Skip to content

fix(files_sharing): fallback self.crypto.getRandomValues #53635

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jul 28, 2025
Merged

fix(files_sharing): fallback self.crypto.getRandomValues #53635

merged 2 commits into from
Jul 28, 2025

Conversation

@skjnldsv
Copy link
Member

On tests, we have a non-secure env (HTTP), some users might also use without ssl on their local instances

@skjnldsv skjnldsv self-assigned this Jun 21, 2025
@skjnldsv skjnldsv requested a review from a team as a code owner June 21, 2025 08:10
@skjnldsv skjnldsv added the bug label Jun 21, 2025
@skjnldsv skjnldsv requested review from susnux and removed request for a team June 21, 2025 08:10
@skjnldsv skjnldsv added the 3. to review Waiting for reviews label Jun 21, 2025
@skjnldsv skjnldsv requested review from nfebe and szaimen June 21, 2025 08:10
@szaimen szaimen removed their request for review June 21, 2025 08:58
susnux
susnux approved these changes Jun 21, 2025
View reviewed changes
apps/files_sharing/src/utils/GeneratePassword.ts
* @param {Uint8Array} array - The array to fill with random values.
*/
function getRandomValues(array: Uint8Array): void {
if (self?.crypto?.getRandomValues) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
if (self?.crypto?.getRandomValues) {
if (self.crypto?.getRandomValues) {

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Eehehe I thought self could also be undefined sometimes 🤭🤭
I guess we're adamant this is the browser anyway so yeah, maybe not needed 😊

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you expect self to be undefined, then just use globalThis instead ;)

@susnux
Copy link
Contributor

susnux commented Jun 21, 2025

On tests, we have a non-secure env (HTTP)

HTTP is not the only source, IIRC we use localhost which also with HTTP is a secure env.

Nevertheless as long as we support non-https for users we should also fix this here.

@skjnldsv
Copy link
Member Author

HTTP is not the only source, IIRC we use localhost which also with HTTP is a secure env.

It failed on viewer cypress tests. I guess it's because of the docker IP ?🤔

This was referenced Jul 7, 2025
Merged
Merged
Draft
@skjnldsv skjnldsv requested review from a team, artonge and sorbaugh and removed request for a team July 28, 2025 16:06
@skjnldsv skjnldsv added this to the Nextcloud 32 milestone Jul 28, 2025
@skjnldsv
fix(files_sharing): fallback self.crypto.getRandomValues
3cff9d8 
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
@skjnldsv skjnldsv force-pushed the fix/insecure-crypto-env branch from 04c9868 to 3cff9d8 Compare July 28, 2025 16:07
@skjnldsv
Copy link
Member Author

/compile

@nextcloud-command
chore(assets): Recompile assets
f35d164 
Signed-off-by: nextcloud-command <nextcloud-command@users.noreply.github.com>
@nextcloud-command nextcloud-command requested a review from a team as a code owner July 28, 2025 17:08
@skjnldsv skjnldsv merged commit 33ddce4 into master Jul 28, 2025
124 checks passed
@skjnldsv skjnldsv deleted the fix/insecure-crypto-env branch July 28, 2025 17:52
@skjnldsv
Copy link
Member Author

/backport to stable31

@skjnldsv
Copy link
Member Author

/backport to stable30

@backportbot backportbot bot mentioned this pull request Jul 28, 2025
Merged
2 tasks
@backportbot backportbot bot mentioned this pull request Jul 28, 2025
Merged
2 tasks
@skjnldsv skjnldsv mentioned this pull request Aug 19, 2025
Merged
@skjnldsv skjnldsv modified the milestones: Nextcloud 32, Nextcloud 33 Sep 28, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@susnux susnux susnux approved these changes

@nfebe nfebe nfebe approved these changes

@artonge artonge Awaiting requested review from artonge artonge is a code owner automatically assigned from nextcloud/server-frontend

@sorbaugh sorbaugh Awaiting requested review from sorbaugh sorbaugh is a code owner automatically assigned from nextcloud/server-frontend

Assignees

@skjnldsv skjnldsv

Labels

3. to review Waiting for reviews bug feature: sharing

Projects

None yet

Milestone

Nextcloud 32

Development

Successfully merging this pull request may close these issues.

5 participants

@skjnldsv @susnux @nfebe @nextcloud-command