feat(webapp): display basic auth credentials in share card after upload#733
Merged
Conversation
When an upload is protected with HTTP basic authentication, the login and password were only visible in the upload sidebar — navigating to the download view caused them to be lost, as the server intentionally strips credentials from API responses (upload.Sanitize()). This change carries the raw credentials through the in-memory pendingUploadStore (alongside the existing passphrase and basicAuth header) and displays them in a transient "Credentials" section in DownloadSidebar's share card, following the same pattern used for E2EE passphrases. They are ephemeral by design: they only appear in the uploader's browser tab immediately after upload. A pre-upload validation guard is also added: if the password toggle is enabled but either field is blank, the upload is blocked with a clear error message before calling the API. Changes: - pendingUploadStore: carry login/password alongside basicAuth - UploadView: validate credentials before upload; pass raw values to store - DownloadView: extract credentials from pending store, pass to sidebar - DownloadSidebar: new "Credentials" section with copy buttons - i18n: add credentials/login/password/passwordCredentialsIncomplete keys to all 13 locale files - Tests: unit test for store, 4 new e2e tests (toggle reveal, validation blocking, share card display, visitor cannot see credentials) - ARCHITECTURE.md: document pending store signature and transient display
camathieu
force-pushed
the
feat/basicauth-credentials-display
branch
from
38867f7 to
2d0aa04
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
When uploading files with HTTP basic authentication, the login and password were only shown in the upload sidebar. Navigating to the download view caused them to disappear — the server intentionally strips credentials from API responses (
upload.Sanitize()), so they were unrecoverable without starting a new upload.This PR adds a transient Credentials section to the download sidebar's share card, displaying the login and password with individual copy buttons. It follows the same pattern already used for E2EE passphrases.
A pre-upload validation guard is also added: if the password toggle is on but either field is empty, the upload is blocked with a clear error before hitting the API.
Why
Usability issue: users who didn't copy their credentials before clicking Upload had no way to retrieve them. This is especially problematic when sharing the link — the recipient needs those credentials to access the files.
Changes
pendingUploadStore.js— carrylogin/passwordas new optional fields alongsidebasicAuthUploadView.vue— validate both fields are non-empty before upload; unifyhasCredentialsflag used consistently for encoding and raw value stashingDownloadView.vue— extract credentials from pending store into reactive refs; pass as props toDownloadSidebarDownloadSidebar.vue— new "Credentials" section (login + password rows, each with aCopyButton); only rendered when values are present (transient — disappears on page refresh, by design)credentials,login,password(display labels) andpasswordCredentialsIncomplete(validation error) added to all 13 locale fileswebapp/ARCHITECTURE.md— updated pending store docs, component tree description, added note on transient credential displayTesting
settings.spec.js: