owncloud · AlexAndBear · Sep 26, 2023 · Sep 23, 2023 · Sep 23, 2023 · Sep 23, 2023
diff --git a/changelog/unreleased/enhancement-show-error-if-password-is-on-banned-passwords-list b/changelog/unreleased/enhancement-show-error-if-password-is-on-banned-passwords-list
@@ -0,0 +1,7 @@
+Enhancement: Show error if password is on a banned password list
+
+We now show a meaningful error if the user tries to set a public link password,
+that's on a server side banned password list.
+
+https://github.com/owncloud/web/pull/9727
+https://github.com/owncloud/web/issues/9726
diff --git a/dev/docker/ocis/password-policy-banned-passwords.txt b/dev/docker/ocis/password-policy-banned-passwords.txt
@@ -0,0 +1,2 @@
+password
+12345678
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -21,6 +21,7 @@ services:
       FRONTEND_SEARCH_MIN_LENGTH: "2"
       FRONTEND_OCS_ENABLE_DENIALS: "true"
       FRONTEND_FULL_TEXT_SEARCH_ENABLED: "true"
+      FRONTEND_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: '/etc/ocis/password-policy-banned-passwords.txt'
 
       # IDM
       IDM_CREATE_DEMO_USERS: "${DEMO_USERS:-true}"
@@ -61,6 +62,7 @@ services:
       # make the registry available to the app provider containers
       MICRO_REGISTRY: "mdns"
     volumes:
+      - ./dev/docker/ocis/password-policy-banned-passwords.txt:/etc/ocis/password-policy-banned-passwords.txt
       - ./dev/docker/ocis.idp.config.yaml:/etc/ocis/idp.yaml
       - ./dev/docker/ocis-ca:/var/lib/ocis/proxy
       - ./dist:/web/dist

diff --git a/packages/design-system/src/components/OcTextInput/OcTextInput.vue b/packages/design-system/src/components/OcTextInput/OcTextInput.vue
@@ -273,6 +273,8 @@ export default defineComponent({
       if (this.type === 'password') {
         additionalAttrs['password-policy'] = this.passwordPolicy
         additionalAttrs['generate-password-method'] = this.generatePasswordMethod
+        additionalAttrs['has-warning'] = !!this.warningMessage
+        additionalAttrs['has-error'] = !!this.errorMessage
       }
       // Exclude listeners for events which are handled via methods in this component
       // eslint-disable-next-line no-unused-vars

diff --git a/packages/design-system/src/components/_OcTextInputPassword/_OcTextInputPassword.vue b/packages/design-system/src/components/_OcTextInputPassword/_OcTextInputPassword.vue
@@ -1,11 +1,12 @@
 <template>
-  <div class="oc-text-input-password-wrapper">
-    <input
-      v-bind="$attrs"
-      v-model="password"
-      :type="showPassword ? 'text' : 'password'"
-      @input="onPasswordEntered"
-    />
+  <div
+    class="oc-text-input-password-wrapper"
+    :class="{
+      'oc-text-input-password-wrapper-warning': hasWarning,
+      'oc-text-input-password-wrapper-danger': hasError
+    }"
+  >
+    <input v-bind="$attrs" v-model="password" :type="showPassword ? 'text' : 'password'" />
     <oc-button
       v-if="password"
       v-oc-tooltip="$gettext('Show password')"
@@ -32,7 +33,7 @@
       class="oc-text-input-generate-password-button oc-px-s oc-background-default"
       appearance="raw"
       size="small"
-      @click="showGeneratedPassword"
+      @click="generatePassword"
     >
       <oc-icon size="small" name="refresh" fill-type="line" />
     </oc-button>
@@ -88,10 +89,20 @@ export default defineComponent({
       type: Function as PropType<(...args: unknown[]) => string>,
       required: false,
       default: null
+    },
+    hasWarning: {
+      type: Boolean,
+      required: false,
+      default: false
+    },
+    hasError: {
+      type: Boolean,
+      required: false,
+      default: false
     }
   },
   emits: ['passwordChallengeCompleted', 'passwordChallengeFailed'],
-  setup(props, { emit }) {
+  setup(props, { emit, attrs }) {
     const { $gettext } = useGettext()
     const password = ref(props.value)
     const showPassword = ref(false)
@@ -123,17 +134,15 @@ export default defineComponent({
       setTimeout(() => (copyPasswordIcon.value = copyPasswordIconInitial), 500)
     }
 
-    const showGeneratedPassword = () => {
+    const generatePassword = () => {
       const generatedPassword = props.generatePasswordMethod()
       password.value = generatedPassword
       showPassword.value = true
     }
 
-    const onPasswordEntered = () => {
+    watch(password, (value) => {
       passwordEntered.value = true
-    }
 
