From 3b2d69c62b8f38a0d9d50d8ef9d855460a98a2e2 Mon Sep 17 00:00:00 2001 From: Louis Chemineau Date: Tue, 10 May 2022 13:01:48 +0200 Subject: [PATCH 1/8] Add settings to not match userID during full match Signed-off-by: Louis Chemineau --- apps/settings/lib/Settings/Admin/Sharing.php | 1 + .../integration/features/bootstrap/CollaborationContext.php | 1 + lib/private/Collaboration/Collaborators/UserPlugin.php | 5 ++++- 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/apps/settings/lib/Settings/Admin/Sharing.php b/apps/settings/lib/Settings/Admin/Sharing.php index f4c44d49ef80c..666efab988f71 100644 --- a/apps/settings/lib/Settings/Admin/Sharing.php +++ b/apps/settings/lib/Settings/Admin/Sharing.php @@ -89,6 +89,7 @@ public function getForm() { 'enforceLinkPassword' => Util::isPublicLinkPasswordRequired(false), 'passwordExcludedGroups' => $excludedPasswordGroupsList, 'passwordExcludedGroupsFeatureEnabled' => $this->config->getSystemValueBool('sharing.allow_disabled_password_enforcement_groups', false), + 'restrictUserEnumerationFullMatchUserId' => $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_userid', 'yes'), 'onlyShareWithGroupMembers' => $this->shareManager->shareWithGroupMembersOnly(), 'shareAPIEnabled' => $this->config->getAppValue('core', 'shareapi_enabled', 'yes'), 'shareDefaultExpireDateSet' => $this->config->getAppValue('core', 'shareapi_default_expire_date', 'no'), diff --git a/build/integration/features/bootstrap/CollaborationContext.php b/build/integration/features/bootstrap/CollaborationContext.php index 4ac3b6e39717e..a61105f090cc7 100644 --- a/build/integration/features/bootstrap/CollaborationContext.php +++ b/build/integration/features/bootstrap/CollaborationContext.php @@ -69,6 +69,7 @@ protected function resetAppConfigs(): void { $this->deleteServerConfig('core', 'shareapi_restrict_user_enumeration_to_group'); $this->deleteServerConfig('core', 'shareapi_restrict_user_enumeration_to_phone'); $this->deleteServerConfig('core', 'shareapi_restrict_user_enumeration_full_match'); + $this->deleteServerConfig('core', 'shareapi_restrict_user_enumeration_full_match_userid'); $this->deleteServerConfig('core', 'shareapi_only_share_with_group_members'); } diff --git a/lib/private/Collaboration/Collaborators/UserPlugin.php b/lib/private/Collaboration/Collaborators/UserPlugin.php index 9ed94082f0d0e..510f383249a18 100644 --- a/lib/private/Collaboration/Collaborators/UserPlugin.php +++ b/lib/private/Collaboration/Collaborators/UserPlugin.php @@ -54,6 +54,8 @@ class UserPlugin implements ISearchPlugin { protected $shareeEnumerationPhone; /* @var bool */ protected $shareeEnumerationFullMatch; + /* @var bool */ + protected $shareeEnumerationFullMatchUserId; /** @var IConfig */ private $config; @@ -87,6 +89,7 @@ public function __construct(IConfig $config, $this->shareeEnumerationInGroupOnly = $this->shareeEnumeration && $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no') === 'yes'; $this->shareeEnumerationPhone = $this->shareeEnumeration && $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_phone', 'no') === 'yes'; $this->shareeEnumerationFullMatch = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match', 'yes') === 'yes'; + $this->shareeEnumerationFullMatchUserId = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_userid', 'yes') === 'yes'; } public function search($search, $limit, $offset, ISearchResult $searchResult) { @@ -228,7 +231,7 @@ public function search($search, $limit, $offset, ISearchResult $searchResult) { } } - if ($this->shareeEnumerationFullMatch && $offset === 0 && !$foundUserById) { + if ($this->shareeEnumerationFullMatch && $this->shareeEnumerationFullMatchUserId && $offset === 0 && !$foundUserById) { // On page one we try if the search result has a direct hit on the // user id and if so, we add that to the exact match list $user = $this->userManager->get($search); From 1d6ecf43afc4e11a23776dd26817fc794c79c4b8 Mon Sep 17 00:00:00 2001 From: Louis Chemineau Date: Mon, 11 Apr 2022 12:49:15 +0200 Subject: [PATCH 2/8] Tweak tests to include shareapi_restrict_user_enumeration_full_match_userid Signed-off-by: Louis Chemineau --- apps/settings/tests/Settings/Admin/SharingTest.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/apps/settings/tests/Settings/Admin/SharingTest.php b/apps/settings/tests/Settings/Admin/SharingTest.php index 983fc04022ed4..2d2846bfc90a9 100644 --- a/apps/settings/tests/Settings/Admin/SharingTest.php +++ b/apps/settings/tests/Settings/Admin/SharingTest.php @@ -76,6 +76,7 @@ public function testGetFormWithoutExcludedGroups() { ['core', 'shareapi_restrict_user_enumeration_to_group', 'no', 'no'], ['core', 'shareapi_restrict_user_enumeration_to_phone', 'no', 'no'], ['core', 'shareapi_restrict_user_enumeration_full_match', 'yes', 'yes'], + ['core', 'shareapi_restrict_user_enumeration_full_match_userid', 'yes', 'yes'], ['core', 'shareapi_enabled', 'yes', 'yes'], ['core', 'shareapi_default_expire_date', 'no', 'no'], ['core', 'shareapi_expire_after_n_days', '7', '7'], @@ -106,6 +107,7 @@ public function testGetFormWithoutExcludedGroups() { 'restrictUserEnumerationToGroup' => 'no', 'restrictUserEnumerationToPhone' => 'no', 'restrictUserEnumerationFullMatch' => 'yes', + 'restrictUserEnumerationFullMatchUserId' => 'yes', 'enforceLinkPassword' => false, 'onlyShareWithGroupMembers' => false, 'shareAPIEnabled' => 'yes', @@ -147,6 +149,7 @@ public function