From 6bbcc0b3d6032af089be7b6f45f407acbae09138 Mon Sep 17 00:00:00 2001 From: Avinash Gusain Date: Wed, 13 May 2026 23:48:52 +0530 Subject: [PATCH 1/5] pasword security patch --- Dockerfile | 4 +-- ...d-setting-section-encryption-enabled.patch | 31 +++++++++++++++++++ 2 files changed, 33 insertions(+), 2 deletions(-) create mode 100644 patches/040-hide-password-setting-section-encryption-enabled.patch diff --git a/Dockerfile b/Dockerfile index a6998a8..6e5bfae 100644 --- a/Dockerfile +++ b/Dockerfile @@ -19,7 +19,7 @@ ARG MEMORIES_URL="https://github.com/pulsejet/memories/releases/download/v7.8.2/ ARG DROP_ACCOUNT_URL="https://packages.framasoft.org/projects/nextcloud-apps/drop-account/drop_account-2.7.1.tar.gz" ARG GOOGLE_INTEGRATION_URL="https://github.com/nextcloud-releases/integration_google/releases/download/v4.2.0/integration_google-v4.2.0.tar.gz" -RUN sed -i 's/32,0,6,1/32,0,6,12/' ${BASE_DIR}/version.php +RUN sed -i 's/32,0,6,1/32,0,6,13/' ${BASE_DIR}/version.php COPY custom_entrypoint.sh / RUN chmod +x /custom_entrypoint.sh RUN mkdir -p /var/www/skeleton/Documents && mkdir -p /var/www/skeleton/Images @@ -108,7 +108,7 @@ RUN patch -u ${BASE_DIR}/lib/private/L10N/Factory.php -i ${TMP_PATCH_DIR}/032-se # UserConfigChangedEvent Ref: https://github.com/nextcloud/server/pull/42039 RUN cd ${BASE_DIR} && patch -p1 < ${TMP_PATCH_DIR}/036-user-config-change-event.patch RUN patch -u ${BASE_DIR}/custom_apps/integration_google/lib/Service/GoogleDriveAPIService.php -i ${TMP_PATCH_DIR}/039-fix-slow-google-import-job.patch - +RUN patch -u ${BASE_DIR}/apps/settings/lib/Settings/Personal/Security/Password.php -i ${TMP_PATCH_DIR}/040-hide-password-setting-section-encryption-enabled.patch RUN rm -rf ${TMP_PATCH_DIR} # Custom theme diff --git a/patches/040-hide-password-setting-section-encryption-enabled.patch b/patches/040-hide-password-setting-section-encryption-enabled.patch new file mode 100644 index 0000000..2e6b2e3 --- /dev/null +++ b/patches/040-hide-password-setting-section-encryption-enabled.patch @@ -0,0 +1,31 @@ +From: Avinash avinashg@e.email +Date: Wed, 13 Mar 2026 15:45:00 +0530 +Subject: [PATCH] Hide password settings section when encryption is enabled + +--- ./apps/settings/lib/Settings/Personal/Security/Password.php 2026-05-13 23:38:33 ++++ ./apps/settings/lib/Settings/Personal/Security/Password-new.php 2026-05-13 23:41:36 +@@ -9,12 +9,14 @@ + namespace OCA\Settings\Settings\Personal\Security; + + use OCP\AppFramework\Http\TemplateResponse; ++use OCP\IConfig; + use OCP\IUserManager; + use OCP\Settings\ISettings; + + class Password implements ISettings { + + public function __construct( ++ private IConfig $config, + private IUserManager $userManager, + private ?string $userId, + ) { +@@ -33,6 +35,9 @@ + } + + public function getSection(): string { ++ if ($this->config->getSystemValueBool('password_encrypt_enabled', false)) { ++ return null; ++ } + return 'security'; + } + -- GitLab From 360dd783572ccc68744f28e62a272e75eb875a0f Mon Sep 17 00:00:00 2001 From: Avinash Gusain Date: Fri, 15 May 2026 17:22:18 +0530 Subject: [PATCH 2/5] updated password patch to check defaultE2eeFlowEnabled --- ...d-setting-section-encryption-enabled.patch | 22 +++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/patches/040-hide-password-setting-section-encryption-enabled.patch b/patches/040-hide-password-setting-section-encryption-enabled.patch index 2e6b2e3..0a094ab 100644 --- a/patches/040-hide-password-setting-section-encryption-enabled.patch +++ b/patches/040-hide-password-setting-section-encryption-enabled.patch @@ -19,13 +19,31 @@ Subject: [PATCH] Hide password settings section when encryption is enabled private IUserManager $userManager, private ?string $userId, ) { -@@ -33,6 +35,9 @@ +@@ -33,10 +35,25 @@ } public function getSection(): string { -+ if ($this->config->getSystemValueBool('password_encrypt_enabled', false)) { ++ if ($this->shouldHideCorePasswordPanel()) { + return null; + } return 'security'; } + public function getPriority(): int { + return 10; ++ } ++ ++ private function shouldHideCorePasswordPanel(): bool { ++ if ($this->userId === null) { ++ return false; ++ } ++ ++ if (!