-    watch(password, (value) => {
       if (!Object.keys(props.passwordPolicy).length) {
         return
       }
@@ -149,13 +158,12 @@ export default defineComponent({
       $gettext,
       password,
       showPassword,
+      copyPasswordIcon,
       showPasswordPolicyInformation,
       testedPasswordPolicy,
+      generatePassword,
       getPasswordPolicyRuleMessage,
-      copyPasswordToClipboard,
-      showGeneratedPassword,
-      copyPasswordIcon,
-      onPasswordEntered
+      copyPasswordToClipboard
     }
   }
 })
@@ -177,6 +185,18 @@ export default defineComponent({
   input:focus {
     outline: none;
   }
+
+  &-warning,
+  &-warning:focus {
+    border-color: var(--oc-color-swatch-warning-default) !important;
+    color: var(--oc-color-swatch-warning-default) !important;
+  }
+
+  &-danger,
+  &-danger:focus {
+    border-color: var(--oc-color-swatch-danger-default) !important;
+    color: var(--oc-color-swatch-danger-default) !important;
+  }
 }
 .oc-text-input-password-wrapper:focus-within {
   border-color: var(--oc-color-swatch-passive-default);

diff --git a/packages/web-app-files/src/components/SideBar/Shares/FileLinks.vue b/packages/web-app-files/src/components/SideBar/Shares/FileLinks.vue
@@ -350,7 +350,13 @@ export default defineComponent({
   },
   methods: {
     ...mapActions('Files', ['addLink', 'updateLink', 'removeLink']),
-    ...mapActions(['showMessage', 'showErrorMessage', 'createModal', 'hideModal']),
+    ...mapActions([
+      'showMessage',
+      'showErrorMessage',
+      'createModal',
+      'hideModal',
+      'setModalInputErrorMessage'
+    ]),
     ...mapMutations('Files', ['REMOVE_FILES']),
 
     toggleLinkListCollapsed() {
@@ -394,7 +400,7 @@ export default defineComponent({
       })
     },
 
-    checkLinkToCreate({ link, onError = () => {} }) {
+    checkLinkToCreate({ link }) {
       const paramsToCreate = this.getParamsForLink(link)
 
       if (this.isPasswordEnforcedFor(link)) {
@@ -405,15 +411,15 @@ export default defineComponent({
             passwordPolicyService: this.passwordPolicyService
           },
           (newPassword) => {
-            this.createLink({ params: { ...paramsToCreate, password: newPassword }, onError })
+            this.createLink({ params: { ...paramsToCreate, password: newPassword } })
           }
         )
       } else {
-        this.createLink({ params: paramsToCreate, onError })
+        this.createLink({ params: paramsToCreate })
       }
     },
 
-    checkLinkToUpdate({ link, onSuccess = () => {} }) {
+    checkLinkToUpdate({ link }) {
       const params = this.getParamsForLink(link)
 
       if (!link.password && this.isPasswordEnforcedFor(link)) {
@@ -424,11 +430,11 @@ export default defineComponent({
             passwordPolicyService: this.passwordPolicyService
           },
           (newPassword) => {
-            this.updatePublicLink({ params: { ...params, password: newPassword }, onSuccess })
+            this.updatePublicLink({ params: { ...params, password: newPassword } })
           }
         )
       } else {
-        this.updatePublicLink({ params, onSuccess })
+        this.updatePublicLink({ params })
       }
     },
 
@@ -481,7 +487,7 @@ export default defineComponent({
       }
     },
 
-    async createLink({ params, onError = (e) => {} }) {
+    async createLink({ params }) {
       let path = this.resource.path
       // sharing a share root from the share jail -> use resource name as path
       if (this.hasShareJail && path === '/') {
@@ -494,41 +500,47 @@ export default defineComponent({
           storageId: this.resource.fileId || this.resource.id,
           params
         })
+        this.hideModal()
+        this.showMessage({
+          title: this.$gettext('Link was created successfully')
+        })
       } catch (e) {
-        onError(e)
         console.error(e)
+
+        // Human-readable error message is provided, for example when password is on banned list
+        if (e.status === 400) {
+          return this.setModalInputErrorMessage(this.$gettext(e.message))
+        }
+
         this.showErrorMessage({
           title: this.$gettext('Failed to create link'),
           error: e
         })
-        return
       }
-
-      this.showMessage({
-        title: this.$gettext('Link was created successfully')
-      })
     },
 