testGetFormWithExcludedGroups() { ['core', 'shareapi_restrict_user_enumeration_to_group', 'no', 'no'], ['core', 'shareapi_restrict_user_enumeration_to_phone', 'no', 'no'], ['core', 'shareapi_restrict_user_enumeration_full_match', 'yes', 'yes'], + ['core', 'shareapi_restrict_user_enumeration_full_match_userid', 'yes', 'yes'], ['core', 'shareapi_enabled', 'yes', 'yes'], ['core', 'shareapi_default_expire_date', 'no', 'no'], ['core', 'shareapi_expire_after_n_days', '7', '7'], @@ -177,6 +180,7 @@ public function testGetFormWithExcludedGroups() { 'restrictUserEnumerationToGroup' => 'no', 'restrictUserEnumerationToPhone' => 'no', 'restrictUserEnumerationFullMatch' => 'yes', + 'restrictUserEnumerationFullMatchUserId' => 'yes', 'enforceLinkPassword' => false, 'onlyShareWithGroupMembers' => false, 'shareAPIEnabled' => 'yes', From 752a9fa8d6454513e3e89636eebe201d13b17de0 Mon Sep 17 00:00:00 2001 From: Louis Chemineau Date: Tue, 10 May 2022 13:05:08 +0200 Subject: [PATCH 3/8] Add settings to ignore second display name in search Signed-off-by: Louis Chemineau --- apps/settings/lib/Settings/Admin/Sharing.php | 2 +- .../tests/Settings/Admin/SharingTest.php | 4 + .../bootstrap/CollaborationContext.php | 1 + .../Collaborators/UserPlugin.php | 4 + .../Collaborators/UserPluginTest.php | 151 +++++++++++++++--- 5 files changed, 143 insertions(+), 19 deletions(-) diff --git a/apps/settings/lib/Settings/Admin/Sharing.php b/apps/settings/lib/Settings/Admin/Sharing.php index 666efab988f71..8c18d1f421da6 100644 --- a/apps/settings/lib/Settings/Admin/Sharing.php +++ b/apps/settings/lib/Settings/Admin/Sharing.php @@ -86,7 +86,7 @@ public function getForm() { 'restrictUserEnumerationToGroup' => $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no'), 'restrictUserEnumerationToPhone' => $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_phone', 'no'), 'restrictUserEnumerationFullMatch' => $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match', 'yes'), - 'enforceLinkPassword' => Util::isPublicLinkPasswordRequired(false), + '' => Util::isPublicLinkPasswordRequired(false), 'passwordExcludedGroups' => $excludedPasswordGroupsList, 'passwordExcludedGroupsFeatureEnabled' => $this->config->getSystemValueBool('sharing.allow_disabled_password_enforcement_groups', false), 'restrictUserEnumerationFullMatchUserId' => $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_userid', 'yes'), diff --git a/apps/settings/tests/Settings/Admin/SharingTest.php b/apps/settings/tests/Settings/Admin/SharingTest.php index 2d2846bfc90a9..06346f00ad6af 100644 --- a/apps/settings/tests/Settings/Admin/SharingTest.php +++ b/apps/settings/tests/Settings/Admin/SharingTest.php @@ -77,6 +77,7 @@ public function testGetFormWithoutExcludedGroups() { ['core', 'shareapi_restrict_user_enumeration_to_phone', 'no', 'no'], ['core', 'shareapi_restrict_user_enumeration_full_match', 'yes', 'yes'], ['core', 'shareapi_restrict_user_enumeration_full_match_userid', 'yes', 'yes'], + ['core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_display_name', 'no', 'no'], ['core', 'shareapi_enabled', 'yes', 'yes'], ['core', 'shareapi_default_expire_date', 'no', 'no'], ['core', 'shareapi_expire_after_n_days', '7', '7'], @@ -108,6 +109,7 @@ public function testGetFormWithoutExcludedGroups() { 'restrictUserEnumerationToPhone' => 'no', 'restrictUserEnumerationFullMatch' => 'yes', 'restrictUserEnumerationFullMatchUserId' => 'yes', + 'restrictUserEnumerationFullMatchIgnoreSecondDisplayName' => 'no', 'enforceLinkPassword' => false, 'onlyShareWithGroupMembers' => false, 'shareAPIEnabled' => 'yes', @@ -150,6 +152,7 @@ public function testGetFormWithExcludedGroups() { ['core', 'shareapi_restrict_user_enumeration_to_phone', 'no', 'no'], ['core', 'shareapi_restrict_user_enumeration_full_match', 'yes', 'yes'], ['core', 'shareapi_restrict_user_enumeration_full_match_userid', 'yes', 'yes'], + ['core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_display_name', 'no', 'no'], ['core', 'shareapi_enabled', 'yes', 'yes'], ['core', 'shareapi_default_expire_date', 'no', 'no'], ['core', 'shareapi_expire_after_n_days', '7', '7'], @@ -181,6 +184,7 @@ public function testGetFormWithExcludedGroups() { 'restrictUserEnumerationToPhone' => 'no', 'restrictUserEnumerationFullMatch' => 'yes', 'restrictUserEnumerationFullMatchUserId' => 'yes', + 'restrictUserEnumerationFullMatchIgnoreSecondDisplayName' => 'no', 'enforceLinkPassword' => false, 'onlyShareWithGroupMembers' => false, 'shareAPIEnabled' => 'yes', diff --git a/build/integration/features/bootstrap/CollaborationContext.php b/build/integration/features/bootstrap/CollaborationContext.php index a61105f090cc7..77fea0c3960e9 100644 --- a/build/integration/features/bootstrap/CollaborationContext.php +++ b/build/integration/features/bootstrap/CollaborationContext.php @@ -70,6 +70,7 @@ protected function resetAppConfigs(): void { $this->deleteServerConfig('core', 'shareapi_restrict_user_enumeration_to_phone'); $this->deleteServerConfig('core', 'shareapi_restrict_user_enumeration_full_match'); $this->deleteServerConfig('core', 'shareapi_restrict_user_enumeration_full_match_userid'); + $this->deleteServerConfig('core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_display_name'); $this->deleteServerConfig('core', 'shareapi_only_share_with_group_members'); } diff --git a/lib/private/Collaboration/Collaborators/UserPlugin.php b/lib/private/Collaboration/Collaborators/UserPlugin.php