diff options
author | Julius Härtl <jus@bitgrid.net> | 2021-12-21 08:11:04 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-12-21 08:11:04 +0100 |
commit | d73fe0ccd984d8cf37c4b7b9b3d5622e1ade4ba9 (patch) | |
tree | faf4d3b6eb056b4ff5b6603fccb614ea823e78b6 | |
parent | 577fb0fcba9accd3fb43f463ef0f8fbc5980277f (diff) | |
parent | 2fe8042fff7853b57c9943748bc7dc8b820bd030 (diff) | |
download | nextcloud-server-d73fe0ccd984d8cf37c4b7b9b3d5622e1ade4ba9.tar.gz nextcloud-server-d73fe0ccd984d8cf37c4b7b9b3d5622e1ade4ba9.zip |
Merge pull request #29879 from nextcloud/bugfix/noid/sharing-enumeration-addressbooks
5 files changed, 102 insertions, 6 deletions
diff --git a/build/integration/collaboration_features/autocomplete.feature b/build/integration/collaboration_features/autocomplete.feature index e20993e420e..df7b81b9148 100644 --- a/build/integration/collaboration_features/autocomplete.feature +++ b/build/integration/collaboration_features/autocomplete.feature @@ -38,6 +38,47 @@ Feature: autocomplete Then get autocomplete for "autocomplete" | id | source | + Scenario: getting autocomplete emails from address book with enumeration + Given As an "admin" + And sending "PUT" to "/cloud/users/autocomplete" with + | key | email | + | value | autocomplete@example.com | + And there is a contact in an addressbook + Then get email autocomplete for "example" + | id | source | + | autocomplete | users | + | user@example.com | emails | + Then get email autocomplete for "auto" + | id | source | + | autocomplete | users | + Then get email autocomplete for "example" + | id | source | + | autocomplete | users | + | user@example.com | emails | + Then get email autocomplete for "autocomplete@example.com" + | id | source | + | autocomplete | users | + + Scenario: getting autocomplete emails from address book without enumeration + Given As an "admin" + And sending "PUT" to "/cloud/users/autocomplete" with + | key | email | + | value | autocomplete@example.com | + And there is a contact in an addressbook + And parameter "shareapi_allow_share_dialog_user_enumeration" of app "core" is set to "no" + When parameter "shareapi_restrict_user_enumeration_full_match" of app "core" is set to "no" + Then get email autocomplete for "example" + | id | source | + | user@example.com | emails | + When parameter "shareapi_restrict_user_enumeration_full_match" of app "core" is set to "yes" + Then get email autocomplete for "auto" + | id | source | + Then get email autocomplete for "example" + | id | source | + | user@example.com | emails | + Then get email autocomplete for "autocomplete@example.com" + | id | source | + | autocomplete | users | Scenario: getting autocomplete with limited enumeration by group Given As an "admin" diff --git a/build/integration/features/bootstrap/CollaborationContext.php b/build/integration/features/bootstrap/CollaborationContext.php index 4ac3b6e3971..de7048b70cc 100644 --- a/build/integration/features/bootstrap/CollaborationContext.php +++ b/build/integration/features/bootstrap/CollaborationContext.php @@ -33,15 +33,28 @@ require __DIR__ . '/../../vendor/autoload.php'; class CollaborationContext implements Context { use Provisioning; use AppConfiguration; + use WebDav; /** * @Then /^get autocomplete for "([^"]*)"$/ * @param TableNode|null $formData */ - public function getAutocomplete(string $search, TableNode $formData): void { + public function getAutocompleteForUser(string $search, TableNode $formData): void { + $this->getAutocompleteWithType(0, $search, $formData); + } + + /** + * @Then /^get email autocomplete for "([^"]*)"$/ + * @param TableNode|null $formData + */ + public function getAutocompleteForEmail(string $search, TableNode $formData): void { + $this->getAutocompleteWithType(4, $search, $formData); + } + + private function getAutocompleteWithType(int $type, string $search, TableNode $formData): void { $query = $search === 'null' ? null : $search; - $this->sendRequestForJSON('GET', '/core/autocomplete/get?itemType=files&itemId=123&search=' . $query, [ + $this->sendRequestForJSON('GET', '/core/autocomplete/get?itemType=files&itemId=123&shareTypes[]=' . $type . '&search=' . $query, [ 'itemType' => 'files', 'itemId' => '123', 'search' => $query, @@ -64,6 +77,46 @@ class CollaborationContext implements Context { }, $suggestions, $formData->getHash())); } + /** + * @Given /^there is a contact in an addressbook$/ + */ + public function thereIsAContactInAnAddressbook() { + $this->usingNewDavPath(); + try { + $destination = '/users/admin/myaddressbook'; + $data = '<x0:mkcol xmlns:x0="DAV:"><x0:set><x0:prop><x0:resourcetype><x0:collection/><x4:addressbook xmlns:x4="urn:ietf:params:xml:ns:carddav"/></x0:resourcetype><x0:displayname>myaddressbook</x0:displayname></x0:prop></x0:set></x0:mkcol>'; + $this->response = $this->makeDavRequest($this->currentUser, "MKCOL", $destination, ['Content-Type' => 'application/xml'], $data, "addressbooks"); + } catch (\GuzzleHttp\Exception\ServerException $e) { + // 5xx responses cause a server exception + $this->response = $e->getResponse(); + } catch (\GuzzleHttp\Exception\ClientException $e) { + // 4xx responses cause a client exception + $this->response = $e->getResponse(); + } + + try { + $destination = '/users/admin/myaddressbook/contact1.vcf'; + $data = <<<EOF +BEGIN:VCARD +VERSION:4.0 +PRODID:-//Nextcloud Contacts v4.0.2 +UID:a0f4088a-4dca-4308-9b63-09a1ebcf78f3 +FN:A person +ADR;TYPE=HOME:;;;;;; +EMAIL;TYPE=HOME:user@example.com +REV;VALUE=DATE-AND-OR-TIME:20211130T140111Z +END:VCARD +EOF; + $this->response = $this->makeDavRequest($this->currentUser, "PUT", $destination, [], $data, "addressbooks"); + } catch (\GuzzleHttp\Exception\ServerException $e) { + // 5xx responses cause a server exception + $this->response = $e->getResponse(); + } catch (\GuzzleHttp\Exception\ClientException $e) { + // 4xx responses cause a client exception + $this->response = $e->getResponse(); + } + } + protected function resetAppConfigs(): void { $this->deleteServerConfig('core', 'shareapi_allow_share_dialog_user_enumeration'); $this->deleteServerConfig('core', 'shareapi_restrict_user_enumeration_to_group'); diff --git a/build/integration/features/bootstrap/WebDav.php b/build/integration/features/bootstrap/WebDav.php index aeae6ce3ba8..2db51d8b22f 100644 --- a/build/integration/features/bootstrap/WebDav.php +++ b/build/integration/features/bootstrap/WebDav.php @@ -90,6 +90,8 @@ trait WebDav { $fullUrl = substr($this->baseUrl, 0, -4) . $this->getDavFilesPath($user) . "$path"; } elseif ($type === "uploads") { $fullUrl = substr($this->baseUrl, 0, -4) . $this->davPath . "$path"; + } else { + $fullUrl = substr($this->baseUrl, 0, -4) . $this->davPath . '/' . $type . "$path"; } $client = new GClient(); $options = [ diff --git a/lib/private/Collaboration/Collaborators/MailPlugin.php b/lib/private/Collaboration/Collaborators/MailPlugin.php index c0d0a55a1a1..9e35aa828da 100644 --- a/lib/private/Collaboration/Collaborators/MailPlugin.php +++ b/lib/private/Collaboration/Collaborators/MailPlugin.php @@ -239,10 +239,7 @@ class MailPlugin implements ISearchPlugin { } $reachedEnd = true; - if (!$this->shareeEnumeration) { - $result['wide'] = []; - $userResults['wide'] = []; - } else { + if ($this->shareeEnumeration) { $reachedEnd = (count($result['wide']) < $offset + $limit) && (count($userResults['wide']) < $offset + $limit); diff --git a/tests/lib/Collaboration/Collaborators/MailPluginTest.php b/tests/lib/Collaboration/Collaborators/MailPluginTest.php index ad18666e0ae..2b71820af52 100644 --- a/tests/lib/Collaboration/Collaborators/MailPluginTest.php +++ b/tests/lib/Collaboration/Collaborators/MailPluginTest.php @@ -209,6 +209,7 @@ class MailPluginTest extends TestCase { ], ], [ + 'isLocalSystemBook' => true, 'UID' => 'uid1', 'FN' => 'User @ Localhost', 'EMAIL' => [ @@ -263,6 +264,7 @@ class MailPluginTest extends TestCase { ], ], [ + 'isLocalSystemBook' => true, 'UID' => 'uid1', 'FN' => 'User @ Localhost', 'EMAIL' => [ @@ -373,6 +375,7 @@ class MailPluginTest extends TestCase { ], ], [ + 'isLocalSystemBook' => true, 'UID' => 'uid1', 'FN' => 'User @ Localhost', 'EMAIL' => [ |