fix(files_sharing): Only send password on change

The password param should never be sent if the intention is not remove it or update it. This commit adapts the frontend and backend to this rule to avoid weird bugs especially around updating new shares. Signed-off-by: nfebe <fenn25.fn@gmail.com>
2025-10-06 16:05:52 +07:00 · 2025-10-06 16:05:52 +07:00 · 033b54934b
parent 6779ac7dd7
commit 033b54934b
3 changed files with 20 additions and 7 deletions
--- a/apps/files_sharing/lib/Controller/ShareAPIController.php
+++ b/apps/files_sharing/lib/Controller/ShareAPIController.php
@ -1339,10 +1339,13 @@ class ShareAPIController extends OCSController {
 				$share->setPermissions($permissions);
 			}

-			if ($password === '') {
-				$share->setPassword(null);
-			} elseif ($password !== null) {
-				$share->setPassword($password);
+			$passwordParamSent = $password !== null;
+			if ($passwordParamSent) {
+				if ($password === '') {
+					$share->setPassword(null);
+				} else {
+					$share->setPassword($password);
+				}
 			}

 			if ($label !== null) {
--- a/apps/files_sharing/src/mixins/SharesMixin.js
+++ b/apps/files_sharing/src/mixins/SharesMixin.js
@ -320,7 +320,9 @@ export default {
 				// share api controller accepts
 				for (const name of propertyNames) {
 					if (name === 'password') {
-						properties[name] = this.share.newPassword ?? this.share.password
+						if (this.share.newPassword !== undefined) {
+							properties[name] = this.share.newPassword
+						}
 						continue
 					}

--- a/apps/files_sharing/src/views/SharingDetailsTab.vue
+++ b/apps/files_sharing/src/views/SharingDetailsTab.vue
@ -976,7 +976,11 @@ export default {
 		},
 		async saveShare() {
 			const permissionsAndAttributes = ['permissions', 'attributes', 'note', 'expireDate']
-			const publicShareAttributes = ['label', 'password', 'hideDownload']
+			const publicShareAttributes = ['label', 'hideDownload']
+			// Only include password if it's being actively changed
+			if (this.hasUnsavedPassword) {
+				publicShareAttributes.push('password')
+			}
 			if (this.config.allowCustomTokens) {
 				publicShareAttributes.push('token')
 			}
@ -1139,7 +1143,11 @@ export default {
 		 * "sendPasswordByTalk".
 		 */
 		onPasswordProtectedByTalkChange() {
-			this.queueUpdate('sendPasswordByTalk', 'password')
+			if (this.isEmailShareType || this.hasUnsavedPassword) {
+				this.queueUpdate('sendPasswordByTalk', 'password')
+			} else {
+				this.queueUpdate('sendPasswordByTalk')
+			}
 		},
 		isValidShareAttribute(value) {
 			if ([null, undefined].includes(value)) {