index 510f383249a18..819ecfa50d8d1 100644 --- a/lib/private/Collaboration/Collaborators/UserPlugin.php +++ b/lib/private/Collaboration/Collaborators/UserPlugin.php @@ -56,6 +56,8 @@ class UserPlugin implements ISearchPlugin { protected $shareeEnumerationFullMatch; /* @var bool */ protected $shareeEnumerationFullMatchUserId; + /* @var bool */ + protected $shareeEnumerationFullMatchIgnoreSecondDisplayName; /** @var IConfig */ private $config; @@ -90,6 +92,7 @@ public function __construct(IConfig $config, $this->shareeEnumerationPhone = $this->shareeEnumeration && $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_phone', 'no') === 'yes'; $this->shareeEnumerationFullMatch = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match', 'yes') === 'yes'; $this->shareeEnumerationFullMatchUserId = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_userid', 'yes') === 'yes'; + $this->shareeEnumerationFullMatchIgnoreSecondDisplayName = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_display_name', 'no') === 'yes'; } public function search($search, $limit, $offset, ISearchResult $searchResult) { @@ -181,6 +184,7 @@ public function search($search, $limit, $offset, ISearchResult $searchResult) { $this->shareeEnumerationFullMatch && $lowerSearch !== '' && (strtolower($uid) === $lowerSearch || strtolower($userDisplayName) === $lowerSearch || + ($this->shareeEnumerationFullMatchIgnoreSecondDisplayName && trim(strtolower(preg_replace('/ \(.*\)$/', '', $userDisplayName))) === $lowerSearch) || strtolower($userEmail) === $lowerSearch) ) { if (strtolower($uid) === $lowerSearch) { diff --git a/tests/lib/Collaboration/Collaborators/UserPluginTest.php b/tests/lib/Collaboration/Collaborators/UserPluginTest.php index acbcd42f04f75..2b7a08fe4e1ac 100644 --- a/tests/lib/Collaboration/Collaborators/UserPluginTest.php +++ b/tests/lib/Collaboration/Collaborators/UserPluginTest.php @@ -104,21 +104,12 @@ public function instantiatePlugin() { ); } - public function mockConfig($shareWithGroupOnly, $shareeEnumeration, $shareeEnumerationLimitToGroup, $shareeEnumerationPhone = false) { + public function mockConfig($mockedSettings) { $this->config->expects($this->any()) ->method('getAppValue') ->willReturnCallback( - function ($appName, $key, $default) use ($shareWithGroupOnly, $shareeEnumeration, $shareeEnumerationLimitToGroup, $shareeEnumerationPhone) { - if ($appName === 'core' && $key === 'shareapi_only_share_with_group_members') { - return $shareWithGroupOnly ? 'yes' : 'no'; - } elseif ($appName === 'core' && $key === 'shareapi_allow_share_dialog_user_enumeration') { - return $shareeEnumeration ? 'yes' : 'no'; - } elseif ($appName === 'core' && $key === 'shareapi_restrict_user_enumeration_to_group') { - return $shareeEnumerationLimitToGroup ? 'yes' : 'no'; - } elseif ($appName === 'core' && $key === 'shareapi_restrict_user_enumeration_to_phone') { - return $shareeEnumerationPhone ? 'yes' : 'no'; - } - return $default; + function ($appName, $key, $default) use ($mockedSettings) { + return $mockedSettings[$appName][$key] ?? $default; } ); } @@ -470,7 +461,13 @@ public function testSearch( array $users = [], $shareeEnumerationPhone = false ) { - $this->mockConfig($shareWithGroupOnly, $shareeEnumeration, false, $shareeEnumerationPhone); + $this->mockConfig(["core" => [ + 'shareapi_only_share_with_group_members' => $shareWithGroupOnly ? 'yes' : 'no', + 'shareapi_allow_share_dialog_user_enumeration' => $shareeEnumeration? 'yes' : 'no', + 'shareapi_restrict_user_enumeration_to_group' => false ? 'yes' : 'no', + 'shareapi_restrict_user_enumeration_to_phone' => $shareeEnumerationPhone ? 'yes' : 'no', + ]]); + $this->instantiatePlugin(); $this->session->expects($this->any()) @@ -586,6 +583,83 @@ public function dataSearchEnumeration() { ['uid' => 'test2', 'groups' => ['groupB']], ], ['exact' => [], 'wide' => ['test1']], + ['core' => ['shareapi_restrict_user_enumeration_to_group' => 'yes']], + ], + [ + 'test', + ['groupA'], + [ + ['uid' => 'test1', 'displayName' => 'Test user 1', 'groups' => ['groupA']], + ['uid' => 'test2', 'displayName' => 'Test user 2', 'groups' => ['groupA']], + ], + ['exact' => [], 'wide' => []], + ['core' => ['shareapi_allow_share_dialog_user_enumeration' => 'no']], + ], + [ + 'test1', + ['groupA'], + [ + ['uid' => 'test1', 'displayName' => 'Test user 1', 'groups' => ['groupA']], + ['uid' => 'test2', 'displayName' => 'Test user 2', 'groups' => ['groupA']], + ], + ['exact' => ['test1'], 'wide' => []], + ['core' => ['shareapi_allow_share_dialog_user_enumeration' => 'no']], + ], + [ + 'test1', + ['groupA'], + [ + ['uid' => 'test1', 'displayName' => 'Test user 1', 'groups' => ['groupA']], + ['uid' => 'test2', 'displayName' => 'Test user 2', 'groups' => ['groupA']], + ], + ['exact' => [], 'wide' => []], + [ + 'core' => [ + 'shareapi_allow_share_dialog_user_enumeration' => 'no', + 'shareapi_restrict_user_enumeration_full_match_userid' => 'no', + ], + ] + ], + [ + 'Test user 1', + ['groupA'], + [ + ['uid' => 'test1', 'displayName' => 'Test user 1', 'groups' => ['groupA']], + ['uid' => 'test2', 'displayName' => 'Test user 2', 'groups' => ['groupA']], + ], + ['exact' => ['test1'], 'wide' => []], + [ + 'core' => [ + 'shareapi_allow_share_dialog_user_enumeration' => 'no', + 'shareapi_restrict_user_enumeration_full_match_userid' => 'no', + ], + ] + ], + [ + 'Test user 1', + ['groupA'], + [ + ['uid' => 'test1', 'displayName' => 