Allow custom public share tokens for form links#3311
Open
alexander-rebello wants to merge 13 commits intonextcloud:mainfrom
Open
Allow custom public share tokens for form links#3311alexander-rebello wants to merge 13 commits intonextcloud:mainfrom
alexander-rebello wants to merge 13 commits intonextcloud:mainfrom
Conversation
Signed-off-by: Alexander Rebello <me@alexander-rebello.de>
Signed-off-by: Alexander Rebello <me@alexander-rebello.de>
Signed-off-by: Alexander Rebello <me@alexander-rebello.de>
Codecov Report❌ Patch coverage is
📢 Thoughts on this report? Let us know! |
Signed-off-by: Alexander Rebello <me@alexander-rebello.de>
Signed-off-by: Alexander Rebello <me@alexander-rebello.de>
Signed-off-by: Alexander Rebello <me@alexander-rebello.de>
Chartman123
previously approved these changes
Apr 24, 2026
Collaborator
Chartman123
left a comment
Chartman123
left a comment
There was a problem hiding this comment.
Added some review comments on the PHP part
| #[NoCSRFRequired()] | ||
| #[PublicPage()] | ||
| #[FrontpageRoute(verb: 'GET', url: '/s/{hash}', requirements: ['hash' => '[a-zA-Z0-9]{24,}'])] | ||
| #[FrontpageRoute(verb: 'GET', url: '/s/{hash}', requirements: ['hash' => self::PUBLIC_SHARE_HASH_REQUIREMENT])] |
Collaborator
There was a problem hiding this comment.
Would probably be good if we can decide here wether custom share tokens are allowed on that instance. But IIRC it's not working with dynamically defined requirements.
Author
There was a problem hiding this comment.
Meaning it would be good, but can't be done in this instance? Or should I try?
Signed-off-by: Alexander Rebello <me@alexander-rebello.de>
Signed-off-by: Alexander Rebello <me@alexander-rebello.de>
Chartman123
added
enhancement
Chartman123
dismissed
their stale review
Accidentally approved the PR instead of just adding the review comments
Signed-off-by: Alexander Rebello <me@alexander-rebello.de>
Author
|
Whats the holdup? Could we check if this version works? |
Chartman123
reviewed
Apr 27, 2026
Chartman123
reviewed
Apr 28, 2026
Co-authored-by: Christian Hartmann <chris-hartmann@gmx.de> Signed-off-by: Alexander Rebello <me@alexander-rebello.de>
Signed-off-by: Alexander Rebello <me@alexander-rebello.de>
Collaborator
|
Please don't merge the |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This adds admin-gated custom tokens for public Forms share links. By default the feature is disabled, so existing instances keep the current random-token behavior. When enabled by an admin, form owners can edit the token of an existing public link directly in the sharing sidebar, save it explicitly, and the old URL becomes invalid immediately.
It also adds the necessary backend support for token updates, keeps public-link routing compatible with custom tokens, and includes tests plus API documentation updates.