Add a setting to restrict returning a full match unless in phonebook or same group

Signed-off-by: Joas Schilling <coding@schilljs.com>
author: Joas Schilling <coding@schilljs.com> 2021-03-10 17:18:44 +0100
committer: Joas Schilling <coding@schilljs.com> 2021-03-11 08:40:26 +0100
commit: 77f6d768bc7f6c592ce79ee64155501f010e78eb (patch)
tree: 66713e52b8acc7a7613be9ed192b97367e070252 /lib
parent: 8069c52a85e9b11836225d542b449fff3906e765 (diff)
download: nextcloud-server-77f6d768bc7f6c592ce79ee64155501f010e78eb.tar.gz
nextcloud-server-77f6d768bc7f6c592ce79ee64155501f010e78eb.zip
5 files changed, 27 insertions, 3 deletions
diff --git a/lib/private/Collaboration/Collaborators/MailPlugin.php b/lib/private/Collaboration/Collaborators/MailPlugin.php
index 7da8cede6aa..240e16374d5 100644
--- a/lib/private/Collaboration/Collaborators/MailPlugin.php
+++ b/lib/private/Collaboration/Collaborators/MailPlugin.php
@@ -49,6 +49,8 @@ class MailPlugin implements ISearchPlugin {
 	protected $shareeEnumerationInGroupOnly;
 	/* @var bool */
 	protected $shareeEnumerationPhone;
+	/* @var bool */
+	protected $shareeEnumerationFullMatch;
 
 	/** @var IManager */
 	private $contactsManager;
@@ -81,6 +83,7 @@ class MailPlugin implements ISearchPlugin {
 		$this->shareWithGroupOnly = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members', 'no') === 'yes';
 		$this->shareeEnumerationInGroupOnly = $this->shareeEnumeration && $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no') === 'yes';
 		$this->shareeEnumerationPhone = $this->shareeEnumeration && $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_phone', 'no') === 'yes';
+		$this->shareeEnumerationFullMatch = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match', 'yes') === 'yes';
 	}
 
 	/**
@@ -137,7 +140,7 @@ class MailPlugin implements ISearchPlugin {
 								continue;
 							}
 						}
-						if ($exactEmailMatch) {
+						if ($exactEmailMatch && $this->shareeEnumerationFullMatch) {
 							try {
 								$cloud = $this->cloudIdManager->resolveCloudId($contact['CLOUD'][0]);
 							} catch (\InvalidArgumentException $e) {
diff --git a/lib/private/Collaboration/Collaborators/UserPlugin.php b/lib/private/Collaboration/Collaborators/UserPlugin.php
index 5114ccd8eb5..06a8c6f0efd 100644
--- a/lib/private/Collaboration/Collaborators/UserPlugin.php
+++ b/lib/private/Collaboration/Collaborators/UserPlugin.php
@@ -53,6 +53,8 @@ class UserPlugin implements ISearchPlugin {
 	protected $shareeEnumerationInGroupOnly;
 	/* @var bool */
 	protected $shareeEnumerationPhone;
+	/* @var bool */
+	protected $shareeEnumerationFullMatch;
 
 	/** @var IConfig */
 	private $config;
@@ -85,6 +87,7 @@ class UserPlugin implements ISearchPlugin {
 		$this->shareeEnumeration = $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') === 'yes';
 		$this->shareeEnumerationInGroupOnly = $this->shareeEnumeration && $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no') === 'yes';
 		$this->shareeEnumerationPhone = $this->shareeEnumeration && $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_phone', 'no') === 'yes';
+		$this->shareeEnumerationFullMatch = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match', 'yes') === 'yes';
 	}
 
 	public function search($search, $limit, $offset, ISearchResult $searchResult) {
@@ -150,6 +153,7 @@ class UserPlugin implements ISearchPlugin {
 
 
 			if (
+				$this->shareeEnumerationFullMatch &&
 				$lowerSearch !== '' && (strtolower($uid) === $lowerSearch ||
 				strtolower($userDisplayName) === $lowerSearch ||
 				strtolower($userEmail) === $lowerSearch)
@@ -202,7 +206,7 @@ class UserPlugin implements ISearchPlugin {
 			}
 		}
 