'Test user 1 (Second displayName for user 1)', 'groups' => ['groupA']], + ['uid' => 'test2', 'displayName' => 'Test user 2 (Second displayName for user 2)', 'groups' => ['groupA']], + ], + ['exact' => [], 'wide' => []], + ['core' => ['shareapi_allow_share_dialog_user_enumeration' => 'no'], + ] + ], + [ + 'Test user 1', + ['groupA'], + [ + ['uid' => 'test1', 'displayName' => 'Test user 1 (Second displayName for user 1)', 'groups' => ['groupA']], + ['uid' => 'test2', 'displayName' => 'Test user 2 (Second displayName for user 2)', 'groups' => ['groupA']], + ], + ['exact' => ['test1'], 'wide' => []], + [ + 'core' => [ + 'shareapi_allow_share_dialog_user_enumeration' => 'no', + 'shareapi_restrict_user_enumeration_full_match_ignore_second_display_name' => 'yes', + ], + ] ], [ 'test1', @@ -595,6 +669,7 @@ public function dataSearchEnumeration() { ['uid' => 'test2', 'groups' => ['groupB']], ], ['exact' => ['test1'], 'wide' => []], + ['core' => ['shareapi_restrict_user_enumeration_to_group' => 'yes']], ], [ 'test', @@ -604,6 +679,7 @@ public function dataSearchEnumeration() { ['uid' => 'test2', 'groups' => ['groupB', 'groupA']], ], ['exact' => [], 'wide' => ['test1', 'test2']], + ['core' => ['shareapi_restrict_user_enumeration_to_group' => 'yes']], ], [ 'test', @@ -613,6 +689,7 @@ public function dataSearchEnumeration() { ['uid' => 'test2', 'groups' => ['groupB', 'groupA']], ], ['exact' => [], 'wide' => ['test1', 'test2']], + ['core' => ['shareapi_restrict_user_enumeration_to_group' => 'yes']], ], [ 'test', @@ -622,6 +699,7 @@ public function dataSearchEnumeration() { ['uid' => 'test2', 'groups' => ['groupB', 'groupA']], ], ['exact' => [], 'wide' => ['test1', 'test2']], + ['core' => ['shareapi_restrict_user_enumeration_to_group' => 'yes']], ], [ 'test', @@ -631,6 +709,7 @@ public function dataSearchEnumeration() { ['uid' => 'test2', 'groups' => ['groupB', 'groupA']], ], ['exact' => [], 'wide' => []], + ['core' => ['shareapi_restrict_user_enumeration_to_group' => 'yes']], ], [ 'test', @@ -640,6 +719,7 @@ public function dataSearchEnumeration() { ['uid' => 'test2', 'groups' => []], ], ['exact' => [], 'wide' => []], + ['core' => ['shareapi_restrict_user_enumeration_to_group' => 'yes']], ], [ 'test', @@ -649,6 +729,7 @@ public function dataSearchEnumeration() { ['uid' => 'test2', 'groups' => []], ], ['exact' => [], 'wide' => []], + ['core' => ['shareapi_restrict_user_enumeration_to_group' => 'yes']], ], ]; } @@ -656,19 +737,38 @@ public function dataSearchEnumeration() { /** * @dataProvider dataSearchEnumeration */ - public function testSearchEnumerationLimit($search, $userGroups, $matchingUsers, $result) { - $this->mockConfig(false, true, true); + public function testSearchEnumerationLimit($search, $userGroups, $matchingUsers, $result, $mockedSettings) { + $this->mockConfig($mockedSettings); $userResults = []; foreach ($matchingUsers as $user) { $userResults[$user['uid']] = $user['uid']; } - $mappedResultExact = array_map(function ($user) { - return ['label' => $user, 'value' => ['shareType' => 0, 'shareWith' => $user], 'icon' => 'icon-user', 'subline' => null, 'status' => [], 'shareWithDisplayNameUnique' => $user]; + $usersById = []; + foreach ($matchingUsers as $user) { + $usersById[$user['uid']] = $user; + } + + $mappedResultExact = array_map(function ($user) use ($usersById, $search) { + return [ + 'label' => $search === $user ? $user : $usersById[$user]['displayName'], + 'value' => ['shareType' => 0, 'shareWith' => $user], + 'icon' => 'icon-user', + 'subline' => null, + 'status' => [], + 'shareWithDisplayNameUnique' => $user, + ]; }, $result['exact']); $mappedResultWide = array_map(function ($user) { - return ['label' => $user, 'value' => ['shareType' => 0, 'shareWith' => $user], 'icon' => 'icon-user', 'subline' => null, 'status' => [], 'shareWithDisplayNameUnique' => $user]; + return [ + 'label' => $user, + 'value' => ['shareType' => 0, 'shareWith' => $user], + 'icon' => 'icon-user', + 'subline' => null, + 'status' => [], + 'shareWithDisplayNameUnique' => $user, + ]; }, $result['wide']); $this->userManager @@ -679,6 +779,21 @@ public function testSearchEnumerationLimit($search, $userGroups, $matchingUsers, } return null; }); + $this->userManager + ->method('searchDisplayName') + ->willReturnCallback(function ($search) use ($matchingUsers) { + $users = array_filter( + $matchingUsers, + function ($user) use ($search) { + return str_contains(strtolower($user['displayName']), strtolower($search)); + }); + return array_map( + function ($user) { + return $this->getUserMock($user['uid'], $user['displayName']); + }, + $users + ); + }); $this->groupManager->method('displayNamesInGroup') ->willReturn($userResults); From 3ecb7da97b74b95d8861fc6e68a794f5a4cbb862 Mon Sep 17 00:00:00 2001 From: Louis Chemineau Date: Wed, 13 Apr 2022 15:38:09 +0200 Subject: [PATCH 4/8] Add setting to ignore email during search Signed-off-by: Louis Chemineau --- apps/settings/lib/Settings/Admin/Sharing.php | 3 +++ apps/settings/tests/Settings/Admin/SharingTest.php | 4 ++++ .../features/bootstrap/CollaborationContext.php | 1 + lib/private/Collaboration/Collaborators/MailPlugin.php | 7 +++++++ lib/private/Collaboration/Collaborators/UserPlugin.php | 5 ++++- 5 files changed, 19 insertions(+), 1 deletion(-) diff --git a/apps/settings/lib/Settings/Admin/Sharing.php b/apps/settings/lib/Settings/Admin/Sharing.php index 8c18d1f421da6..a0bc2c351775e 100644 --- a/apps/settings/lib/Settings/Admin/Sharing.php +++ b/apps/settings/lib/Settings/Admin/Sharing.php @@ -90,6 +90,9 @@ public function getForm() { 'passwordExcludedGroups' => $excludedPasswordGroupsList, 'passwordExcludedGroupsFeatureEnabled' => $this->config->getSystemValueBool('sharing.allow_disabled_password_enforcement_groups', false), 'restrictUserEnumerationFullMatchUserId' => $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_userid', 'yes'), + 'restrictUserEnumerationFullMatchEmail' => $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_email', 'yes'), + 'restrictUserEnumerationFullMatchIgnoreSecondDisplayName' => $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_display_name', 'no'), + 'enforceLinkPassword' => Util::isPublicLinkPasswordRequired(), 'onlyShareWithGroupMembers' => $this->shareManager->shareWithGroupMembersOnly(), 'shareAPIEnabled' => $this->config->getAppValue('core', 'shareapi_enabled', 'yes'), 'shareDefaultExpireDateSet' => $this->config->getAppValue('core', 'shareapi_default_expire_date', 'no'), diff --git a/apps/settings/tests/Settings/Admin/SharingTest.php b/apps/settings/tests/Settings/Admin/SharingTest.php index 06346f00ad6af..ab83b5feb115e 100644 --- a/apps/settings/tests/Settings/Admin/SharingTest.php +++ b/apps/settings/tests/Settings/Admin/SharingTest.php @@ -77,6 +77,7 @@ public function testGetFormWithoutExcludedGroups() { ['core', 'shareapi_restrict_user_enumeration_to_phone', 'no', 'no'], ['core', 'shareapi_restrict_user_enumeration_full_match', 'yes', 'yes'], ['core', 'shareapi_restrict_user_enumeration_full_match_userid', 'yes', 'yes'], + ['core', 'shareapi_restrict_user_enumeration_full_match_email', 'yes', 'yes'], ['core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_display_name', 'no', 'no'], ['core', 'shareapi_enabled', 'yes', 'yes'], ['core', 'shareapi_default_expire_date', 'no', 'no'], @@ -109,6 +110,7 @@ public function testGetFormWithoutExcludedGroups() { 'restrictUserEnumerationToPhone' => 'no', 'restrictUserEnumerationFullMatch' => 'yes', 'restrictUserEnumerationFullMatchUserId' => 'yes', + 'restrictUserEnumerationFullMatchEmail' => 'yes', 'restrictUserEnumerationFullMatchIgnoreSecondDisplayName' => 'no', 'enforceLinkPassword' => false, 'onlyShareWithGroupMembers' => false, @@ -152,6 +154,7 @@ public function testGetFormWithExcludedGroups() { ['core', 'shareapi_restrict_user_enumeration_to_phone', 'no', 'no'], ['core', 'shareapi_restrict_user_enumeration_full_match', 'yes', 'yes'], ['core', 'shareapi_restrict_user_enumeration_full_match_userid', 'yes', 'yes'], + ['core', 'shareapi_restrict_user_enumeration_full_match_email', 'yes', 'yes'], ['core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_display_name', 'no', 'no'], ['core', 'shareapi_enabled', 'yes', 'yes'], ['core', 'shareapi_default_expire_date', 'no', 'no'], @@ -184,6 +187,7 @@ public function testGetFormWithExcludedGroups() { 'restrictUserEnumerationToPhone' => 'no', 'restrictUserEnumerationFullMatch' => 'yes', 'restrictUserEnumerationFullMatchUserId' => 'yes', + 'restrictUserEnumerationFullMatchEmail' => 'yes', 'restrictUserEnumerationFullMatchIgnoreSecondDisplayName' => 'no', 'enforceLinkPassword' => false, 'onlyShareWithGroupMembers' => false, diff --git a/build/integration/features/bootstrap/CollaborationContext.php b/build/integration/features/bootstrap/CollaborationContext.php index 77fea0c3960e9..8f13e3f02f1c8 100644 --- a/build/integration/features/bootstrap/CollaborationContext.php +++ b/build/integration/features/bootstrap/CollaborationContext.php @@ -70,6 +70,7 @@ protected function resetAppConfigs(): void { $this->deleteServerConfig('core', 'shareapi_restrict_user_enumeration_to_phone'); $this->deleteServerConfig('core', 'shareapi_restrict_user_enumeration_full_match'); $this->deleteServerConfig('core', 'shareapi_restrict_user_enumeration_full_match_userid'); + $this->deleteServerConfig('core', 'shareapi_restrict_user_enumeration_full_match_email'); $this->deleteServerConfig('core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_display_name'); $this->deleteServerConfig('core', 'shareapi_only_share_with_group_members'); } diff --git a/lib/private/Collaboration/Collaborators/MailPlugin.php b/lib/private/Collaboration/Collaborators/MailPlugin.php index f588bc4fd73a7..762d71baab399 100644 --- a/lib/private/Collaboration/Collaborators/MailPlugin.php +++ b/lib/private/Collaboration/Collaborators/MailPlugin.php @@ -51,6 +51,8 @@ class MailPlugin implements ISearchPlugin { protected $shareeEnumerationPhone; /* @var bool */ protected $shareeEnumerationFullMatch; + /* @var bool */ + protected $shareeEnumerationFullMatchEmail; /** @var IManager */ private $contactsManager; @@ -88,12 +90,17 @@ public function __construct(IManager $contactsManager, $this->shareeEnumerationInGroupOnly = $this->shareeEnumeration && $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no') === 'yes'; $this->shareeEnumerationPhone = $this->shareeEnumeration && $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_phone', 'no') === 'yes'; $this->shareeEnumerationFullMatch = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match', 'yes') === 'yes'; + $this->shareeEnumerationFullMatchEmail = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_email', 'yes') === 'yes'; } /** * {@inheritdoc} */ public function search($search, $limit, $offset, ISearchResult $searchResult) { + if ($this->shareeEnumerationFullMatch && !