nextcloud
Support endpoints with password confirmation
To use those endpoints the password has to be entered by the user and sent to https://github.com/nextcloud/server/blob/1612d025cf21ac0ae70327c46dd59be66c096627/core/Controller/LoginController.php#L362. This endpoint is currently not reachable for us and we would need to support CSRF endpoints too (which is some more work). The better approach would probably be to open up the endpoint and allow us to use it.
Let's see where this goes https://github.com/nextcloud/server/pull/43000
Ok, so this is actually a bug in the server auth logic. I will make a fix and then we have to wait for new releases of all the versions we support :/
In the end we went with https://github.com/nextcloud/server/pull/43668. We will have to handle the errors in a generic way to display the dialog to do the password confirmation. On unsupported versions we will just have to say that it is not possible to execute the action.
Is there any way we can unblock this? You meant that it is only an issue when sending cookies; we should be able to patch our client to not send them (at least on non web platforms).
I think #1580 should make this really easy.
No this is different from the WebDAV thing. There is no way around this, it will only be available on server 29+.
I thought this would be not so easy to implement, but we can simply assume that only API endpoints called within wrapAction can trigger the password confirmation. We can simply catch the error there and show the dialog and afterwards retry. I first thought it would be necessary to mess around with the RequestManager so it also supports password confirmation for the cached endpoints, but that is simply not required.
Actually done already, just not in the framework so far (I'm working on it).