[Bug]: 30.0.3 share link completely broken

[LM-vb]

⚠️ This issue respects the following points: ⚠️

• This is a bug, not a question or a configuration/webserver/proxy issue.
• This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
• Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
• I agree to follow Nextcloud's Code of Conduct.

Bug description

After the update from 30.0.2 to 30.0.3 it is impossible to create a share link. Clicking on the arrow in the password field or the "create share" button only creates another "share link" entry. All created share link entries lack a link. This process can be repeated:

Console logs did not throw any errors.

Steps to reproduce

1. Update from 30.0.3 to 30.0.3
2. Try to create a share link
3. Fail

Expected behavior

To create a share link, as it worked up until 30.0.2

Nextcloud Server version

30

Operating system

Other

PHP engine version

PHP 8.3

Web server

Apache (supported)

Database engine version

PostgreSQL

Is this bug present after an update or on a fresh install?

Updated from a MINOR version (ex. 28.0.1 to 28.0.2)

Are you using the Nextcloud Server Encryption module?

None

What user-backends are you using?

• Default user-backend (database)
• LDAP/ Active Directory
• SSO - SAML
• Other

Configuration report

{
    "system": {
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            ***REMOVED SENSITIVE VALUE***
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "pgsql",
        "default_phone_region": "DE",
        "version": "30.0.2.2",
        "overwrite.cli.url": "***REMOVED SENSITIVE VALUE***",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "skeletondirectory": "",
        "memcache.local": "\\OC\\Memcache\\Redis",
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "filelocking.enabled": true,
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": 0,
            "dbindex": 0,
            "timeout": 0
        },
        "session_lifetime": 3600,
        "session_keepalive": false,
        "tempdirectory": ***REMOVED SENSITIVE VALUE***,
        "remember_login_cookie_lifetime": 0,
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpmode": "smtp",
        "mail_sendmailmode": "smtp",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "25",
        "maintenance": false,
        "theme": "",
        "loglevel": 1,
        "log.condition": {
            "apps": [
                "admin_audit"
            ]
        },
        "default_language": "en",
        "default_locale": "en_GB",
        "knowledgebaseenabled": false,
        "simpleSignUpLink.shown": false,
        "auth.webauthn.enabled": false,
        "updater.release.channel": "stable",
        "trashbin_retention_obligation": "auto, 7",
        "versions_retention_obligation": "auto, 7",
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "maintenance_window_start": 2,
        "preview_max_filesize_image": 100
    }
}

List of activated Apps

Enabled:
  - activity: 3.0.0
  - admin_audit: 1.20.0
  - announcementcenter: 7.0.1
  - app_api: 4.0.0
  - bruteforcesettings: 3.0.0
  - checksum: 1.2.5
  - cloud_federation_api: 1.13.0
  - comments: 1.20.1
  - contactsinteraction: 1.11.0
  - dav: 1.31.1
  - federatedfilesharing: 1.20.0
  - files: 2.2.0
  - files_downloadlimit: 3.0.0
  - files_pdfviewer: 3.0.0
  - files_reminders: 1.3.0
  - files_sharing: 1.22.0
  - files_trashbin: 1.20.1
  - files_versions: 1.23.0
  - files_zip: 2.1.0
  - impersonate: 1.17.0
  - logreader: 3.0.0
  - lookup_server_connector: 1.18.0
  - nextcloud_announcements: 2.0.0
  - notifications: 3.0.0
  - oauth2: 1.18.1
  - password_policy: 2.0.0
  - photos: 3.0.2
  - previewgenerator: 5.7.0
  - privacy: 2.0.0
  - provisioning_api: 1.20.0
  - quota_warning: 1.20.0
  - related_resources: 1.5.0
  - serverinfo: 2.0.0
  - settings: 1.13.0
  - sharebymail: 1.20.0
  - support: 2.0.0
  - survey_client: 2.0.0
  - systemtags: 1.20.0
  - theming: 2.5.0
  - twofactor_backupcodes: 1.19.0
  - updatenotification: 1.20.0
  - viewer: 3.0.0
  - webhook_listeners: 1.1.0-dev
  - workflowengine: 2.12.0
Disabled:
  - circles: 30.0.0 (installed 22.1.1)
  - contacts: 6.1.1 (installed 6.1.1)
  - dashboard: 7.10.0 (installed 7.0.0)
  - encryption: 2.18.0
  - federation: 1.20.0 (installed 1.10.1)
  - files_automatedtagging: 1.20.0 (installed 1.20.0)
  - files_external: 1.22.0
  - firstrunwizard: 3.0.0 (installed 2.9.0)
  - recommendations: 3.0.0 (installed 0.8.0)
  - suspicious_login: 8.0.0
  - text: 4.1.0 (installed 3.1.0)
  - theming_customcss: 1.17.0 (installed 1.17.0)
  - twofactor_nextcloud_notification: 4.0.0
  - twofactor_totp: 12.0.0-dev
  - user_ldap: 1.21.0
  - user_status: 1.10.0 (installed 1.0.1)
  - weather_status: 1.10.0 (installed 1.0.0)

Nextcloud Signing status

Nextcloud Logs

Additional info

I immediately reverted back to 30.0.2 (vm snapshot) after becoming aware of this bug. So I can't provide any further information.

