[Sharing NG] Internal links shouldn't have a password

[JammingBen]

Describe the bug

Changing the type for an existing link with a password to "internal" does not remove the password from the link.

Steps to reproduce

1. Create a link with type "view" and add a password
2. Change the type to "internal"

Expected behavior

The password gets removed by the server as internal links shouldn't have a password.

Actual behavior

The password stays, leading to weird behaviours when resolving such a link via the web client.

[2403905]

In step 2, what is the permissions value in a request?

[2403905]

@JammingBen Could you give me the request example?

[JammingBen]

@JammingBen Could you give me the request example?

Sure, this is the payload the Web client in sending:

{
	"link": {
		"@libre.graph.displayName": "Link",
		"@libre.graph.quickLink": true,
		"preventsDownload": false,
		"type": "internal",
		"webUrl": "https://host.docker.internal:9200/s/MxdXpEYSsxSlrrZ"
	}
}

There is no permissions value, Web only changes the type from view to internal.

[2403905]

@JammingBen Will be nice if you share the full request copied as a curl command.

[JammingBen]

Here you go:

curl $'https://host.docker.internal:9200/graph/v1beta1/drives/a124a1cf-31bf-40c0-905a-b87073c18a7a%247bcda410-b37a-476a-9d7e-f54eddd4c9c1/items/a124a1cf-31bf-40c0-905a-b87073c18a7a%247bcda410-b37a-476a-9d7e-f54eddd4c9c1\u00215df4f522-fc08-4376-854f-b2446dd4032c/permissions/TrpbJfqcxUzFgRd' \
  -X 'PATCH' \
  -H 'authority: host.docker.internal:9200' \
  -H 'accept: application/json, text/plain, */*' \
  -H 'accept-language: en' \
  -H 'authorization: Bearer eyJhbGciOiJQUzI1NiIsImtpZCI6InByaXZhdGUta2V5IiwidHlwIjoiSldUIn0.eyJhdWQiOiJ3ZWIiLCJleHAiOjE3MTA0MzI1NzMsImlhdCI6MTcxMDQzMTU3MywiaXNzIjoiaHR0cHM6Ly9ob3N0LmRvY2tlci5pbnRlcm5hbDo5MjAwIiwianRpIjoiZzlQWEw3SkVuS3A4Q0pzWEpjUHhobnRjT1lZWHFEamUiLCJsZy5pIjp7ImRuIjoiQWRtaW4iLCJpZCI6Im93bkNsb3VkVVVJRD03YmNkYTQxMC1iMzdhLTQ3NmEtOWQ3ZS1mNTRlZGRkNGM5YzEiLCJ1biI6ImFkbWluIn0sImxnLnAiOiJpZGVudGlmaWVyLWxkYXAiLCJsZy50IjoiMSIsInNjcCI6Im9wZW5pZCBwcm9maWxlIGVtYWlsIiwic3ViIjoibGVxRlhjZFJCZWpmdVNqckBFRHF1R0d6VDM5eTB1RXVBYS1VWHJ4SHBjb25MUlM3bW55SGVheF9VRDVaMHQwaS1pdFRreDdVZ2pheTloV2RnNnRjQ1JRIn0.QYGfatPW7pcO6yV9l3jJSdPhLAZ-q6xWFfQixsBBPwV-p9v1ucbLoAnl2gfO9mJrjHVGZdq_QKMzOt9ik_RrsqhcXzbxfhgDviOQubdilqFFqjwZMYyzrb02FsaeG4ikLOelVty9KhkHICMEupHCLm0MB39ZY6g0bQBvf8YS7oW1izn6sZBLMAmS-qf5cOJd0VwEDmT_drfxSMLHpPsLTMwiuAPpKpY0buvC_zF6WhgToRurEUULu0yJISdoKO1MmUoxaEPTav3Yr5T1QAKfYzVKrCMHimZfYV7OvvWNVtXJ_ywKwbo97BnY6Y5VBG8vwZ3-NWhkBUa5mwQNDwlPFcnTwWaAF_WCeYaSm02av-EnVvFvEqxKGghuWDxp-YzTisQhLQzekXhXMKzl8MR1QF_Tx_ZOKhOZiZOXAsNC3psyWVSNebe9r5AeEqQwT4Nzv3OJvUaQCOI68FPLRoCK0kCxaI-h7BzoVE3ZPE5VJ_acXiubnYHITQLmTGlrB66COtA5s0t9ONmVWQHNnzGmBsqxv7XSzityf53UROxzInTQYUq8JPmDVrwiRqcTIOPSNjkUNoqeMj5V2xUaZWxwC_hjsQjeNtCRoOg3iQhgZYaQvNWlXYDytOR2JYQKooQQJryMWz3pg2B9nHoR67g6r4zf3v5EAnTGP5gJRZyB7y4' \
  -H 'cache-control: no-cache' \
  -H 'content-type: application/x-www-form-urlencoded' \
  -H 'origin: https://host.docker.internal:9201' \
  -H 'pragma: no-cache' \
  -H 'referer: https://host.docker.internal:9201/' \
  -H 'sec-ch-ua: "Chromium";v="122", "Not(A:Brand";v="24", "Google Chrome";v="122"' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'sec-ch-ua-platform: "macOS"' \
  -H 'sec-fetch-dest: empty' \
  -H 'sec-fetch-mode: cors' \
  -H 'sec-fetch-site: same-site' \
  -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36' \
  -H 'x-request-id: c10d4ed3-ea5c-46dc-a8d0-9a525fec7f70' \
  -H 'x-requested-with: XMLHttpRequest' \
  --data-raw '{"link":{"@libre.graph.displayName":"Link","@libre.graph.quickLink":true,"preventsDownload":false,"type":"internal","webUrl":"https://host.docker.internal:9200/s/MxdXpEYSsxSlrrZ"}}' \
  --insecure