diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2017-09-15 15:58:04 +0200 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2017-09-15 15:58:04 +0200 |
| commit | 705432ca6f70b9bcc51132b304ca0ff0a5af0d10 (patch) | |
| tree | dc3f76602b0b3cbba74e1ae019c68c23bc8b1f60 /lib/private/Contacts | |
| parent | 6d02fe06c671f788ef548fd90b59816ca047e689 (diff) | |
| download | nextcloud-server-705432ca6f70b9bcc51132b304ca0ff0a5af0d10.tar.gz nextcloud-server-705432ca6f70b9bcc51132b304ca0ff0a5af0d10.zip | |
Add filter for `shareapi_allow_share_dialog_user_enumeration`
This adjusts the contacts menu to also support searching by email address which is relevant in scenarios where no UID is known such as LDAP, etc.
Furthermore, if `shareapi_allow_share_dialog_user_enumeration` is disabled only results are shown that match the full user ID or email address.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Diffstat (limited to 'lib/private/Contacts')
| -rw-r--r-- | lib/private/Contacts/ContactsMenu/ContactsStore.php | 62 |
1 files changed, 48 insertions, 14 deletions
diff --git a/lib/private/Contacts/ContactsMenu/ContactsStore.php b/lib/private/Contacts/ContactsMenu/ContactsStore.php index 87aff258aae..3eda58cacfb 100644 --- a/lib/private/Contacts/ContactsMenu/ContactsStore.php +++ b/lib/private/Contacts/ContactsMenu/ContactsStore.php @@ -1,9 +1,10 @@ <?php - /** * @copyright 2017 Christoph Wurst <christoph@winzerhof-wurst.at> + * @copyright 2017 Lukas Reschke <lukas@statuscode.ch> * * @author 2017 Christoph Wurst <christoph@winzerhof-wurst.at> + * @author 2017 Lukas Reschke <lukas@statuscode.ch> * * @license GNU AGPL version 3 or any later version * @@ -53,7 +54,10 @@ class ContactsStore { * @param IUserManager $userManager * @param IGroupManager $groupManager */ - public function __construct(IManager $contactsManager, IConfig $config, IUserManager $userManager, IGroupManager $groupManager) { + public function __construct(IManager $contactsManager, + IConfig $config, + IUserManager $userManager, + IGroupManager $groupManager) { $this->contactsManager = $contactsManager; $this->config = $config; $this->userManager = $userManager; @@ -68,27 +72,39 @@ class ContactsStore { public function getContacts(IUser $user, $filter) { $allContacts = $this->contactsManager->search($filter ?: '', [ 'FN', + 'EMAIL' ]); $entries = array_map(function(array $contact) { return $this->contactArrayToEntry($contact); }, $allContacts); - return $this->filterContacts($user, $entries); + return $this->filterContacts( + $user, + $entries, + $filter + ); } /** - * @brief filters the contacts. Applies 3 filters: + * Filters the contacts. Applies 3 filters: * 1. filter the current user - * 2. if the `shareapi_exclude_groups` config option is enabled and the + * 2. if the `shareapi_allow_share_dialog_user_enumeration` config option is + * enabled it will filter all local users + * 3. if the `shareapi_exclude_groups` config option is enabled and the * current user is in an excluded group it will filter all local users. - * 3. if the `shareapi_only_share_with_group_members` config option is + * 4. if the `shareapi_only_share_with_group_members` config option is * enabled it will filter all users which doens't have a common group * with the current user. + * * @param IUser $self * @param Entry[] $entries + * @param string $filter * @return Entry[] the filtered contacts */ - private function filterContacts(IUser $self, array $entries) { + private function filterContacts(IUser $self, + array $entries, + $filter) { + $disallowEnumeration = $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') !== 'yes'; $excludedGroups = $this->config->getAppValue('core', 'shareapi_exclude_groups', 'no') === 'yes'; // whether to filter out local users @@ -101,7 +117,7 @@ class ContactsStore { if ($excludedGroups) { $excludedGroups = $this->config->getAppValue('core', 'shareapi_exclude_groups_list', ''); $decodedExcludeGroups = json_decode($excludedGroups, true); - $excludeGroupsList = !is_null($decodedExcludeGroups) ? $decodedExcludeGroups : []; + $excludeGroupsList = ($decodedExcludeGroups !== null) ? $decodedExcludeGroups : []; if (count(array_intersect($excludeGroupsList, $selfGroups)) !== 0) { // a group of the current user is excluded -> filter all local users @@ -111,12 +127,32 @@ class ContactsStore { $selfUID = $self->getUID(); - return array_filter($entries, function(IEntry $entry) use ($self, $skipLocal, $ownGroupsOnly, $selfGroups, $selfUID) { - + return array_values(array_filter($entries, function(IEntry $entry) use ($self, $skipLocal, $ownGroupsOnly, $selfGroups, $selfUID, $disallowEnumeration, $filter) { if ($skipLocal && $entry->getProperty('isLocalSystemBook') === true) { return false; } + // Prevent enumerating local users + if($disallowEnumeration && $entry->getProperty('isLocalSystemBook')) { + $filterUser = true; + + $mailAddresses = $entry->getEMailAddresses(); + foreach($mailAddresses as $mailAddress) { + if($mailAddress === $filter) { + $filterUser = false; + break; + } + } + + if($entry->getProperty('UID') && $entry->getProperty('UID') === $filter) { + $filterUser = false; + } + + if($filterUser) { + return false; + } + } + if ($ownGroupsOnly && $entry->getProperty('isLocalSystemBook') === true) { $contactGroups = $this->groupManager->getUserGroupIds($this->userManager->get($entry->getProperty('UID'))); if (count(array_intersect($contactGroups, $selfGroups)) === 0) { @@ -126,9 +162,7 @@ class ContactsStore { } return $entry->getProperty('UID') !== $selfUID; - }); - - + })); } /** @@ -173,7 +207,7 @@ class ContactsStore { } if ($match) { - $match = $this->filterContacts($user, [$this->contactArrayToEntry($match)]); + $match = $this->filterContacts($user, [$this->contactArrayToEntry($match)], $shareWith); if (count($match) === 1) { $match = $match[0]; } else { |