-    async updatePublicLink({ params, onSuccess = () => {}, onError = (e) => {} }) {
+    async updatePublicLink({ params }) {
       try {
         await this.updateLink({
           id: params.id,
           client: this.$client,
           params
-        }).then(onSuccess)
+        })
+        this.hideModal()
+        this.showMessage({
+          title: this.$gettext('Link was updated successfully')
+        })
       } catch (e) {
-        onError(e)
-        console.error(e)
+        // Human-readable error message is provided, for example when password is on banned list
+        if (e.statusCode === 400) {
+          return this.setModalInputErrorMessage(this.$gettext(e.message))
+        }
+
         this.showErrorMessage({
           title: this.$gettext('Failed to update link'),
           error: e
         })
-        return
       }
-
-      this.showMessage({
-        title: this.$gettext('Link was updated successfully')
-      })
     },
 
     deleteLinkConfirmation({ link }) {

diff --git a/packages/web-app-files/src/components/SideBar/Shares/Links/DetailsAndEdit.vue b/packages/web-app-files/src/components/SideBar/Shares/Links/DetailsAndEdit.vue
@@ -472,9 +472,6 @@ export default defineComponent({
             link: {
               ...this.link,
               name
-            },
-            onSuccess: () => {
-              this.hideModal()
             }
           })
       }
@@ -496,6 +493,7 @@ export default defineComponent({
         inputPlaceholder: this.link.password ? '●●●●●●●●' : null,
         inputType: 'password',
         onCancel: this.hideModal,
+        onInput: () => this.setModalInputErrorMessage(''),
         onPasswordChallengeCompleted: () => this.setModalConfirmButtonDisabled(false),
         onPasswordChallengeFailed: () => this.setModalConfirmButtonDisabled(true),
         onConfirm: (password) => {

diff --git a/packages/web-app-files/src/quickActions.ts b/packages/web-app-files/src/quickActions.ts
@@ -30,22 +30,12 @@ export function showQuickLinkPasswordModal({ $gettext, store, passwordPolicyServ
     inputGeneratePasswordMethod: () => passwordPolicyService.generatePassword(),
     inputLabel: $gettext('Password'),
     inputType: 'password',
+    onInput: () => store.dispatch('setModalInputErrorMessage', ''),
+    onPasswordChallengeCompleted: () => store.dispatch('setModalConfirmButtonDisabled', false),
+    onPasswordChallengeFailed: () => store.dispatch('setModalConfirmButtonDisabled', true),
     onCancel: () => store.dispatch('hideModal'),
     onConfirm: async (password) => {
-      if (!password || password.trim() === '') {
-        store.dispatch('showErrorMessage', {
-          title: $gettext('Password cannot be empty')
-        })
-      } else {
-        await store.dispatch('hideModal')
-        onConfirm(password)
-      }
-    },
-    onInput: (password) => {
-      if (password.trim() === '') {
-        return store.dispatch('setModalInputErrorMessage', $gettext('Password cannot be empty'))
-      }
-      return store.dispatch('setModalInputErrorMessage', null)
+      onConfirm(password)
     }
   }
 

diff --git a/packages/web-pkg/src/services/passwordPolicy/passwordPolicy.ts b/packages/web-pkg/src/services/passwordPolicy/passwordPolicy.ts
@@ -37,9 +37,11 @@ export class PasswordPolicyService {
 
   private useDefaultRules(): boolean {
     return (
-      Object.keys(this.capability).length === 0 ||
-      (Object.keys(this.capability).length === 1 &&
-        Object.keys(this.capability)[0] === 'max_characters')
+      !this.capability.min_characters &&
+      !this.capability.min_lowercase_characters &&
+      !this.capability.min_uppercase_characters &&
+      !this.capability.min_digits &&
+      !this.capability.min_special_characters
     )
   }
 

diff --git a/packages/web-runtime/package.json b/packages/web-runtime/package.json
@@ -27,7 +27,7 @@
     "luxon": "^2.4.0",
     "marked": "^4.0.12",
     "oidc-client-ts": "^2.1.0",
-    "owncloud-sdk": "3.1.0-alpha.8",
+    "owncloud-sdk": "3.1.0-alpha.9",
     "p-queue": "^6.6.2",
     "pinia": "^2.1.3",
     "portal-vue": "3.0.0",

diff --git a/packages/web-runtime/src/helpers/additionalTranslations.ts b/packages/web-runtime/src/helpers/additionalTranslations.ts
@@ -14,5 +14,8 @@ export const additionalTranslations = {
     'Virus "%{description}" detected. Please contact your administrator for more information.'
   ),
   virusScan: $gettext('Scan for viruses'),
-  requestErrorDeniedByPolicy: $gettext('Operation denied due to security policies')
+  requestErrorDeniedByPolicy: $gettext('Operation denied due to security policies'),
+  ocsErrorPasswordOnBannedList: $gettext(
+    'Unfortunately, your password is commonly used. please pick a harder-to-guess password for your safety'
+  )
 }
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml