use OCA\DAV\Traits\PrincipalProxyTrait;
use OCP\App\IAppManager;
use OCP\AppFramework\QueryException;
+use OCP\IConfig;
use OCP\IGroup;
use OCP\IGroupManager;
use OCP\IUser;
/** @var ProxyMapper */
private $proxyMapper;
+ /** @var IConfig */
+ private $config;
+
/**
* Principal constructor.
*
* @param IUserSession $userSession
* @param IAppManager $appManager
* @param ProxyMapper $proxyMapper
+ * @param IConfig $config
* @param string $principalPrefix
*/
public function __construct(IUserManager $userManager,
IUserSession $userSession,
IAppManager $appManager,
ProxyMapper $proxyMapper,
+ IConfig $config,
string $principalPrefix = 'principals/users/') {
$this->userManager = $userManager;
$this->groupManager = $groupManager;
$this->principalPrefix = trim($principalPrefix, '/');
$this->hasGroups = $this->hasCircles = ($principalPrefix === 'principals/users/');
$this->proxyMapper = $proxyMapper;
+ $this->config = $config;
}
use PrincipalProxyTrait {
return [];
}
+ $allowEnumeration = $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') === 'yes';
+
// If sharing is restricted to group members only,
// return only members that have groups in common
$restrictGroups = false;
case '{http://sabredav.org/ns}email-address':
$users = $this->userManager->getByEmail($value);
+ if (!$allowEnumeration) {
+ $users = \array_filter($users, static function(IUser $user) use ($value) {
+ return $user->getEMailAddress() === $value;
+ });
+ }
+
$results[] = array_reduce($users, function(array $carry, IUser $user) use ($restrictGroups) {
// is sharing restricted to groups only?
if ($restrictGroups !== false) {
case '{DAV:}displayname':
$users = $this->userManager->searchDisplayName($value);
+ if (!$allowEnumeration) {
+ $users = \array_filter($users, static function(IUser $user) use ($value) {
+ return $user->getDisplayName() === $value;
+ });
+ }
+
$results[] = array_reduce($users, function(array $carry, IUser $user) use ($restrictGroups) {
// is sharing restricted to groups only?
if ($restrictGroups !== false) {
/** @var ProxyMapper | \PHPUnit_Framework_MockObject_MockObject */
private $proxyMapper;
+ /** @var IConfig | \PHPUnit_Framework_MockObject_MockObject */
+ private $config;
+
protected function setUp(): void {
$this->userManager = $this->createMock(IUserManager::class);
$this->groupManager = $this->createMock(IGroupManager::class);
$this->userSession = $this->createMock(IUserSession::class);
$this->appManager = $this->createMock(IAppManager::class);
$this->proxyMapper = $this->createMock(ProxyMapper::class);
+ $this->config = $this->createMock(IConfig::class);
$this->connector = new \OCA\DAV\Connector\Sabre\Principal(
$this->userManager,
$this->shareManager,
$this->userSession,
$this->appManager,
- $this->proxyMapper
+ $this->proxyMapper,
+ $this->config
);
parent::setUp();
}
$this->assertSame([], $response);
}
-
+
public function testGetGroupMemberSetEmpty() {
$this->expectException(\Sabre\DAV\Exception::class);
$this->expectExceptionMessage('Principal not found');
$this->assertSame($expectedResponse, $response);
}
-
+
public function testGetGroupMembershipEmpty() {
$this->expectException(\Sabre\DAV\Exception::class);
$this->expectExceptionMessage('Principal not found');
$this->connector->getGroupMembership('principals/users/foo');
}
-
+
public function testSetGroupMembership() {
$this->expectException(\Sabre\DAV\Exception::class);
$this->expectExceptionMessage('Setting members of the group is not supported yet');
$this->connector->setGroupMemberSet('principals/users/foo/calendar-proxy-write', ['principals/users/bar']);
}
-
-
-
-
-
public function testUpdatePrincipal() {
$this->assertSame(0, $this->connector->updatePrincipal('foo', new PropPatch(array())));
}
->will($this->returnValue($sharingEnabled));
if ($sharingEnabled) {
+ $this->config->expects($this->once())
+ ->method('getAppValue')
+ ->with('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes')
+ ->willReturn('yes');
+
$this->shareManager->expects($this->once())
->method('shareWithGroupMembersOnly')
