From 44c9b95aacc780d639d56cfaf9c5a9647fd917aa Mon Sep 17 00:00:00 2001 From: yemkareems Date: Thu, 26 Sep 2024 15:05:03 +0530 Subject: [PATCH 1/6] fix: add PasswordConfirmationRequired to create user storages endpoint Signed-off-by: yemkareems From ebb2915cd037ab1f50fae8c9fe5857af989f5e0a Mon Sep 17 00:00:00 2001 From: yemkareems Date: Mon, 14 Oct 2024 18:29:45 +0530 Subject: [PATCH 2/6] fix: add PasswordConfirmationRequired to update and delete method Signed-off-by: yemkareems From abd5a85a96b5129e0fc7209e5a0cf6f8009fe95b Mon Sep 17 00:00:00 2001 From: Ferdinand Thiessen Date: Mon, 14 Oct 2024 15:12:16 +0200 Subject: [PATCH 3/6] fix: Add frontend code for password confirmation Signed-off-by: Ferdinand Thiessen [skip ci] --- apps/files_external/js/settings.js | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/apps/files_external/js/settings.js b/apps/files_external/js/settings.js index db77fe4dfc18b..472f86aa697e2 100644 --- a/apps/files_external/js/settings.js +++ b/apps/files_external/js/settings.js @@ -271,7 +271,6 @@ StorageConfig.prototype = { * @param {Function} [options.error] error callback */ save: function(options) { - var self = this; var url = OC.generateUrl(this._url); var method = 'POST'; if (_.isNumber(this.id)) { @@ -279,6 +278,18 @@ StorageConfig.prototype = { url = OC.generateUrl(this._url + '/{id}', {id: this.id}); } + window.OC.PasswordConfirmation.requirePasswordConfirmation(() => this._save(method, url, options), options.error); + }, + + /** + * Private implementation of the save function (called after potential password confirmation) + * @param {string} method + * @param {string} url + * @param {{success: Function, error: Function}} options + */ + _save: function(method, url, options) { + self = this; + $.ajax({ type: method, url: url, @@ -352,6 +363,15 @@ StorageConfig.prototype = { } return; } + + window.OC.PasswordConfirmation.requirePasswordConfirmation(() => this._destroy(options), options.error) + }, + + /** + * Private implementation of the DELETE method called after password confirmation + * @param {{ success: Function, error: Function }} options + */ + _destroy: function(options) { $.ajax({ type: 'DELETE', url: OC.generateUrl(this._url + '/{id}', {id: this.id}), From d13a15e8a809fe42f42856e1de1600bec59a8698 Mon Sep 17 00:00:00 2001 From: yemkareems Date: Thu, 17 Oct 2024 12:34:21 +0530 Subject: [PATCH 4/6] fix: add PasswordConfirmationRequired to user storages create, update and delete Signed-off-by: yemkareems --- .../lib/Controller/UserStoragesController.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/apps/files_external/lib/Controller/UserStoragesController.php b/apps/files_external/lib/Controller/UserStoragesController.php index c0a460fd8e316..a9193b08993fd 100644 --- a/apps/files_external/lib/Controller/UserStoragesController.php +++ b/apps/files_external/lib/Controller/UserStoragesController.php @@ -120,9 +120,9 @@ public function show($id, $testOnly = true) { * @param array $mountOptions backend-specific mount options * * @return DataResponse - * - * @NoAdminRequired */ + #[NoAdminRequired] + #[PasswordConfirmationRequired] public function create( $mountPoint, $backend, @@ -176,9 +176,9 @@ public function create( * @param bool $testOnly whether to storage should only test the connection or do more things * * @return DataResponse - * - * @NoAdminRequired */ + #[NoAdminRequired] + #[PasswordConfirmationRequired] public function update( $id, $mountPoint, @@ -227,10 +227,10 @@ public function update( /** * Delete storage * - * @NoAdminRequired - * * {@inheritdoc} */ + #[NoAdminRequired] + #[PasswordConfirmationRequired] public function destroy($id) { return parent::destroy($id); } From 7c3e1398ec4caf0e2566a3bcb1d954358f016300 Mon Sep 17 00:00:00 2001 From: yemkareems Date: Thu, 17 Oct 2024 13:17:26 +0530 Subject: [PATCH 5/6] fix: cs fix for namespace Signed-off-by: yemkareems [skip ci] --- apps/files_external/lib/Controller/UserStoragesController.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/apps/files_external/lib/Controller/UserStoragesController.php b/apps/files_external/lib/Controller/UserStoragesController.php index a9193b08993fd..31dfc7f84ca75 100644 --- a/apps/files_external/lib/Controller/UserStoragesController.php +++ b/apps/files_external/lib/Controller/UserStoragesController.php @@ -34,6 +34,8 @@ use OCA\Files_External\NotFoundException; use OCA\Files_External\Service\UserStoragesService; use OCP\AppFramework\Http; +use OCP\AppFramework\Http\Attribute\NoAdminRequired; +use OCP\AppFramework\Http\Attribute\PasswordConfirmationRequired; use OCP\AppFramework\Http\DataResponse; use OCP\IConfig; use OCP\IGroupManager; From 251b1846bfbb9bb45a3e4231f386c950b61c1256 Mon Sep 17 00:00:00 2001 From: yemkareems Date: Thu, 17 Oct 2024 13:17:26 +0530 Subject: [PATCH 6/6] fix: cs fix for namespace Signed-off-by: yemkareems [skip ci] --- apps/files_external/lib/Controller/UserStoragesController.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/apps/files_external/lib/Controller/UserStoragesController.php b/apps/files_external/lib/Controller/UserStoragesController.php index a9193b08993fd..31dfc7f84ca75 100644 --- a/apps/files_external/lib/Controller/UserStoragesController.php +++ b/apps/files_external/lib/Controller/UserStoragesController.php @@ -34,6 +34,8 @@ use OCA\Files_External\NotFoundException; use OCA\Files_External\Service\UserStoragesService; use OCP\AppFramework\Http; +use OCP\AppFramework\Http\Attribute\NoAdminRequired; +use OCP\AppFramework\Http\Attribute\PasswordConfirmationRequired; use OCP\AppFramework\Http\DataResponse; use OCP\IConfig; use OCP\IGroupManager;