summaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authorLukas Reschke <lukas@statuscode.ch>2017-09-15 15:58:04 +0200
committerLukas Reschke <lukas@statuscode.ch>2017-09-15 15:58:04 +0200
commit705432ca6f70b9bcc51132b304ca0ff0a5af0d10 (patch)
treedc3f76602b0b3cbba74e1ae019c68c23bc8b1f60 /lib
parent6d02fe06c671f788ef548fd90b59816ca047e689 (diff)
downloadnextcloud-server-705432ca6f70b9bcc51132b304ca0ff0a5af0d10.tar.gz
nextcloud-server-705432ca6f70b9bcc51132b304ca0ff0a5af0d10.zip
Add filter for `shareapi_allow_share_dialog_user_enumeration`
This adjusts the contacts menu to also support searching by email address which is relevant in scenarios where no UID is known such as LDAP, etc. Furthermore, if `shareapi_allow_share_dialog_user_enumeration` is disabled only results are shown that match the full user ID or email address. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Diffstat (limited to 'lib')
-rw-r--r--lib/private/Contacts/ContactsMenu/ContactsStore.php62
1 files changed, 48 insertions, 14 deletions
diff --git a/lib/private/Contacts/ContactsMenu/ContactsStore.php b/lib/private/Contacts/ContactsMenu/ContactsStore.php
index 87aff258aae..3eda58cacfb 100644
--- a/lib/private/Contacts/ContactsMenu/ContactsStore.php
+++ b/lib/private/Contacts/ContactsMenu/ContactsStore.php
@@ -1,9 +1,10 @@
<?php
-
/**
* @copyright 2017 Christoph Wurst <christoph@winzerhof-wurst.at>
+ * @copyright 2017 Lukas Reschke <lukas@statuscode.ch>
*
* @author 2017 Christoph Wurst <christoph@winzerhof-wurst.at>
+ * @author 2017 Lukas Reschke <lukas@statuscode.ch>
*
* @license GNU AGPL version 3 or any later version
*
@@ -53,7 +54,10 @@ class ContactsStore {
* @param IUserManager $userManager
* @param IGroupManager $groupManager
*/
- public function __construct(IManager $contactsManager, IConfig $config, IUserManager $userManager, IGroupManager $groupManager) {
+ public function __construct(IManager $contactsManager,
+ IConfig $config,
+ IUserManager $userManager,
+ IGroupManager $groupManager) {
$this->contactsManager = $contactsManager;
$this->config = $config;
$this->userManager = $userManager;
@@ -68,27 +72,39 @@ class ContactsStore {
public function getContacts(IUser $user, $filter) {
$allContacts = $this->contactsManager->search($filter ?: '', [
'FN',
+ 'EMAIL'
]);
$entries = array_map(function(array $contact) {
return $this->contactArrayToEntry($contact);
}, $allContacts);
- return $this->filterContacts($user, $entries);
+ return $this->filterContacts(
+ $user,
+ $entries,
+ $filter
+ );
}
/**
- * @brief filters the contacts. Applies 3 filters:
+ * Filters the contacts. Applies 3 filters:
* 1. filter the current user
- * 2. if the `shareapi_exclude_groups` config option is enabled and the
+ * 2. if the `shareapi_allow_share_dialog_user_enumeration` config option is
+ * enabled it will filter all local users
+ * 3. if the `shareapi_exclude_groups` config option is enabled and the
* current user is in an excluded group it will filter all local users.
- * 3. if the `shareapi_only_share_with_group_members` config option is
+ * 4. if the `shareapi_only_share_with_group_members` config option is
* enabled it will filter all users which doens't have a common group
* with the current user.
+ *
* @param IUser $self
* @param Entry[] $entries
+ * @param string $filter
* @return Entry[] the filtered contacts
*/
- private function filterContacts(IUser $self, array $entries) {
+ private function filterContacts(IUser $self,
+ array $entries,
+ $filter) {
+ $disallowEnumeration = $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') !== 'yes';
$excludedGroups = $this->config->getAppValue('core', 'shareapi_exclude_groups', 'no') === 'yes';
// whether to filter out local users
@@ -101,7 +117,7 @@ class ContactsStore {
if ($excludedGroups) {
$excludedGroups = $this->config->getAppValue('core', 'shareapi_exclude_groups_list', '');
$decodedExcludeGroups = json_decode($excludedGroups, true);
- $excludeGroupsList = !is_null($decodedExcludeGroups) ? $decodedExcludeGroups : [];
+ $excludeGroupsList = ($decodedExcludeGroups !== null) ? $decodedExcludeGroups : [];
if (count(array_intersect($excludeGroupsList, $selfGroups)) !== 0) {
// a group of the current user is excluded -> filter all local users
@@ -111,12 +127,32 @@ class ContactsStore {
$selfUID = $self->getUID();
- return array_filter($entries, function(IEntry $entry) use ($self, $skipLocal, $ownGroupsOnly, $selfGroups, $selfUID) {
-
+ return array_values(array_filter($entries, function(IEntry $entry) use ($self, $skipLocal, $ownGroupsOnly, $selfGroups, $selfUID, $disallowEnumeration, $filter) {
if ($skipLocal && $entry->getProperty('isLocalSystemBook') === true) {
return false;
}
+ // Prevent enumerating local users
+ if($disallowEnumeration && $entry->getProperty('isLocalSystemBook')) {
+ $filterUser = true;
+
+ $mailAddresses = $entry->getEMailAddresses();
+ foreach($mailAddresses as $mailAddress) {
+ if($mailAddress === $filter) {
+ $filterUser = false;
+ break;
+ }
+ }
+
+ if($entry->getProperty('UID') && $entry->getProperty('UID') === $filter) {
+ $filterUser = false;
+ }
+
+ if($filterUser) {
+ return false;
+ }
+ }
+
if ($ownGroupsOnly && $entry->getProperty('isLocalSystemBook') === true) {
$contactGroups = $this->groupManager->getUserGroupIds($this->userManager->get($entry->getProperty('UID')));
if (count(array_intersect($contactGroups, $selfGroups)) === 0) {
@@ -126,9 +162,7 @@ class ContactsStore {
}
return $entry->getProperty('UID') !== $selfUID;
- });
-
-
+ }));
}
/**
@@ -173,7 +207,7 @@ class ContactsStore {
}
if ($match) {
- $match = $this->filterContacts($user, [$this->contactArrayToEntry($match)]);
+ $match = $this->filterContacts($user, [$this->contactArrayToEntry($match)], $shareWith);
if (count($match) === 1) {
$match = $match[0];
} else {