Signed-off-by: Louis Chemineau <louis@chmn.me>tags/v25.0.0beta1
@@ -90,6 +90,7 @@ class Sharing implements IDelegatedSettings { | |||
'restrictUserEnumerationToPhone' => $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_phone', 'no'), | |||
'restrictUserEnumerationFullMatch' => $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match', 'yes'), | |||
'restrictUserEnumerationFullMatchUserId' => $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_userid', 'yes'), | |||
'restrictUserEnumerationFullMatchEmail' => $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_email', 'yes'), | |||
'restrictUserEnumerationFullMatchIgnoreSecondDisplayName' => $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_display_name', 'no'), | |||
'enforceLinkPassword' => Util::isPublicLinkPasswordRequired(false), | |||
'passwordExcludedGroups' => $excludedPasswordGroupsList, |
@@ -157,6 +157,7 @@ window.addEventListener('DOMContentLoaded', () => { | |||
$('#shareapi_restrict_user_enumeration_full_match').on('change', function() { | |||
$('#shareapi_restrict_user_enumeration_full_match_userid_setting').toggleClass('hidden', !this.checked) | |||
$('#shareapi_restrict_user_enumeration_full_match_email_setting').toggleClass('hidden', !this.checked) | |||
$('#shareapi_restrict_user_enumeration_full_match_ignore_second_display_name_setting').toggleClass('hidden', !this.checked) | |||
}) | |||
@@ -256,6 +256,15 @@ | |||
} ?> /> | |||
<label for="shareapi_restrict_user_enumeration_full_match_userid"><?php p($l->t('Match username when restricting to full match'));?></label><br /> | |||
</p> | |||
<p id="shareapi_restrict_user_enumeration_full_match_email_setting" class="double-indent <?php if ($_['shareAPIEnabled'] === 'no' || $_['restrictUserEnumerationFullMatch'] === 'no') { | |||
p('hidden'); | |||
}?>"> | |||
<input type="checkbox" name="shareapi_restrict_user_enumeration_full_match_email" value="1" id="shareapi_restrict_user_enumeration_full_match_email" class="checkbox" | |||
<?php if ($_['restrictUserEnumerationFullMatchEmail'] === 'yes') { | |||
print_unescaped('checked="checked"'); | |||
} ?> /> | |||
<label for="shareapi_restrict_user_enumeration_full_match_email"><?php p($l->t('Match email when restricting to full match'));?></label><br /> | |||
</p> | |||
<p id="shareapi_restrict_user_enumeration_full_match_ignore_second_display_name_setting" class="double-indent <?php if ($_['shareAPIEnabled'] === 'no' || $_['restrictUserEnumerationFullMatch'] === 'no') { | |||
p('hidden'); | |||
}?>"> |
@@ -84,6 +84,7 @@ class SharingTest extends TestCase { | |||
['core', 'shareapi_restrict_user_enumeration_to_phone', 'no', 'no'], | |||
['core', 'shareapi_restrict_user_enumeration_full_match', 'yes', 'yes'], | |||
['core', 'shareapi_restrict_user_enumeration_full_match_userid', 'yes', 'yes'], | |||
['core', 'shareapi_restrict_user_enumeration_full_match_email', 'yes', 'yes'], | |||
['core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_display_name', 'no', 'no'], | |||
['core', 'shareapi_enabled', 'yes', 'yes'], | |||
['core', 'shareapi_default_expire_date', 'no', 'no'], | |||
@@ -119,6 +120,7 @@ class SharingTest extends TestCase { | |||
'restrictUserEnumerationToPhone' => 'no', | |||
'restrictUserEnumerationFullMatch' => 'yes', | |||
'restrictUserEnumerationFullMatchUserId' => 'yes', | |||
'restrictUserEnumerationFullMatchEmail' => 'yes', | |||
'restrictUserEnumerationFullMatchIgnoreSecondDisplayName' => 'no', | |||
'enforceLinkPassword' => false, | |||
'onlyShareWithGroupMembers' => false, | |||
@@ -163,6 +165,7 @@ class SharingTest extends TestCase { | |||
['core', 'shareapi_restrict_user_enumeration_to_phone', 'no', 'no'], | |||
['core', 'shareapi_restrict_user_enumeration_full_match', 'yes', 'yes'], | |||
['core', 'shareapi_restrict_user_enumeration_full_match_userid', 'yes', 'yes'], | |||
['core', 'shareapi_restrict_user_enumeration_full_match_email', 'yes', 'yes'], | |||
['core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_display_name', 'no', 'no'], | |||
