[Bug]: Share policy of "Always ask for a password" not used unless "Enforce password protection" is on too

[thekk1]

⚠️ This issue respects the following points: ⚠️

• This is a bug, not a question or a configuration/webserver/proxy issue.
• This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
• Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
• I agree to follow Nextcloud's Code of Conduct.

Bug description

After an upgrade from 27.x over 28.x to 29.0.4 the default sharing permissions for shared links are not effective any more.
Asking for a password do not generate a password in the share and the tick is disabled.
Only enforce password is working which is not the solution that we want to use.
Also the permissions for create and change are not enabled after link generating.

Steps to reproduce

1. I don't know if this problem is maybe a migration problem or just a "normal" bug, so to reproduce it could be neccessary to upgrade from an older version.
2. Setup permission presets under Administration -> Share
3. Share a file or folder and have a look at the permissions at this shared link.

Expected behavior

I expect the default permissions to be the default and not to be ignored.

Installation method

Community Manual installation with Archive

Nextcloud Server version

29

Operating system

Debian/Ubuntu

PHP engine version

PHP 8.1

Web server

Apache (supported)

Database engine version

MySQL

Is this bug present after an update or on a fresh install?

Upgraded to a MAJOR version (ex. 28 to 29)

Are you using the Nextcloud Server Encryption module?

Encryption is Disabled

What user-backends are you using?

• Default user-backend (database)
• LDAP/ Active Directory
• SSO - SAML
• Other

Configuration report

{
    "system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "***REMOVED SENSITIVE VALUE***",
            "***REMOVED SENSITIVE VALUE***",
            "***REMOVED SENSITIVE VALUE***"
        ],
        "trusted_proxies": "***REMOVED SENSITIVE VALUE***",
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "29.0.4.1",
        "overwrite.cli.url": "***REMOVED SENSITIVE VALUE***",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpmode": "smtp",
        "mail_sendmailmode": "smtp",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "587",
        "app.mail.verify-tls-peer": false,
        "ldapIgnoreNamingRules": false,
        "ldapProviderFactory": "OCA\\User_LDAP\\LDAPProviderFactory",
        "htaccess.RewriteBase": "\/",
        "ldapUserCleanupInterval": "51",
        "memcache.local": "\\OC\\Memcache\\APCu",
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": 0,
            "dbindex": 0,
            "timeout": 1.5
        },
        "enable_previews": false,
        "maintenance": false,
        "skeletondirectory": "\/nc-config\/skeleton",
        "theme": "",
        "loglevel": 3,
        "default_phone_region": "DE",
        "updater.release.channel": "stable",
        "app_install_overwrite": [
            "files_lock",
            "sharepermissions",
            "files_bpm",
            "files_trackdownloads",
            "files_markdown",
            "files_downloadactivity",
            "cms_pico",
            "ransomware_protection",
            "sharelisting",
            "signlive"
        ],
        "session_lifetime": 14400,
        "session_keepalive": true,
        "remember_login_cookie_lifetime": 0,
        "forwarded_for_headers": [
            "HTTP_X_FORWARDED",
            "HTTP_FORWARDED_FOR",
            "HTTP_X_FORWARDED_FOR"
        ],
        "auth.bruteforce.protection.enabled": true,
        "trashbin_retention_obligation": "auto, 30",
        "versions_retention_obligation": "auto, 90",
        "mail_smtpauthtype": "LOGIN",
        "mail_smtpauth": 1,
        "mail_smtpsecure": "tls",
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "activity_use_cached_mountpoints": true,
        "activity_expire_days": "100000",
        "maintenance_window_start": 4
    }
}

