aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--apps/dav/lib/Connector/Sabre/Principal.php9
-rw-r--r--apps/dav/tests/unit/Connector/Sabre/PrincipalTest.php4
-rw-r--r--lib/private/Share20/Manager.php8
-rw-r--r--lib/public/Share/IManager.php16
4 files changed, 34 insertions, 3 deletions
diff --git a/apps/dav/lib/Connector/Sabre/Principal.php b/apps/dav/lib/Connector/Sabre/Principal.php
index c3f06f95783..94e3978e67d 100644
--- a/apps/dav/lib/Connector/Sabre/Principal.php
+++ b/apps/dav/lib/Connector/Sabre/Principal.php
@@ -270,6 +270,8 @@ class Principal implements BackendInterface {
$limitEnumerationGroup = $this->shareManager->limitEnumerationToGroups();
$limitEnumerationPhone = $this->shareManager->limitEnumerationToPhone();
$allowEnumerationFullMatch = $this->shareManager->allowEnumerationFullMatch();
+ $ignoreSecondDisplayName = $this->shareManager->ignoreSecondDisplayName();
+ $matchEmail = $this->shareManager->matchEmail();
// If sharing is restricted to group members only,
// return only members that have groups in common
@@ -298,7 +300,7 @@ class Principal implements BackendInterface {
switch ($prop) {
case '{http://sabredav.org/ns}email-address':
if (!$allowEnumeration) {
- if ($allowEnumerationFullMatch) {
+ if ($allowEnumerationFullMatch && $matchEmail) {
$users = $this->userManager->getByEmail($value);
} else {
$users = [];
@@ -349,8 +351,9 @@ class Principal implements BackendInterface {
if ($allowEnumerationFullMatch) {
$lowerSearch = strtolower($value);
$users = $this->userManager->searchDisplayName($value, $searchLimit);
- $users = \array_filter($users, static function (IUser $user) use ($lowerSearch) {
- return strtolower($user->getDisplayName()) === $lowerSearch;
+ $users = \array_filter($users, static function (IUser $user) use ($lowerSearch, $ignoreSecondDisplayName) {
+ $lowerDisplayName = strtolower($user->getDisplayName());
+ return $lowerDisplayName === $lowerSearch || ($ignoreSecondDisplayName && trim(preg_replace('/ \(.*\)$/', '', $lowerDisplayName)) === $lowerSearch);
});
} else {
$users = [];
diff --git a/apps/dav/tests/unit/Connector/Sabre/PrincipalTest.php b/apps/dav/tests/unit/Connector/Sabre/PrincipalTest.php
index d7c074c9e3b..86413e4a366 100644
--- a/apps/dav/tests/unit/Connector/Sabre/PrincipalTest.php
+++ b/apps/dav/tests/unit/Connector/Sabre/PrincipalTest.php
@@ -662,6 +662,10 @@ class PrincipalTest extends TestCase {
->method('allowEnumerationFullMatch')
->willReturn(true);
+ $this->shareManager->expects($this->once())
+ ->method('matchEmail')
+ ->willReturn(true);
+
$user2 = $this->createMock(IUser::class);
$user2->method('getUID')->willReturn('user2');
$user2->method('getDisplayName')->willReturn('User 2');
diff --git a/lib/private/Share20/Manager.php b/lib/private/Share20/Manager.php
index aab69eae597..eed86bb41c3 100644
--- a/lib/private/Share20/Manager.php
+++ b/lib/private/Share20/Manager.php
@@ -1963,6 +1963,14 @@ class Manager implements IManager {
return $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match', 'yes') === 'yes';
}
+ public function matchEmail(): bool {
+ return $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_email', 'yes') === 'yes';
+ }
+
+ public function ignoreSecondDisplayName(): bool {
+ return $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_display_name', 'no') === 'yes';
+ }
+
public function currentUserCanEnumerateTargetUser(?IUser $currentUser, IUser $targetUser): bool {
if ($this->allowEnumerationFullMatch()) {
return true;
diff --git a/lib/public/Share/IManager.php b/lib/public/Share/IManager.php
index f6b74c4de4a..f207ca87a2c 100644
--- a/lib/public/Share/IManager.php
+++ b/lib/public/Share/IManager.php
@@ -455,6 +455,22 @@ interface IManager {
public function allowEnumerationFullMatch(): bool;
/**
+ * Check if the search should match the email
+ *
+ * @return bool
+ * @since 25.0.0
+ */
+ public function matchEmail(): bool;
+
+ /**
+ * Check if the search should ignore the second in parentheses display name if there is any
+ *
+ * @return bool
+ * @since 25.0.0
+ */
+ public function ignoreSecondDisplayName(): bool;
+
+ /**
* Check if the current user can enumerate the target user
*
* @param IUser|null $currentUser