[Bug]: "send password by mail" setting should be disabled when the "temporary password" feature is enabled

[StCyr]

⚠️ This issue respects the following points: ⚠️

• This is a bug, not a question or a configuration/webserver/proxy issue.
• This issue is not already reported on Github (I've searched it).
• Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
• Nextcloud Server is running on 64bit capable CPU, PHP and OS.
• I agree to follow Nextcloud's Code of Conduct.

Bug description

When the "temporary password" feature is enabled, passwords to access "sharedbymail" shares should always be sent via email when the user request them.

However, when unchecking the "send password by mail" checkbox in the settings for sharing, NC does not send that email anymore.

It seems that on some installations (NC 24.0 only? There was a bug related to this feature which has been fixed in e35cbd2), the temporary password is sent right away when the share is created, which, though not an issue per se, doesn't really make sense. Hence, there are people trying to use this feature expecting that by removing the check from the checkbox "send password by mail", the server will only send the password once the user requests it, and not at share's creation.

Steps to reproduce

1. Enable temporary password by setting the sharing.enable_mail_link_password_expiration setting at true in config.php
2. Uncheck the "send password by mail" checkbox in the settings for sharing
3. Share a file by email
4. open the share as the invited user (eg: in an ingognito session)
5. request a temporary password to access the share
6. The temporary password email is not sent

Expected behavior

The temporary password email should have been sent to the invited user

Installation method

No response

Operating system

No response

PHP engine version

No response

Web server

No response

Database engine version

No response

Is this bug present after an update or on a fresh install?

No response

Are you using the Nextcloud Server Encryption module?

No response

What user-backends are you using?

• Default user-backend (database)
• LDAP/ Active Directory
• SSO - SAML
• Other

Configuration report

No response

List of activated Apps

cyrille@laptop-cyrille:/var/www/nextcloud-latest$ sudo -u www-data php occ app:list
Xdebug: [Step Debug] Could not connect to debugging client. Tried: localhost:9003 (through xdebug.client_host/xdebug.client_port) :-(
Enabled:
  - cloud_federation_api: 1.8.0
  - comments: 1.15.0
  - contactsinteraction: 1.6.0
  - dashboard: 7.5.0
  - dav: 1.24.0
  - federatedfilesharing: 1.15.0
  - federation: 1.15.0
  - files: 1.20.0
  - files_sharing: 1.17.0
  - files_trashbin: 1.15.0
  - files_versions: 1.18.0
  - lookup_server_connector: 1.13.0
  - oauth2: 1.13.0
  - provisioning_api: 1.15.0
  - settings: 1.7.0
  - sharebymail: 1.15.0
  - sharebyphone: 0.0.1
  - systemtags: 1.15.0
  - theming: 2.0.0
  - twofactor_backupcodes: 1.14.0
  - updatenotification: 1.15.0
  - user_status: 1.5.0
  - viewer: 1.9.0
  - weather_status: 1.5.0
  - workflowengine: 2.7.0

Nextcloud Signing status

No response

Nextcloud Logs

No response

Additional info

See also #31005 (comment)

[StCyr]

Proposed solution

A good fix might be to update the admin settings of the "sharebymail" app, and automaticaly uncheck the "send password by mail" setting and make it disabled with a message like "Temporary passwords are enabled on this instance, passwords are always sent by email to invited users upon request" when temporary paswwords are enabled (an alternative might be to simply uncheck and hides it in such case).

This also requires changes in the code to make sure that passwords are sent to invited users when they request them, altough the "send password by mail" setting is unchecked.

An easier solution would be to update the admin settings of the "sharebymail" app, and automaticaly check the "send password by mail" setting and make it disabled. This would therefore not require the code change to make sure that passwords are sent to invited users when they request them, although the "send password by mail" setting is unchecked. But, this should only be done if it is confirmed that no password email is sent directly upon share's creation in newest NC instances (which seems to be the case, at least on my devlopment box).

[PVince81]

@jancborchardt any preference ?

[szaimen]

Hi, please update to 24.0.9 or better 25.0.3 and report back if it fixes the issue. Thank you!

My goal is to add a label like e.g. 25-feedback to this ticket of an up-to-date major Nextcloud version where the bug could be reproduced. However this is not going to work without your help. So thanks for all your effort!

If you don't manage to reproduce the issue in time and the issue gets closed but you can reproduce the issue afterwards, feel free to create a new bug report with up-to-date information by following this link: https://github.com/nextcloud/server/issues/new?assignees=&labels=bug%2C0.+Needs+triage&template=BUG_REPORT.yml&title=%5BBug%5D%3A+