Fix OO password change

www/common/cryptpad-common.js

@@ -1435,7 +1435,6 @@ define([
         var oldMetadata;
         var oldRtChannel;
         var privateData;
-        var padData;
 
         var newSecret;
         if (parsed.hashData.version >= 2) {
@@ -1462,9 +1461,8 @@ define([
 
         Nthen(function (waitFor) {
             common.getPadAttribute('', waitFor(function (err, _data) {
-                padData = _data;
-                if (!oldPassword) {
-                    optsGet.password = padData.password;
+                if (!oldPassword && _data) {
+                    optsGet.password = _data.password;
                 }
             }), href);
             common.getAccessKeys(waitFor(function (keys) {
@@ -1472,7 +1470,7 @@ define([
                 optsPut.accessKeys = keys;
             }));
         }).nThen(function (waitFor) {
-            oldSecret = Hash.getSecrets(parsed.type, parsed.hash, padData.password);
+            oldSecret = Hash.getSecrets(parsed.type, parsed.hash, optsGet.password);
 
             require([
                 '/common/cryptget.js',

www/common/inner/access.js

@@ -894,6 +894,7 @@ define([
                         if (data.fakeHref) {
                             href = Hash.hashToHref(bestHash, priv.app);
                         }
+                        var isNotStored = Boolean(data.fakeHref);
                         sframeChan.query(q, {
                             teamId: typeof(owned) !== "boolean" ? owned : undefined,
                             href: href,
@@ -931,22 +932,27 @@ define([
                             // Pad password changed: update the href
                             // Use hidden hash if needed (we're an owner of this pad so we know it is stored)
                             var useUnsafe = Util.find(priv, ['settings', 'security', 'unsafeLinks']);
-                            var href = (priv.readOnly && data.roHref) ? data.roHref : data.href;
+                            if (isNotStored) { useUnsafe = true; }
+                            var _href = (priv.readOnly && data.roHref) ? data.roHref : data.href;
                             if (useUnsafe !== true) {
-                                var newParsed = Hash.parsePadUrl(href);
+                                var newParsed = Hash.parsePadUrl(_href);
                                 var newSecret = Hash.getSecrets(newParsed.type, newParsed.hash, newPass);
                                 var newHash = Hash.getHiddenHashFromKeys(parsed.type, newSecret, {});
-                                href = Hash.hashToHref(newHash, parsed.type);
+                                _href = Hash.hashToHref(newHash, parsed.type);
                             }
 
+                            var reload = false;
+                            // Trigger a page reload if the href didn't change
+                            if (_href === href) { _href = undefined; }
+
                             if (data.warning) {
                                 return void UI.alert(Messages.properties_passwordWarning, function () {
-                                    common.gotoURL(href);
+                                    common.gotoURL(_href);
                                 }, {force: true});
                             }
                             return void UI.alert(Messages.properties_passwordSuccess, function () {
                                 if (!isSharedFolder) {
-                                    common.gotoURL(href);
+                                    common.gotoURL(_href);
                                 }
                             }, {force: true});
                         });