List of activated Apps

Enabled:
  - activity: 2.21.1
  - admin_audit: 1.19.0
  - approval: 1.3.0
  - bruteforcesettings: 2.9.0
  - cloud_federation_api: 1.12.0
  - cms_pico: 1.0.21
  - comments: 1.19.0
  - dav: 1.30.1
  - drawio: 3.0.2
  - federatedfilesharing: 1.19.0
  - federation: 1.19.0
  - files: 2.1.0
  - files_accesscontrol: 1.19.1
  - files_antivirus: 5.5.7
  - files_automatedtagging: 1.19.0
  - files_downloadlimit: 2.0.0
  - files_external: 1.21.0
  - files_linkeditor: 1.1.20
  - files_markdown: 2.4.1
  - files_pdfviewer: 2.10.0
  - files_reminders: 1.2.0
  - files_scripts: 4.1.0
  - files_sharing: 1.21.0
  - files_trashbin: 1.19.0
  - files_versions: 1.22.0
  - flow_notifications: 1.9.0
  - groupfolders: 17.0.1
  - guests: 3.1.0
  - keeweb: 0.6.19
  - logreader: 2.14.0
  - lookup_server_connector: 1.17.0
  - metadata: 0.20.0
  - notifications: 2.17.0
  - oauth2: 1.17.0
  - onlyoffice: 9.3.0
  - password_policy: 1.19.0
  - provisioning_api: 1.19.0
  - quota_warning: 1.19.0
  - ransomware_protection: 1.14.0
  - related_resources: 1.4.0
  - serverinfo: 1.19.0
  - settings: 1.12.0
  - sharebymail: 1.19.0
  - sharelisting: 1.2.0
  - systemtags: 1.19.0
  - text: 3.10.1
  - theming: 2.4.0
  - theming_customcss: 1.17.0
  - twofactor_backupcodes: 1.18.0
  - updatenotification: 1.19.1
  - user_ldap: 1.20.0
  - viewer: 2.3.0
  - workflow_script: 1.14.1
  - workflowengine: 2.11.0
Disabled:
  - cfg_share_links: 5.1.0 (installed 5.1.0)
  - circles: 29.0.0-dev (installed 24.0.1)
  - contactsinteraction: 1.10.0 (installed 1.2.0)
  - dashboard: 7.9.0 (installed 7.0.0)
  - duplicatefinder: 1.2.3 (installed 1.2.3)
  - encryption: 2.17.0
  - extract: 1.3.6 (installed 1.3.6)
  - files_downloadactivity: 1.16.0 (installed 1.16.0)
  - files_fulltextsearch: 29.0.0 (installed 29.0.0)
  - files_fulltextsearch_tesseract: 27.0.0 (installed 27.0.0)
  - files_lock: 29.0.1 (installed 29.0.1)
  - files_mindmap: 0.0.30 (installed 0.0.30)
  - files_texteditor: 2.15.1 (installed 2.15.1)
  - files_trackdownloads: 1.11.0 (installed 1.11.0)
  - firstrunwizard: 2.18.0 (installed 2.9.0)
  - fulltextsearch: 29.0.0 (installed 29.0.0)
  - fulltextsearch_elasticsearch: 29.0.1 (installed 29.0.1)
  - limit_login_to_ip: 4.1.0 (installed 4.1.0)
  - nextcloud_announcements: 1.18.0 (installed 1.10.0)
  - otpmanager: 0.5.4 (installed 0.5.4)
  - photos: 2.5.0 (installed 1.2.3)
  - privacy: 1.13.0 (installed 1.5.0)
  - recommendations: 2.1.0 (installed 1.0.0)
  - signlive: 0.9.0 (installed 0.9.0)
  - support: 1.12.0 (installed 1.4.0)
  - survey_client: 1.17.0 (installed 1.9.0)
  - suspicious_login: 7.0.0
  - twofactor_totp: 11.0.0-dev
  - user_status: 1.9.0 (installed 1.1.1)
  - weather_status: 1.9.0 (installed 1.5.0)

Nextcloud Signing status

No errors have been found.

Nextcloud Logs

{"reqId":"5ZqeISF5qtuCA3ne1AQx","level":3,"time":"2024-07-29T07:51:02+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"--","message":"opendir(/var/www/html/data/__groupfolders/10/Software/Infrastructure): Failed to open directory: Permission denied at /var/www/html/lib/private/Files/Storage/Local.php#164","userAgent":"--","version":"29.0.4.1","data":{"app":"PHP"}}

Additional info

No response

[szaimen]

FYI @sorbaugh

[joshtrichards]

Asking for a password do not generate a password in the share and the tick is disabled.
Only enforce password is working which is not the solution that we want to use.

Reproduced (in v30). No pop-up is shown or password is set unless Enforce password protection is on at the same time.

Thanks for the report.

[nfebe]

• fix(SharingEntryLink): Show default password before create if any #49115
• enh: Fix display default expire date, add tests & tiny refactors #50655