcome.txt | + Then the OCS status code should be "" + And the HTTP status code should be "200" + And the fields of the last response should include + | file_target | /welcome.txt | + | path | /welcome.txt | + | item_type | file | + | share_type | 3 | + | permissions | 1 | + | uid_owner | user0 | + And the fields of the last response should not include + | share_with | ***redacted*** | + | share_with_displayname | ***redacted*** | + + Examples: + | ocs_api_version | ocs_status_code | + | 1 | 100 | + | 2 | 200 | + Scenario Outline: Creating a new share with a disabled user Given using OCS API version "" And user "user1" has been created with default attributes and without skeleton files diff --git a/tests/acceptance/features/bootstrap/Sharing.php b/tests/acceptance/features/bootstrap/Sharing.php index 48db5b535b5d..b22a33dd58d9 100644 --- a/tests/acceptance/features/bootstrap/Sharing.php +++ b/tests/acceptance/features/bootstrap/Sharing.php @@ -1371,6 +1371,28 @@ public function checkFields($body) { } } + /** + * @Then the fields of the last response should not include + * + * @param TableNode|null $body + * + * @return void + */ + public function checkFieldsNotInResponse($body) { + if ($body instanceof TableNode) { + $fd = $body->getRowsHash(); + + foreach ($fd as $field => $value) { + $value = $this->replaceValuesFromTable($field, $value); + if ($this->isFieldInResponse($field, $value)) { + PHPUnit\Framework\Assert::fail( + "$field has value $value" + ); + } + } + } + } + /** * @When user :user removes all shares from the file named :fileName using the sharing API * @Given user :user has removed all shares from the file named :fileName