->will($this->returnValue($groupsOnly));
->will($this->returnValue(['group1', 'group2', 'group5']));
}
} else {
+ $this->config->expects($this->never())
+ ->method('getAppValue');
$this->shareManager->expects($this->never())
->method('shareWithGroupMembersOnly');
$this->groupManager->expects($this->never())
->method('shareAPIEnabled')
->will($this->returnValue(true));
+ $this->config->expects($this->exactly(2))
+ ->method('getAppValue')
+ ->with('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes')
+ ->willReturn('yes');
+
$this->shareManager->expects($this->exactly(2))
->method('shareWithGroupMembersOnly')
->will($this->returnValue(false));
['{urn:ietf:params:xml:ns:caldav}calendar-user-address-set' => 'user@example.com']));
}
+ public function testSearchPrincipalWithEnumerationDisabledDisplayname() {
+ $this->shareManager->expects($this->once())
+ ->method('shareAPIEnabled')
+ ->will($this->returnValue(true));
+
+ $this->config->expects($this->once())
+ ->method('getAppValue')
+ ->with('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes')
+ ->willReturn('no');
+
+ $this->shareManager->expects($this->once())
+ ->method('shareWithGroupMembersOnly')
+ ->will($this->returnValue(false));
+
+ $user2 = $this->createMock(IUser::class);
+ $user2->method('getUID')->will($this->returnValue('user2'));
+ $user2->method('getDisplayName')->will($this->returnValue('User 2'));
+ $user2->method('getEMailAddress')->will($this->returnValue('user2@foo.bar'));
+ $user3 = $this->createMock(IUser::class);
+ $user3->method('getUID')->will($this->returnValue('user3'));
+ $user2->method('getDisplayName')->will($this->returnValue('User 22'));
+ $user2->method('getEMailAddress')->will($this->returnValue('user2@foo.bar123'));
+ $user4 = $this->createMock(IUser::class);
+ $user4->method('getUID')->will($this->returnValue('user4'));
+ $user2->method('getDisplayName')->will($this->returnValue('User 222'));
+ $user2->method('getEMailAddress')->will($this->returnValue('user2@foo.bar456'));
+
+ $this->userManager->expects($this->at(0))
+ ->method('searchDisplayName')
+ ->with('User 2')
+ ->will($this->returnValue([$user2, $user3, $user4]));
+
+ $this->assertEquals(['principals/users/user2'], $this->connector->searchPrincipals('principals/users',
+ ['{DAV:}displayname' => 'User 2']));
+ }
+
+ public function testSearchPrincipalWithEnumerationDisabledEmail() {
+ $this->shareManager->expects($this->once())
+ ->method('shareAPIEnabled')
+ ->will($this->returnValue(true));
+
+ $this->config->expects($this->once())
+ ->method('getAppValue')
+ ->with('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes')
+ ->willReturn('no');
+
+ $this->shareManager->expects($this->once())
+ ->method('shareWithGroupMembersOnly')
+ ->will($this->returnValue(false));
+
+ $user2 = $this->createMock(IUser::class);
+ $user2->method('getUID')->will($this->returnValue('user2'));
+ $user2->method('getDisplayName')->will($this->returnValue('User 2'));
+ $user2->method('getEMailAddress')->will($this->returnValue('user2@foo.bar'));
+ $user3 = $this->createMock(IUser::class);
+ $user3->method('getUID')->will($this->returnValue('user3'));
+ $user2->method('getDisplayName')->will($this->returnValue('User 22'));
+ $user2->method('getEMailAddress')->will($this->returnValue('user2@foo.bar123'));
+ $user4 = $this->createMock(IUser::class);
+ $user4->method('getUID')->will($this->returnValue('user4'));
+ $user2->method('getDisplayName')->will($this->returnValue('User 222'));
+ $user2->method('getEMailAddress')->will($this->returnValue('user2@foo.bar456'));
+
+ $this->userManager->expects($this->at(0))
+ ->method('getByEmail')
+ ->with('user2@foo.bar')
+ ->will($this->returnValue([$user2, $user3, $user4]));
+
+ $this->assertEquals(['principals/users/user2'], $this->connector->searchPrincipals('principals/users',
+ ['{http://sabredav.org/ns}email-address' => 'user2@foo.bar']));
+ }
+
public function testFindByUriSharingApiDisabled() {
$this->shareManager->expects($this->once())
->method('shareApiEnabled')
projects / nextcloud-server.git / commitdiff