$this->shareeEnumerationFullMatchEmail) { + return false; + } + $currentUserId = $this->userSession->getUser()->getUID(); $result = $userResults = ['wide' => [], 'exact' => []]; diff --git a/lib/private/Collaboration/Collaborators/UserPlugin.php b/lib/private/Collaboration/Collaborators/UserPlugin.php index 819ecfa50d8d1..49b7a3caac412 100644 --- a/lib/private/Collaboration/Collaborators/UserPlugin.php +++ b/lib/private/Collaboration/Collaborators/UserPlugin.php @@ -57,6 +57,8 @@ class UserPlugin implements ISearchPlugin { /* @var bool */ protected $shareeEnumerationFullMatchUserId; /* @var bool */ + protected $shareeEnumerationFullMatchEmail; + /* @var bool */ protected $shareeEnumerationFullMatchIgnoreSecondDisplayName; /** @var IConfig */ @@ -92,6 +94,7 @@ public function __construct(IConfig $config, $this->shareeEnumerationPhone = $this->shareeEnumeration && $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_phone', 'no') === 'yes'; $this->shareeEnumerationFullMatch = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match', 'yes') === 'yes'; $this->shareeEnumerationFullMatchUserId = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_userid', 'yes') === 'yes'; + $this->shareeEnumerationFullMatchEmail = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_email', 'yes') === 'yes'; $this->shareeEnumerationFullMatchIgnoreSecondDisplayName = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_display_name', 'no') === 'yes'; } @@ -185,7 +188,7 @@ public function search($search, $limit, $offset, ISearchResult $searchResult) { $lowerSearch !== '' && (strtolower($uid) === $lowerSearch || strtolower($userDisplayName) === $lowerSearch || ($this->shareeEnumerationFullMatchIgnoreSecondDisplayName && trim(strtolower(preg_replace('/ \(.*\)$/', '', $userDisplayName))) === $lowerSearch) || - strtolower($userEmail) === $lowerSearch) + ($this->shareeEnumerationFullMatchEmail && strtolower($userEmail) === $lowerSearch)) ) { if (strtolower($uid) === $lowerSearch) { $foundUserById = true; From 831937e341e0bebda351d7321db7955e41caeffa Mon Sep 17 00:00:00 2001 From: Louis Chemineau Date: Wed, 13 Apr 2022 15:07:27 +0200 Subject: [PATCH 5/8] Use share setting in DAV search shareapi_restrict_user_enumeration_full_match_ignore_second_display_name was introduced to ignore second display name during search from the share panel. But this setting was not respected by search from the calendar application. This fix it. Signed-off-by: Louis Chemineau --- apps/dav/lib/Connector/Sabre/Principal.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/apps/dav/lib/Connector/Sabre/Principal.php b/apps/dav/lib/Connector/Sabre/Principal.php index e696659b338d8..358dd732ea012 100644 --- a/apps/dav/lib/Connector/Sabre/Principal.php +++ b/apps/dav/lib/Connector/Sabre/Principal.php @@ -265,6 +265,7 @@ protected function searchUserPrincipals(array $searchProperties, $test = 'allof' $limitEnumerationGroup = $this->shareManager->limitEnumerationToGroups(); $limitEnumerationPhone = $this->shareManager->limitEnumerationToPhone(); $allowEnumerationFullMatch = $this->shareManager->allowEnumerationFullMatch(); + $ignoreSecondDisplayName = $this->shareManager->ignoreSecondDisplayName(); // If sharing is restricted to group members only, // return only members that have groups in common @@ -344,8 +345,9 @@ protected function searchUserPrincipals(array $searchProperties, $test = 'allof' if ($allowEnumerationFullMatch) { $lowerSearch = strtolower($value); $users = $this->userManager->searchDisplayName($value, $searchLimit); - $users = \array_filter($users, static function (IUser $user) use ($lowerSearch) { - return strtolower($user->getDisplayName()) === $lowerSearch; + $users = \array_filter($users, static function (IUser $user) use ($lowerSearch, $ignoreSecondDisplayName) { + $lowerDisplayName = strtolower($user->getDisplayName()); + return $lowerDisplayName === $lowerSearch || ($ignoreSecondDisplayName && trim(preg_replace('/ \(.*\)$/', '', $lowerDisplayName)) === $lowerSearch); }); } else { $users = []; From 2f2b8ef764b76ccd17410b203dc78b4a23a3e376 Mon Sep 17 00:00:00 2001 From: Louis Chemineau Date: Tue, 19 Apr 2022 12:54:28 +0200 Subject: [PATCH 6/8] Use email settings in DAV search Signed-off-by: Louis Chemineau --- apps/dav/lib/Connector/Sabre/Principal.php | 3 ++- apps/dav/tests/unit/Connector/Sabre/PrincipalTest.php | 4 ++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/apps/dav/lib/Connector/Sabre/Principal.php b/apps/dav/lib/Connector/Sabre/Principal.php index 358dd732ea012..e597b52f84f77 100644 --- a/apps/dav/lib/Connector/Sabre/Principal.php +++ b/apps/dav/lib/Connector/Sabre/Principal.php @@ -266,6 +266,7 @@ protected function searchUserPrincipals(array $searchProperties, $test = 'allof' $limitEnumerationPhone = $this->shareManager->limitEnumerationToPhone(); $allowEnumerationFullMatch = $this->shareManager->allowEnumerationFullMatch(); $ignoreSecondDisplayName = $this->shareManager->ignoreSecondDisplayName(); + $matchEmail = $this->shareManager->matchEmail(); // If sharing is restricted to group members only, // return only members that have groups in common @@ -294,7 +295,7 @@ protected function searchUserPrincipals(array $searchProperties, $test = 'allof' switch ($prop) { case '{http://sabredav.org/ns}email-address': if (!