From 3b6a36fae605add2aacfde7d1b023d9313087590 Mon Sep 17 00:00:00 2001
From: yemkareems <yemkareems@gmail.com>
Date: Wed, 30 Oct 2024 11:29:52 +0530
Subject: [PATCH] fix: add PasswordConfirmationRequired to
 saveGlobalCredentials

Co-authored-by: yemkareems <yemkareems@gmail.com>
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
---
 apps/files_external/js/settings.js            | 27 ++++++++++++-------
 .../lib/Controller/AjaxController.php         |  2 ++
 2 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/apps/files_external/js/settings.js b/apps/files_external/js/settings.js
index 5cbd011bcc1ba..61f1696545adf 100644
--- a/apps/files_external/js/settings.js
+++ b/apps/files_external/js/settings.js
@@ -1488,30 +1488,37 @@ window.addEventListener('DOMContentLoaded', function() {
 		}
 	});
 
-	$('#global_credentials').on('submit', function() {
-		var $form = $(this);
+	function _submitCredentials(success) {
 		var uid = $form.find('[name=uid]').val();
 		var user = $form.find('[name=username]').val();
 		var password = $form.find('[name=password]').val();
-		var $submit = $form.find('[type=submit]');
-		$submit.val(t('files_external', 'Saving …'));
 		$.ajax({
 			type: 'POST',
 			contentType: 'application/json',
 			data: JSON.stringify({
-					uid: uid,
-					user: user,
-				password: password
+				uid,
+				user,
+				password,
 			}),
 				url: OC.generateUrl('apps/files_external/globalcredentials'),
 				dataType: 'json',
-			success: function() {
+				success,
+		});
+	}
+
+	$('#global_credentials').on('submit', function() {
+		var $form = $(this);
+		var $submit = $form.find('[type=submit]');
+		$submit.val(t('files_external', 'Saving …'));
+
+		window.OC.PasswordConfirmation
+			.requirePasswordConfirmation(() => _submitCredentials(function() {
 				$submit.val(t('files_external', 'Saved'));
 				setTimeout(function(){
 					$submit.val(t('files_external', 'Save'));
 				}, 2500);
-			}
-		});
+			}));
+
 		return false;
 	});
 
diff --git a/apps/files_external/lib/Controller/AjaxController.php b/apps/files_external/lib/Controller/AjaxController.php
index dfc5947ed77a4..3934b12c7fa42 100644
--- a/apps/files_external/lib/Controller/AjaxController.php
+++ b/apps/files_external/lib/Controller/AjaxController.php
@@ -10,6 +10,7 @@
 use OCA\Files_External\Lib\Auth\PublicKey\RSA;
 use OCP\AppFramework\Controller;
 use OCP\AppFramework\Http\Attribute\NoAdminRequired;
+use OCP\AppFramework\Http\Attribute\PasswordConfirmationRequired;
 use OCP\AppFramework\Http\JSONResponse;
 use OCP\IGroupManager;
 use OCP\IRequest;
@@ -71,6 +72,7 @@ public function getSshKeys($keyLength = 1024) {
 	 * @return bool
 	 */
 	#[NoAdminRequired]
+	#[PasswordConfirmationRequired]
 	public function saveGlobalCredentials($uid, $user, $password) {
 		$currentUser = $this->userSession->getUser();
 		if ($currentUser === null) {