['core', 'shareapi_enabled', 'yes', 'yes'], | |||
['core', 'shareapi_default_expire_date', 'no', 'no'], | |||
@@ -198,6 +201,7 @@ class SharingTest extends TestCase { | |||
'restrictUserEnumerationToPhone' => 'no', | |||
'restrictUserEnumerationFullMatch' => 'yes', | |||
'restrictUserEnumerationFullMatchUserId' => 'yes', | |||
'restrictUserEnumerationFullMatchEmail' => 'yes', | |||
'restrictUserEnumerationFullMatchIgnoreSecondDisplayName' => 'no', | |||
'enforceLinkPassword' => false, | |||
'onlyShareWithGroupMembers' => false, |
@@ -123,6 +123,7 @@ EOF; | |||
$this->deleteServerConfig('core', 'shareapi_restrict_user_enumeration_to_phone'); | |||
$this->deleteServerConfig('core', 'shareapi_restrict_user_enumeration_full_match'); | |||
$this->deleteServerConfig('core', 'shareapi_restrict_user_enumeration_full_match_userid'); | |||
$this->deleteServerConfig('core', 'shareapi_restrict_user_enumeration_full_match_email'); | |||
$this->deleteServerConfig('core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_display_name'); | |||
$this->deleteServerConfig('core', 'shareapi_only_share_with_group_members'); | |||
} |
@@ -51,6 +51,8 @@ class MailPlugin implements ISearchPlugin { | |||
protected $shareeEnumerationPhone; | |||
/* @var bool */ | |||
protected $shareeEnumerationFullMatch; | |||
/* @var bool */ | |||
protected $shareeEnumerationFullMatchEmail; | |||
/** @var IManager */ | |||
private $contactsManager; | |||
@@ -88,12 +90,17 @@ class MailPlugin implements ISearchPlugin { | |||
$this->shareeEnumerationInGroupOnly = $this->shareeEnumeration && $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no') === 'yes'; | |||
$this->shareeEnumerationPhone = $this->shareeEnumeration && $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_phone', 'no') === 'yes'; | |||
$this->shareeEnumerationFullMatch = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match', 'yes') === 'yes'; | |||
$this->shareeEnumerationFullMatchEmail = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_email', 'yes') === 'yes'; | |||
} | |||
/** | |||
* {@inheritdoc} | |||
*/ | |||
public function search($search, $limit, $offset, ISearchResult $searchResult) { | |||
if ($this->shareeEnumerationFullMatch && !$this->shareeEnumerationFullMatchEmail) { | |||
return false; | |||
} | |||
$currentUserId = $this->userSession->getUser()->getUID(); | |||
$result = $userResults = ['wide' => [], 'exact' => []]; |
@@ -57,6 +57,8 @@ class UserPlugin implements ISearchPlugin { | |||
/* @var bool */ | |||
protected $shareeEnumerationFullMatchUserId; | |||
/* @var bool */ | |||
protected $shareeEnumerationFullMatchEmail; | |||
/* @var bool */ | |||
protected $shareeEnumerationFullMatchIgnoreSecondDisplayName; | |||
/** @var IConfig */ | |||
@@ -92,6 +94,7 @@ class UserPlugin implements ISearchPlugin { | |||
$this->shareeEnumerationPhone = $this->shareeEnumeration && $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_phone', 'no') === 'yes'; | |||
$this->shareeEnumerationFullMatch = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match', 'yes') === 'yes'; | |||
$this->shareeEnumerationFullMatchUserId = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_userid', 'yes') === 'yes'; | |||
$this->shareeEnumerationFullMatchEmail = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_email', 'yes') === 'yes'; | |||
$this->shareeEnumerationFullMatchIgnoreSecondDisplayName = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_display_name', 'no') === 'yes'; | |||
} | |||
@@ -185,7 +188,7 @@ class UserPlugin implements ISearchPlugin { | |||
$lowerSearch !== '' && (strtolower($uid) === $lowerSearch || | |||
strtolower($userDisplayName) === $lowerSearch || | |||
($this->shareeEnumerationFullMatchIgnoreSecondDisplayName && trim(strtolower(preg_replace('/ \(.*\)$/', '', $userDisplayName))) === $lowerSearch) || | |||
strtolower($userEmail ?? '') === $lowerSearch) | |||
($this->shareeEnumerationFullMatchEmail && strtolower($userEmail ?? '') === $lowerSearch)) | |||
) { | |||
if (strtolower($uid) === $lowerSearch) { | |||
$foundUserById = true; |