$allowEnumeration) { - if ($allowEnumerationFullMatch) { + if ($allowEnumerationFullMatch && $matchEmail) { $users = $this->userManager->getByEmail($value); } else { $users = []; diff --git a/apps/dav/tests/unit/Connector/Sabre/PrincipalTest.php b/apps/dav/tests/unit/Connector/Sabre/PrincipalTest.php index 39bb41688dc05..b9dd5be184303 100644 --- a/apps/dav/tests/unit/Connector/Sabre/PrincipalTest.php +++ b/apps/dav/tests/unit/Connector/Sabre/PrincipalTest.php @@ -633,6 +633,10 @@ public function testSearchPrincipalWithEnumerationDisabledEmail() { ->method('allowEnumerationFullMatch') ->willReturn(true); + $this->shareManager->expects($this->once()) + ->method('matchEmail') + ->willReturn(true); + $user2 = $this->createMock(IUser::class); $user2->method('getUID')->willReturn('user2'); $user2->method('getDisplayName')->willReturn('User 2'); From 7a454a7702f5c1d7e3a3ebba00d03a26fcbcae0b Mon Sep 17 00:00:00 2001 From: Louis Chemineau Date: Mon, 27 Jun 2022 11:17:34 +0200 Subject: [PATCH 7/8] FInish backport to stable22 of #32322 Signed-off-by: Louis Chemineau --- apps/settings/lib/Settings/Admin/Sharing.php | 2 +- .../tests/Settings/Admin/SharingTest.php | 8 ++++---- .../features/bootstrap/CollaborationContext.php | 2 +- .../Collaboration/Collaborators/UserPlugin.php | 2 +- lib/private/Share20/Manager.php | 8 ++++++++ lib/public/Share/IManager.php | 16 ++++++++++++++++ .../Collaborators/UserPluginTest.php | 2 +- 7 files changed, 32 insertions(+), 8 deletions(-) diff --git a/apps/settings/lib/Settings/Admin/Sharing.php b/apps/settings/lib/Settings/Admin/Sharing.php index a0bc2c351775e..2758b71c2f615 100644 --- a/apps/settings/lib/Settings/Admin/Sharing.php +++ b/apps/settings/lib/Settings/Admin/Sharing.php @@ -91,7 +91,7 @@ public function getForm() { 'passwordExcludedGroupsFeatureEnabled' => $this->config->getSystemValueBool('sharing.allow_disabled_password_enforcement_groups', false), 'restrictUserEnumerationFullMatchUserId' => $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_userid', 'yes'), 'restrictUserEnumerationFullMatchEmail' => $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_email', 'yes'), - 'restrictUserEnumerationFullMatchIgnoreSecondDisplayName' => $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_display_name', 'no'), + 'restrictUserEnumerationFullMatchIgnoreSecondDN' => $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_dn', 'no'), 'enforceLinkPassword' => Util::isPublicLinkPasswordRequired(), 'onlyShareWithGroupMembers' => $this->shareManager->shareWithGroupMembersOnly(), 'shareAPIEnabled' => $this->config->getAppValue('core', 'shareapi_enabled', 'yes'), diff --git a/apps/settings/tests/Settings/Admin/SharingTest.php b/apps/settings/tests/Settings/Admin/SharingTest.php index ab83b5feb115e..0807add027786 100644 --- a/apps/settings/tests/Settings/Admin/SharingTest.php +++ b/apps/settings/tests/Settings/Admin/SharingTest.php @@ -78,7 +78,7 @@ public function testGetFormWithoutExcludedGroups() { ['core', 'shareapi_restrict_user_enumeration_full_match', 'yes', 'yes'], ['core', 'shareapi_restrict_user_enumeration_full_match_userid', 'yes', 'yes'], ['core', 'shareapi_restrict_user_enumeration_full_match_email', 'yes', 'yes'], - ['core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_display_name', 'no', 'no'], + ['core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_dn', 'no', 'no'], ['core', 'shareapi_enabled', 'yes', 'yes'], ['core', 'shareapi_default_expire_date', 'no', 'no'], ['core', 'shareapi_expire_after_n_days', '7', '7'], @@ -111,7 +111,7 @@ public function testGetFormWithoutExcludedGroups() { 'restrictUserEnumerationFullMatch' => 'yes', 'restrictUserEnumerationFullMatchUserId' => 'yes', 'restrictUserEnumerationFullMatchEmail' => 'yes', - 'restrictUserEnumerationFullMatchIgnoreSecondDisplayName' => 'no', + 'restrictUserEnumerationFullMatchIgnoreSecondDN' => 'no', 'enforceLinkPassword' => false, 'onlyShareWithGroupMembers' => false, 'shareAPIEnabled' => 'yes', @@ -155,7 +155,7 @@ public function testGetFormWithExcludedGroups() { ['core', 'shareapi_restrict_user_enumeration_full_match', 'yes', 'yes'], ['core', 'shareapi_restrict_user_enumeration_full_match_userid', 'yes', 'yes'], ['core', 'shareapi_restrict_user_enumeration_full_match_email', 'yes', 'yes'], - ['core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_display_name', 'no', 'no'], + ['core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_dn', 'no', 'no'], ['core', 'shareapi_enabled', 'yes', 'yes'], ['core', 'shareapi_default_expire_date', 'no', 'no'], ['core', 'shareapi_expire_after_n_days', '7', '7'], @@ -188,7 +188,7 @@ public function testGetFormWithExcludedGroups() { 'restrictUserEnumerationFullMatch' => 'yes', 'restrictUserEnumerationFullMatchUserId' => 'yes', 'restrictUserEnumerationFullMatchEmail' => 'yes', - 'restrictUserEnumerationFullMatchIgnoreSecondDisplayName' => 'no', + 'restrictUserEnumerationFullMatchIgnoreSecondDN' => 'no', 'enforceLinkPassword' => false, 'onlyShareWithGroupMembers' => false, 'shareAPIEnabled' => 'yes', diff --git a/build/integration/features/bootstrap/CollaborationContext.php b/build/integration/features/bootstrap/CollaborationContext.php index 8f13e3f02f1c8..8deda86c2c33b 100644 --- a/build/integration/features/bootstrap/CollaborationContext.php +++ b/build/integration/features/bootstrap/CollaborationContext.php @@ -71,7 +71,7 @@ protected function resetAppConfigs(): void { $this->deleteServerConfig('core', 'shareapi_restrict_user_enumeration_full_match'); $this->deleteServerConfig('core', 