Nextcloud version: 24.0.1
Operating system and version: Ubuntu 18.04
Apache or nginx version: 2.4.29
PHP version: 7.4
The issue we’re facing:
When i share something by mail, two mails should be sent out.
One with the link and another one with the password (enforced for linksharing). But only the first mail with the link is actually sent.
An automatically generated password shows up in the password field when you share something, but it doesnt get sent out when you click on the arrow next to that password.
If you update the password any time after the initial share creation and click on the same arrow mentioned above, an email is sent out correctly.
This is confusing. It worked flawlessly before the update and seems to be working now too, just not automatically.
I found the creation of the share in the logs, but there was nothing that could point to any error. As i mentioned, every step works, the second mail is just not being sent automatically anymore.
For the users its really confusing because on reviewing the share, the password box is checked, a password (placeholders) displayed so now they have no indicator to know if its sent out.
Is this the first time this error occured?
The problem occurs since the update to release 24.0.1.
Steps to replicate it:
Enforce password protection on link sharing
Share something via email
Click on the arrow next to the generated password
→ you only receive the link email, unless you enter another password yourself and resend it.
Does anyone else have the same problem or can give me a hint where i could possibly find logs/information on why its not sent?
I or we currently have the same problem. The first message is sent but the second one with the password is not sent anymore. There seems to be a bug since the last update.
I have tested it with Nextcloud 24.0.1 (24.0.1.1 in status.php) and it works for me. The user gets two emails. One with the link and one with the password.
From a security point of view, it makes no sense at all to send the link and the password via two e-mails. You might as well write one e-mail. Maybe I should create an issue regarding this security risk. You must send the password on a second way e.g. WhatsApp, SMS, … for real security. Ask real security experts.
You can better use the app Guests (video). There you get not the security risk. The risk is only on creating the user the first time (initial password). Then the user must/can change the password with HTTPS (TLS/SSL).
thanks for testing I agree with the security concerns, but you can use different complexities of sharing for different levels of security needs. Higher security often comes at the expense of more steps and time for the end user. Not every involved user requires it to the utmost degree every time. Therefore, we like to provide different possibilities for sharing.
Do you have any hints or ideas what the problem on our side could be?
I noticed, that sharing to other Nextcloud users generates 2 mails but sharing to external users generates one mail with the link only (NC 21 to 23) resp. mail needs to be created manually with the link.
I think there is no security difference between one email with link/password and two emails with link and password separated. I think here one imagines the security only.