$this->config->getSystemValueBool('password_encrypt_enabled', false)) { ++ return false; ++ } ++ ++ return $this->config->getUserValue($this->userId, 'passwords', 'defaultE2eeFlowEnabled', '0') !== '1'; + } + } +\ No newline at end of file + -- GitLab From bb7087e279c0dfc9fbc752c97428e354c3d0707b Mon Sep 17 00:00:00 2001 From: Avinash Gusain Date: Tue, 19 May 2026 12:56:18 +0530 Subject: [PATCH 3/5] updated config varible --- .../040-hide-password-setting-section-encryption-enabled.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/patches/040-hide-password-setting-section-encryption-enabled.patch b/patches/040-hide-password-setting-section-encryption-enabled.patch index 0a094ab..9a68dcb 100644 --- a/patches/040-hide-password-setting-section-encryption-enabled.patch +++ b/patches/040-hide-password-setting-section-encryption-enabled.patch @@ -38,7 +38,7 @@ Subject: [PATCH] Hide password settings section when encryption is enabled + return false; + } + -+ if (!$this->config->getSystemValueBool('password_encrypt_enabled', false)) { ++ if (!$this->config->getSystemValueBool('enable_change_password_form', false)) { + return false; + } + -- GitLab From 4fe61ba107b79490f78b01a76dcef1df85c79b61 Mon Sep 17 00:00:00 2001 From: Avinash Gusain Date: Tue, 19 May 2026 19:08:26 +0530 Subject: [PATCH 4/5] updated config variable to passwords.enable_change_password_form --- .../040-hide-password-setting-section-encryption-enabled.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/patches/040-hide-password-setting-section-encryption-enabled.patch b/patches/040-hide-password-setting-section-encryption-enabled.patch index 9a68dcb..9078c4f 100644 --- a/patches/040-hide-password-setting-section-encryption-enabled.patch +++ b/patches/040-hide-password-setting-section-encryption-enabled.patch @@ -38,7 +38,7 @@ Subject: [PATCH] Hide password settings section when encryption is enabled + return false; + } + -+ if (!$this->config->getSystemValueBool('enable_change_password_form', false)) { ++ if (!$this->config->getSystemValueBool('passwords.enable_change_password_form', false)) { + return false; + } + -- GitLab From 98f7ddb9ae432aa2fadb7cd38ed0d6b766f47df1 Mon Sep 17 00:00:00 2001 From: Avinash Gusain Date: Thu, 21 May 2026 16:49:58 +0530 Subject: [PATCH 5/5] updated app config and user config --- ...sword-setting-section-encryption-enabled.patch | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/patches/040-hide-password-setting-section-encryption-enabled.patch b/patches/040-hide-password-setting-section-encryption-enabled.patch index 9078c4f..1f19218 100644 --- a/patches/040-hide-password-setting-section-encryption-enabled.patch +++ b/patches/040-hide-password-setting-section-encryption-enabled.patch @@ -4,22 +4,24 @@ Subject: [PATCH] Hide password settings section when encryption is enabled --- ./apps/settings/lib/Settings/Personal/Security/Password.php 2026-05-13 23:38:33 +++ ./apps/settings/lib/Settings/Personal/Security/Password-new.php 2026-05-13 23:41:36 -@@ -9,12 +9,14 @@ +@@ -9,12 +9,16 @@ namespace OCA\Settings\Settings\Personal\Security; use OCP\AppFramework\Http\TemplateResponse; -+use OCP\IConfig; ++use OCP\IAppConfig; ++use OCP\IUserConfig; use OCP\IUserManager; use OCP\Settings\ISettings; class Password implements ISettings { public function __construct( -+ private IConfig $config, ++ private IAppConfig $appConfig, ++ private IUserConfig $userConfig, private IUserManager $userManager, private ?string $userId, ) { -@@ -33,10 +35,25 @@ +@@ -33,10 +37,25 @@ } public function getSection(): string { @@ -38,12 +40,11 @@ Subject: [PATCH] Hide password settings section when encryption is enabled + return false; + } + -+ if (!$this->config->getSystemValueBool('passwords.enable_change_password_form', false)) { ++ if (!$this->appConfig->getValueBool('passwords', 'enable_change_password_form', false)) { + return false; + } + -+ return $this->config->getUserValue($this->userId, 'passwords', 'defaultE2eeFlowEnabled', '0') !== '1'; ++ return $this->userConfig->getUserValueString('passwords', 'defaultE2eeFlowEnabled', '0') !== '1'; } } \ No newline at end of file - -- GitLab