Merge pull request #48373 from nextcloud/fix/788/add-password-confirmation-required-to-user-storage-create

yemkareems · web-flow · commit de9f5c4ec6b4 · 2024-10-17T11:10:19.000+05:30
fix: add PasswordConfirmationRequired to create user storages endpoint
diff --git a/apps/files_external/js/settings.js b/apps/files_external/js/settings.js
@@ -267,14 +267,25 @@ StorageConfig.prototype = {
 	 * @param {Function} [options.error] error callback
 	 */
 	save: function(options) {
-		var self = this;
 		var url = OC.generateUrl(this._url);
 		var method = 'POST';
 		if (_.isNumber(this.id)) {
 			method = 'PUT';
 			url = OC.generateUrl(this._url + '/{id}', {id: this.id});
 		}
 
+		window.OC.PasswordConfirmation.requirePasswordConfirmation(() => this._save(method, url, options), options.error);
+	},
+
+	/**
+	 * Private implementation of the save function (called after potential password confirmation)
+	 * @param {string} method 
+	 * @param {string} url 
+	 * @param {{success: Function, error: Function}} options 
+	 */
+	_save: function(method, url, options) {
+		self = this;
+
 		$.ajax({
 			type: method,
 			url: url,
@@ -348,6 +359,15 @@ StorageConfig.prototype = {
 			}
 			return;
 		}
+
+		window.OC.PasswordConfirmation.requirePasswordConfirmation(() => this._destroy(options), options.error)
+	},
+
+	/**
+	 * Private implementation of the DELETE method called after password confirmation
+	 * @param {{ success: Function, error: Function }} options 
+	 */
+	_destroy: function(options) {
 		$.ajax({
 			type: 'DELETE',
 			url: OC.generateUrl(this._url + '/{id}', {id: this.id}),
diff --git a/apps/files_external/lib/Controller/UserStoragesController.php b/apps/files_external/lib/Controller/UserStoragesController.php
@@ -13,6 +13,7 @@
 use OCA\Files_External\Service\UserStoragesService;
 use OCP\AppFramework\Http;
 use OCP\AppFramework\Http\Attribute\NoAdminRequired;
+use OCP\AppFramework\Http\Attribute\PasswordConfirmationRequired;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\IConfig;
 use OCP\IGroupManager;
@@ -99,6 +100,7 @@ public function show($id, $testOnly = true) {
 	 * @return DataResponse
 	 */
 	#[NoAdminRequired]
+	#[PasswordConfirmationRequired]
 	public function create(
 		$mountPoint,
 		$backend,
@@ -154,6 +156,7 @@ public function create(
 	 * @return DataResponse
 	 */
 	#[NoAdminRequired]
+	#[PasswordConfirmationRequired]
 	public function update(
 		$id,
 		$mountPoint,
@@ -205,6 +208,7 @@ public function update(
 	 * {@inheritdoc}
 	 */
 	#[NoAdminRequired]
+	#[PasswordConfirmationRequired]
 	public function destroy($id) {
 		return parent::destroy($id);
 	}
