New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Privacy - Auto-Complete with emails from the instance #171

Closed
pierreozoux opened this Issue Oct 31, 2016 · 11 comments

Comments

Projects
None yet
3 participants
@pierreozoux
Copy link
Member

pierreozoux commented Oct 31, 2016

I run a shared instance.
when people put an email in the "to" field, they get suggestion from the full instance.

I think it might good to have a parameter that would deactivate this feature.
(This is currently a privacy issue for me)

As reported here:
https://forum.indie.host/t/question-about-the-webmail/172

@ChristophWurst

This comment has been minimized.

Copy link
Member

ChristophWurst commented Oct 31, 2016

This should definitely not happen. The intention is that a user sees only addresses they have used themselves. Nothing should be shared there.

public function findMatching($userId, $query) {
$sql = 'SELECT * FROM *PREFIX*mail_collected_addresses WHERE `user_id` = ? AND `email` ILIKE ?';
$params = [
$userId,
'%' . $query . '%',
];
return $this->findEntities($sql, $params);
}
should scope the search to only find addresses that belong to the current user.

@ChristophWurst ChristophWurst self-assigned this Oct 31, 2016

@ChristophWurst ChristophWurst added this to the 0.6.1 milestone Oct 31, 2016

@ChristophWurst

This comment has been minimized.

Copy link
Member

ChristophWurst commented Nov 4, 2016

On a second thought, do you know where the a auto-completed recipient came from? Was it a collected address from the DB, or maybe take from the contacts integration?
I've tried with collected addresses and could not reproduce the described problem.

@ChristophWurst

This comment has been minimized.

Copy link
Member

ChristophWurst commented Dec 7, 2016

Ping? :-)

@ChristophWurst ChristophWurst modified the milestones: 0.7, 0.6.2 Dec 7, 2016

@pierreozoux

This comment has been minimized.

Copy link
Member Author

pierreozoux commented Dec 8, 2016

Thanks to keep an eye on this (sorry I was out of time..).
It is from the full database of users.

But I could actually reproduce the "bug" (Or misconfiguration) from the "files" app. When I hit share, it proposes me the full database too.

There is definetely something funny with my configuration, and not necessarly the mail app.

@ChristophWurst

This comment has been minimized.

Copy link
Member

ChristophWurst commented Dec 8, 2016

But I could actually reproduce the "bug" (Or misconfiguration) from the "files" app. When I hit share, it proposes me the full database too.

Could you please file an issue at https://github.com/nextcloud/server/issues/new?

There is definetely something funny with my configuration, and not necessarly the mail app.

Could you maybe try to reproduce this bug on a fresh installation? I was unable to reproduce this here.

@ChristophWurst ChristophWurst removed their assignment Dec 12, 2016

@HeikoBei

This comment has been minimized.

Copy link

HeikoBei commented Jun 26, 2017

I have the same problem, but only in the email app.
It seems that the mail client searches in the "accounts"-table as well as in the 'mail_collected_adresses' table.

That's bad because there are users on my system who must not see each other.

I checked it in NC 11.03, mail version 0.6.4 and did a quick check on a newly installed NC 12 same mail version, the result was the same.
Is there a way to search only the table mail_collected_addresses and not include the system accounts ?
Thanks in advance

@ChristophWurst

This comment has been minimized.

Copy link
Member

ChristophWurst commented Jun 26, 2017

@HeikoBei sounds like what I've fixed in nextcloud/server#4757 (the contacts menu uses the same data source as the auto completion here).

@HeikoBei

This comment has been minimized.

Copy link

HeikoBei commented Jun 27, 2017

I see, the changes were made in NC 12.

I'm still using NC 11.0.3 therefore I made the modifications to apps/dav/appinfo/app.php the way you did in nextcloud/server#4757.

Now I don't have autocompletion at all in the mail module, but that's ok for now.
As soon as I find the time to do the update to NC 12, the problem will be fixed anyway.

Thanks Christoph

@ChristophWurst

This comment has been minimized.

Copy link
Member

ChristophWurst commented Jun 27, 2017

I'm closing this issue now since it has been resolved. Note that NC12 is required though.

@pierreozoux

This comment has been minimized.

Copy link
Member Author

pierreozoux commented Jan 24, 2018

@ChristophWurst the autocompletion is unchecked and I see again the issue.

running NC 12.0.4 and mail 0.7.9

Wondering what happened lately? (I confirm that it was fixed with removing autocompletion)

@pierreozoux pierreozoux reopened this Jan 24, 2018

@ChristophWurst

This comment has been minimized.

Copy link
Member

ChristophWurst commented Jan 24, 2018

@pierreozoux please file a new ticket for this regression. Thanks!

@nextcloud nextcloud locked and limited conversation to collaborators Jan 24, 2018

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.