[blizzz]

This does not look like 30. Did you try a hard-refresh?

P.S.: I think I see what you mean though. Any other than the first link share acts up, no?

[nfebe]

That is a regression from : #49147 (No true)

Quick workaround, remove default password/date, or enforce the defaults if needed.

[LM-vb]

This does not look like 30. Did you try a hard-refresh?

P.S.: I think I see what you mean though. Any other than the first link share acts up, no?

The icons seem to have been cached. After a shift+F5 they look like in your screenshot now (on 30.0.2).

In my test case however (30.0.3), all created links are unusable including the first one as all links were missing the URL.

[XueSheng-GIT]

Actually a duplicate of #49607 which has been ignored so far ;).

[mwildam]

For the case it helps: I do not have the password enforcing set in administrative settings and made some tests. The problem is even more severe: Although you can create share-Links with password if not enforced in admin settings, when those share links are opened, no password necessary and link is opened!

[mwildam]

I am on MariaDB and not on PostgreSQL btw, so not a DB provider specific issue.

[mwildam]

I made more tests with password enforced and not.
Situation is that - let's say with password not enforced:

1. When you klick in details on share the share link is not locked with a password.
2. When you now click on custom permissions under the share link and check the password box
3. then enter a password that is in some list of common passwords (let's say use "test") then
4. you get a popup that says "Failed to update share" - but that is not very prominent and displayed over the second popup that says "Password created successfully"
   

The effect is then that on update of the share the password seems to be cleared - so the original default 10 character password that is set when just ticking the box is not set either. That is why you then get a share that is not protected at all.

[files_sharing] Error: Password is among the 1,000,000 most common ones. Please make it unique. Password needs to be at least 10 characters long. Password is present in compromised password list. Please choose a different password.
PUT /nextcloud/ocs/v2.php/apps/files_sharing/api/v1/shares/100
from ...

[mwildam]

This is not very prominent telling that password could not be set. I would recommend to display errors in a different way than normal messages and probably let them go away not so quickly as info messages.

[mwildam]

When password protection is enforced in admin settings then ticking the checkbox to set a password when sharing, it fails immediately saying that "Passwords are enforced for link and mail shares":

{"reqId":"WrjEbpSiHJlsSKnDAVlF","level":3,"time":"2024-12-06T20:55:05+00:00","remoteAddr":"xxx.xx.xx.xxx","user":"myuser","app":"files_sharing","method":"POST","url":"/nextcloud/ocs/v2.php/apps/files_sharing/api/v1/shares","message":"Passwords are enforced for link and mail shares","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:133.0) Gecko/20100101 Firefox/133.0","version":"30.0.3.2","exception":{"Exception":"InvalidArgumentException","Message":"Passwords are enforced for link and mail shares","Code":0,"Trace":[{"file":"/var/www/html/nextcloud/lib/private/Share20/Manager.php","line":692,"function":"verifyPassword","class":"OC\\Share20\\Manager","type":"->"},{"file":"/var/www/html/nextcloud/apps/files_sharing/lib/Controller/ShareAPIController.php","line":812,"function":"createShare","class":"OC\\Share20\\Manager","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":208,"function":"createShare","class":"OCA\\Files_Sharing\\Controller\\ShareAPIController","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":114,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/var/www/html/nextcloud/lib/private/AppFramework/App.php","line":161,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/var/www/html/nextcloud/lib/private/Route/Router.php","line":302,"function":"main","class":"OC\\AppFramework\\App","type":"::"},{"file":"/var/www/html/nextcloud/ocs/v1.php","line":43,"function":"match","class":"OC\\Route\\Router","type":"->"},{"file":"/var/www/html/nextcloud/ocs/v2.php","line":7,"args":["/var/www/html/nextcloud/ocs/v1.php"],"function":"require_once"}],"File":"/var/www/html/nextcloud/lib/private/Share20/Manager.php","Line":106,"message":"Passwords are enforced for link and mail shares","exception":{},"CustomMessage":"Passwords are enforced for link and mail shares"}}

Probably when activating automatic password protection it tries to create with a password being less than 10 characters because that also causes an error.

[mwildam]

In my opinion when the enforcing of passwords and expiry dates is deactivated there is no further critical issue if the user carefully ready possible error messages before they vanish.

[mwildam]

When I uncheck password checks and reduce to 8 characters the minimum length, I get the problem of #49607 - what is definitely weird.

[dea-75]

There is a final bugfix for 30.0.3 ? I've just seen in the devel site ....