'shareapi_restrict_user_enumeration_full_match_userid'); $this->deleteServerConfig('core', 'shareapi_restrict_user_enumeration_full_match_email'); - $this->deleteServerConfig('core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_display_name'); + $this->deleteServerConfig('core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_dn'); $this->deleteServerConfig('core', 'shareapi_only_share_with_group_members'); } diff --git a/lib/private/Collaboration/Collaborators/UserPlugin.php b/lib/private/Collaboration/Collaborators/UserPlugin.php index 49b7a3caac412..91e3a1ef49e99 100644 --- a/lib/private/Collaboration/Collaborators/UserPlugin.php +++ b/lib/private/Collaboration/Collaborators/UserPlugin.php @@ -95,7 +95,7 @@ public function __construct(IConfig $config, $this->shareeEnumerationFullMatch = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match', 'yes') === 'yes'; $this->shareeEnumerationFullMatchUserId = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_userid', 'yes') === 'yes'; $this->shareeEnumerationFullMatchEmail = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_email', 'yes') === 'yes'; - $this->shareeEnumerationFullMatchIgnoreSecondDisplayName = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_display_name', 'no') === 'yes'; + $this->shareeEnumerationFullMatchIgnoreSecondDisplayName = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_dn', 'no') === 'yes'; } public function search($search, $limit, $offset, ISearchResult $searchResult) { diff --git a/lib/private/Share20/Manager.php b/lib/private/Share20/Manager.php index e17bb7ee79d0f..e28f0c38bf361 100644 --- a/lib/private/Share20/Manager.php +++ b/lib/private/Share20/Manager.php @@ -1912,6 +1912,14 @@ public function allowEnumerationFullMatch(): bool { return $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match', 'yes') === 'yes'; } + public function matchEmail(): bool { + return $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_email', 'yes') === 'yes'; + } + + public function ignoreSecondDisplayName(): bool { + return $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_dn', 'no') === 'yes'; + } + /** * Copied from \OC_Util::isSharingDisabledForUser * diff --git a/lib/public/Share/IManager.php b/lib/public/Share/IManager.php index bad3af6837fbc..f1ca9ff8a01f6 100644 --- a/lib/public/Share/IManager.php +++ b/lib/public/Share/IManager.php @@ -449,6 +449,22 @@ public function limitEnumerationToPhone(): bool; */ public function allowEnumerationFullMatch(): bool; + /** + * Check if the search should match the email + * + * @return bool + * @since 22.2.10 + */ + public function matchEmail(): bool; + + /** + * Check if the search should ignore the second in parentheses display name if there is any + * + * @return bool + * @since 22.2.10 + */ + public function ignoreSecondDisplayName(): bool; + /** * Check if sharing is disabled for the given user * diff --git a/tests/lib/Collaboration/Collaborators/UserPluginTest.php b/tests/lib/Collaboration/Collaborators/UserPluginTest.php index 2b7a08fe4e1ac..8987c8be6f677 100644 --- a/tests/lib/Collaboration/Collaborators/UserPluginTest.php +++ b/tests/lib/Collaboration/Collaborators/UserPluginTest.php @@ -657,7 +657,7 @@ public function dataSearchEnumeration() { [ 'core' => [ 'shareapi_allow_share_dialog_user_enumeration' => 'no', - 'shareapi_restrict_user_enumeration_full_match_ignore_second_display_name' => 'yes', + 'shareapi_restrict_user_enumeration_full_match_ignore_second_dn' => 'yes', ], ] ], From 30d72b5a1faacd1c23a1c41af72d04bac317e4a1 Mon Sep 17 00:00:00 2001 From: Louis Chemineau Date: Thu, 7 Jul 2022 12:47:23 +0200 Subject: [PATCH 8/8] Restore enforceLinkPassword Signed-off-by: Louis Chemineau --- apps/settings/lib/Settings/Admin/Sharing.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/apps/settings/lib/Settings/Admin/Sharing.php b/apps/settings/lib/Settings/Admin/Sharing.php index 2758b71c2f615..072f3d12fe46f 100644 --- a/apps/settings/lib/Settings/Admin/Sharing.php +++ b/apps/settings/lib/Settings/Admin/Sharing.php @@ -86,13 +86,12 @@ public function getForm() { 'restrictUserEnumerationToGroup' => $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no'), 'restrictUserEnumerationToPhone' => $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_phone', 'no'), 'restrictUserEnumerationFullMatch' => $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match', 'yes'), - '' => Util::isPublicLinkPasswordRequired(false), + 'enforceLinkPassword' => Util::isPublicLinkPasswordRequired(false), 'passwordExcludedGroups' => $excludedPasswordGroupsList, 'passwordExcludedGroupsFeatureEnabled' => $this->config->getSystemValueBool('sharing.allow_disabled_password_enforcement_groups', false), 'restrictUserEnumerationFullMatchUserId' => $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_userid', 'yes'), 'restrictUserEnumerationFullMatchEmail' => $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_email', 'yes'), 'restrictUserEnumerationFullMatchIgnoreSecondDN' => $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_dn', 'no'), - 'enforceLinkPassword' => Util::isPublicLinkPasswordRequired(), 'onlyShareWithGroupMembers' => $this->shareManager->shareWithGroupMembersOnly(), 'shareAPIEnabled' => $this->config->getAppValue('core', 'shareapi_enabled', 'yes'), 'shareDefaultExpireDateSet' => $this->config->getAppValue('core', 'shareapi_default_expire_date', 'no'),