-		if ($offset === 0 && !$foundUserById) {
+		if ($this->shareeEnumerationFullMatch && $offset === 0 && !$foundUserById) {
 			// On page one we try if the search result has a direct hit on the
 			// user id and if so, we add that to the exact match list
 			$user = $this->userManager->get($search);
diff --git a/lib/private/Contacts/ContactsMenu/ContactsStore.php b/lib/private/Contacts/ContactsMenu/ContactsStore.php
index 852765506c0..e0e0bf832b3 100644
--- a/lib/private/Contacts/ContactsMenu/ContactsStore.php
+++ b/lib/private/Contacts/ContactsMenu/ContactsStore.php
@@ -124,6 +124,7 @@ class ContactsStore implements IContactsStore {
 		$disallowEnumeration = $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') !== 'yes';
 		$restrictEnumerationGroup = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no') === 'yes';
 		$restrictEnumerationPhone = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_phone', 'no') === 'yes';
+		$allowEnumerationFullMatch = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match', 'yes') === 'yes';
 		$excludedGroups = $this->config->getAppValue('core', 'shareapi_exclude_groups', 'no') === 'yes';
 
 		// whether to filter out local users
@@ -146,7 +147,7 @@ class ContactsStore implements IContactsStore {
 
 		$selfUID = $self->getUID();
 
-		return array_values(array_filter($entries, function (IEntry $entry) use ($skipLocal, $ownGroupsOnly, $selfGroups, $selfUID, $disallowEnumeration, $restrictEnumerationGroup, $restrictEnumerationPhone, $filter) {
+		return array_values(array_filter($entries, function (IEntry $entry) use ($skipLocal, $ownGroupsOnly, $selfGroups, $selfUID, $disallowEnumeration, $restrictEnumerationGroup, $restrictEnumerationPhone, $allowEnumerationFullMatch, $filter) {
 			if ($entry->getProperty('UID') === $selfUID) {
 				return false;
 			}
@@ -160,6 +161,10 @@ class ContactsStore implements IContactsStore {
 
 				// Prevent enumerating local users
 				if ($disallowEnumeration) {
+					if (!$allowEnumerationFullMatch) {
+						return false;
+					}
+
 					$filterUser = true;
 
 					$mailAddresses = $entry->getEMailAddresses();
diff --git a/lib/private/Share20/Manager.php b/lib/private/Share20/Manager.php
index d7105873dfd..d7e1d053519 100644
--- a/lib/private/Share20/Manager.php
+++ b/lib/private/Share20/Manager.php
@@ -1827,6 +1827,10 @@ class Manager implements IManager {
 			$this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_phone', 'no') === 'yes';
 	}
 
+	public function allowEnumerationFullMatch(): bool {
+		return $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match', 'yes') === 'yes';
+	}
+
 	/**
 	 * Copied from \OC_Util::isSharingDisabledForUser
 	 *
diff --git a/lib/public/Share/IManager.php b/lib/public/Share/IManager.php
index 0c8732b4b15..606e6429918 100644
--- a/lib/public/Share/IManager.php
+++ b/lib/public/Share/IManager.php
@@ -393,6 +393,14 @@ interface IManager {
 	public function limitEnumerationToPhone(): bool;
 
 	/**
+	 * Check if user enumeration is allowed to return on full match
+	 *
+	 * @return bool
+	 * @since 21.0.1
+	 */
+	public function allowEnumerationFullMatch(): bool;
+
+	/**
 	 * Check if sharing is disabled for the given user
 	 *
 	 * @param string $userId
author	Joas Schilling <coding@schilljs.com>	2021-03-10 17:18:44 +0100
committer	Joas Schilling <coding@schilljs.com>	2021-03-11 08:40:26 +0100
commit	77f6d768bc7f6c592ce79ee64155501f010e78eb (patch)
tree	66713e52b8acc7a7613be9ed192b97367e070252 /lib
parent	8069c52a85e9b11836225d542b449fff3906e765 (diff)
download	nextcloud-server-77f6d768bc7f6c592ce79ee64155501f010e78eb.tar.gz nextcloud-server-77f6d768bc7f6c592ce79ee64155501f010e78eb.zip