[Bug]: share by mail: password not automatically set although passwords enforced

[LM-vb]

⚠️ This issue respects the following points: ⚠️

• This is a bug, not a question or a configuration/webserver/proxy issue.
• This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
• Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
• I agree to follow Nextcloud's Code of Conduct.

Bug description

If creating a share by mail and the usage of a password is enforced (Administration settings -> Sharing -> Allow users to share via link an emails -> Enforce password protection), the password field is not prefilled (as it was until NC 28.0.2). A click on "Save share" leads to an error message and the share is not being created.

Steps to reproduce

1. Pick a file/folder to share by mail
2. Type in email
3. Click "Save share"

Expected behavior

A password should be automatically created and inserted/suggested in the password field.

Installation method

Community Manual installation with Archive

Nextcloud Server version

28

Operating system

Other

PHP engine version

PHP 8.3

Web server

Apache (supported)

Database engine version

PostgreSQL

Is this bug present after an update or on a fresh install?

Updated from a MINOR version (ex. 22.1 to 22.2)

Are you using the Nextcloud Server Encryption module?

Encryption is Disabled

What user-backends are you using?

• Default user-backend (database)
• LDAP/ Active Directory
• SSO - SAML
• Other

Configuration report

{
    "system": {
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "***REMOVED SENSITIVE VALUE***"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "pgsql",
        "default_phone_region": "DE",
        "version": "28.0.3.2",
        "overwrite.cli.url": "***REMOVED SENSITIVE VALUE***",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "skeletondirectory": "",
        "memcache.local": "\\OC\\Memcache\\Redis",
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "filelocking.enabled": true,
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": 0,
            "dbindex": 0,
            "timeout": 0
        },
        "session_lifetime": 3600,
        "session_keepalive": false,
        "tempdirectory": "***REMOVED SENSITIVE VALUE***",
        "remember_login_cookie_lifetime": 0,
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpmode": "smtp",
        "mail_sendmailmode": "smtp",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "25",
        "maintenance": false,
        "theme": "",
        "loglevel": 2,
        "log.condition": {
            "apps": [
                "admin_audit"
            ]
        },
        "default_language": "en",
        "default_locale": "en_GB",
        "knowledgebaseenabled": false,
        "simpleSignUpLink.shown": false,
        "auth.webauthn.enabled": false,
        "updater.release.channel": "stable",
        "trashbin_retention_obligation": "auto, 30",
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "maintenance_window_start": 2,
        "updater.secret": "***REMOVED SENSITIVE VALUE***"
    }
}

