Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Respect user enumeration settings on profile #29559

Merged
merged 3 commits into from
Nov 9, 2021
Merged

Respect user enumeration settings on profile #29559

merged 3 commits into from
Nov 9, 2021

Conversation

Pytal
Copy link
Member

@Pytal Pytal commented Nov 5, 2021
edited
Loading

The shareapi_* user enumeration settings are already respected and hide profile entrypoints (if needed) in the contacts menu, Avatar menu, and other areas which pass through filterContacts

server/lib/private/Contacts/ContactsMenu/ContactsStore.php

Line 150 in e1c2c13

private function filterContacts(

This PR is for when users navigate to a user's profile page directly by the /u/{userId} URL and respects the user enumeration settings listed below.

  • shareapi_allow_share_dialog_user_enumeration
  • shareapi_restrict_user_enumeration_full_match
  • shareapi_restrict_user_enumeration_to_group
  • shareapi_restrict_user_enumeration_to_phone

The user's profile will not be displayed and instead show the "Profile not found" error page if restricted by any of these settings.

Contributes to #28139

@Pytal Pytal added enhancement 3. to review Waiting for reviews privacy feature: profile PRs or issues related to the Profile feature (e.g. Profile page, API, etc.) labels Nov 5, 2021
@Pytal Pytal added this to the Nextcloud 23 milestone Nov 5, 2021
@Pytal Pytal requested review from nickvergessen and a team November 5, 2021 02:49
@Pytal Pytal self-assigned this Nov 5, 2021
@Pytal Pytal requested review from juliushaertl and skjnldsv and removed request for a team November 5, 2021 02:49
@Pytal Pytal mentioned this pull request Nov 5, 2021
Open
20 tasks
@Pytal Pytal force-pushed the feat/28139/profile-respect-user-enumeration branch from 32efe30 to 7f18664 Compare November 5, 2021 02:53
nickvergessen
nickvergessen requested changes Nov 5, 2021
View reviewed changes
core/Controller/ProfilePageController.php Outdated Show resolved Hide resolved
core/Controller/ProfilePageController.php Outdated Show resolved Hide resolved
@nickvergessen nickvergessen mentioned this pull request Nov 5, 2021
Closed
@Pytal
Respect user enumeration settings on profile
f4307ef 
Signed-off-by: Christopher Ng <chrng8@gmail.com>
@Pytal Pytal force-pushed the feat/28139/profile-respect-user-enumeration branch from e8b47b9 to f4307ef Compare November 5, 2021 21:33
@skjnldsv skjnldsv mentioned this pull request Nov 8, 2021
Merged
23 tasks
@nickvergessen nickvergessen force-pushed the feat/28139/profile-respect-user-enumeration branch 2 times, most recently from 6001edc to 2e24912 Compare November 9, 2021 09:02
@nickvergessen
Move common logic to share manager
fa036b2 
Signed-off-by: Joas Schilling <coding@schilljs.com>
@nickvergessen nickvergessen force-pushed the feat/28139/profile-respect-user-enumeration branch from 2e24912 to fa036b2 Compare November 9, 2021 09:11
nickvergessen
nickvergessen approved these changes Nov 9, 2021
View reviewed changes
Copy link
Member

@nickvergessen nickvergessen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Brought in my feedback as new commit after talking to Chris about it

juliushaertl
juliushaertl approved these changes Nov 9, 2021
View reviewed changes
Copy link
Member

@juliushaertl juliushaertl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@nickvergessen nickvergessen added 4. to release Ready to be released and/or waiting for tests to finish and removed 3. to review Waiting for reviews labels Nov 9, 2021
@nickvergessen
Add unit test for share enumeration method
3b91e4c 
Signed-off-by: Joas Schilling <coding@schilljs.com>
@nickvergessen nickvergessen force-pushed the feat/28139/profile-respect-user-enumeration branch from df9bbf1 to 3b91e4c Compare November 9, 2021 13:43
@nickvergessen nickvergessen merged commit a99efca into master Nov 9, 2021
@nickvergessen nickvergessen deleted the feat/28139/profile-respect-user-enumeration branch November 9, 2021 22:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nickvergessen nickvergessen nickvergessen approved these changes

@juliushaertl juliushaertl juliushaertl approved these changes

@skjnldsv skjnldsv skjnldsv approved these changes

Assignees

@Pytal Pytal

Labels
4. to release Ready to be released and/or waiting for tests to finish enhancement feature: profile PRs or issues related to the Profile feature (e.g. Profile page, API, etc.) privacy
Projects
None yet
Milestone
Nextcloud 23
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@Pytal @nickvergessen @juliushaertl @skjnldsv