List of activated Apps

Enabled:
  - activity: 2.20.0
  - admin_audit: 1.18.0
  - announcementcenter: 6.7.0
  - bruteforcesettings: 2.8.0
  - checksum: 1.2.3
  - cloud_federation_api: 1.11.0
  - comments: 1.18.0
  - contactsinteraction: 1.9.0
  - dav: 1.29.1
  - federatedfilesharing: 1.18.0
  - files: 2.0.0
  - files_automatedtagging: 1.18.0
  - files_pdfviewer: 2.9.0
  - files_reminders: 1.1.0
  - files_sharing: 1.20.0
  - files_trashbin: 1.18.0
  - files_versions: 1.21.0
  - files_zip: 1.5.0
  - impersonate: 1.15.0
  - logreader: 2.13.0
  - lookup_server_connector: 1.16.0
  - nextcloud_announcements: 1.17.0
  - notifications: 2.16.0
  - oauth2: 1.16.3
  - password_policy: 1.18.0
  - photos: 2.4.0
  - privacy: 1.12.0
  - provisioning_api: 1.18.0
  - quota_warning: 1.18.0
  - related_resources: 1.3.0
  - serverinfo: 1.18.0
  - settings: 1.10.1
  - sharebymail: 1.18.0
  - support: 1.11.0
  - survey_client: 1.16.0
  - systemtags: 1.18.0
  - theming: 2.3.0
  - twofactor_backupcodes: 1.17.0
  - updatenotification: 1.18.0
  - viewer: 2.2.0
  - workflowengine: 2.10.0
Disabled:
  - circles: 28.0.0-dev (installed 22.1.1)
  - contacts: 5.5.2 (installed 5.5.2)
  - dashboard: 7.8.0 (installed 7.0.0)
  - encryption: 2.16.0
  - extract: 1.3.6 (installed 1.3.6)
  - federation: 1.18.0 (installed 1.10.1)
  - files_downloadactivity: 1.16.0 (installed 1.16.0)
  - files_external: 1.20.0
  - files_retention: 1.17.0 (installed 1.17.0)
  - files_rightclick: 0.15.1 (installed 1.6.0)
  - firstrunwizard: 2.17.0 (installed 2.9.0)
  - flow_notifications: 1.8.0 (installed 1.8.0)
  - mediadc: 0.3.8 (installed 0.3.8)
  - previewgenerator: 5.4.0 (installed 5.4.0)
  - quicknotes: 0.8.22 (installed 0.8.22)
  - recommendations: 2.0.0 (installed 0.8.0)
  - suspicious_login: 6.0.0
  - text: 3.9.1 (installed 3.1.0)
  - theming_customcss: 1.15.0 (installed 1.15.0)
  - twofactor_totp: 10.0.0-beta.2
  - user_ldap: 1.19.0
  - user_status: 1.8.1 (installed 1.0.1)
  - weather_status: 1.8.0 (installed 1.0.0)

Nextcloud Signing status

No errors have been found.

Nextcloud Logs

No response

Additional info

Bug found in NC 28.0.3

[sorbaugh]

@Fenn-CS do you think this is a frontend issue only? can you provide a quick check 🙏

[Fenn-CS]

@sorbaugh It appears to be at the frontend level

[daveatpinellas]

This bug seems to have been a backport into version 27 and now 27 is affected. I tried to apply 27.1.7 this morning and my post upgrade quality testing had this same issue. In version 27.1.7, the UI for automated password appears to be filled as expected. However when you attempt to save the link it fails and displays "Error creating the share: Passwords are enforced for link and mail shares". If you manually type in a password into the password field it works and the share is saved with success. I rolled back to my 27.1.6 snapshot and it immediately worked again as expected. So in some way, the automated password is being put into the UI but the variable is not being loaded correctly until a manual password is entered.

I have another test instance with 27.1.7 and can easily replicate. Happy to test patches.

[MalteP]

When "Always ask for password" is enabled, but passwort not enforced, share links are created with a password while share by mail does not set a password.

Also share by mail seems to ignore the default link expiration date!

Tested on NC 28.0.3.

Settings:

Share by mail - no password, no expiration date:

Share by link - working as expected:

[ElSi-DVT]

Same problem here. (NC 27.1.7)

[sanidzinic]

Same Problem here, (NC 27.1.7)

[dea-75]

On 28.0.4 (final) the problem persist :(

[spideynn]

Just upgraded to 28.0.4. It works if the default share permissions under Admin -> Sharing have some permissions enabled, but if the permissions are set to either all enabled or all disabled (view only) it breaks and the password doesn't generate.

[LM-vb]

I can confirm. This bug still exists in 28.0.4. Steps to reproduce are identical to the initial bug report.

[daveatpinellas]

Confirmed, still broken in 28.0.4 and 27.1.8.
27.1.8, the auto generated password is sitting in the UI but it seems not to 'see' it. The only work around is to hand type in your own password.

[susnux]

Fix in #44571

[MalteP]

When "Always ask for password" is enabled, but passwort not enforced, share links are created with a password while share by mail does not set a password.

Problem still persists on NC 28.0.5 and 29.0.0.

[susnux]

When "Always ask for password" is enabled, but passwort not enforced, share links are created with a password while share by mail does not set a password.

Problem still persists on NC 28.0.5 and 29.0.0.

@MalteP please open a new issue, this is unrelated to this one. This one was about enforced passwords, which is fixed now.