Use email settings in DAV search

Signed-off-by: Louis Chemineau <louis@chmn.me>
nextcloud · May 31, 2022 · 4f74f3d · 4f74f3d
1 parent 883e6b5
commit 4f74f3d
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 2 deletions.
diff --git a/apps/dav/lib/Connector/Sabre/Principal.php b/apps/dav/lib/Connector/Sabre/Principal.php
@@ -271,6 +271,7 @@ protected function searchUserPrincipals(array $searchProperties, $test = 'allof'
 		$limitEnumerationPhone = $this->shareManager->limitEnumerationToPhone();
 		$allowEnumerationFullMatch = $this->shareManager->allowEnumerationFullMatch();
 		$ignoreSecondDisplayName = $this->shareManager->ignoreSecondDisplayName();
+		$matchEmail = $this->shareManager->matchEmail();
 
 		// If sharing is restricted to group members only,
 		// return only members that have groups in common
@@ -299,7 +300,7 @@ protected function searchUserPrincipals(array $searchProperties, $test = 'allof'
 			switch ($prop) {
 				case '{http://sabredav.org/ns}email-address':
 					if (!$allowEnumeration) {
-						if ($allowEnumerationFullMatch) {
+						if ($allowEnumerationFullMatch && $matchEmail) {
 							$users = $this->userManager->getByEmail($value);
 						} else {
 							$users = [];

diff --git a/apps/dav/tests/unit/Connector/Sabre/PrincipalTest.php b/apps/dav/tests/unit/Connector/Sabre/PrincipalTest.php
@@ -662,6 +662,10 @@ public function testSearchPrincipalWithEnumerationDisabledEmail(): void {
 			->method('allowEnumerationFullMatch')
 			->willReturn(true);
 
+		$this->shareManager->expects($this->once())
+			->method('matchEmail')
+			->willReturn(true);
+
 		$user2 = $this->createMock(IUser::class);
 		$user2->method('getUID')->willReturn('user2');
 		$user2->method('getDisplayName')->willReturn('User 2');

diff --git a/lib/private/Share20/Manager.php b/lib/private/Share20/Manager.php
@@ -1915,6 +1915,10 @@ public function allowEnumerationFullMatch(): bool {
 		return $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match', 'yes') === 'yes';
 	}
 
+	public function matchEmail(): bool {
+		return $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_email', 'yes') === 'yes';
+	}
+
 	public function ignoreSecondDisplayName(): bool {
 		return $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_display_name', 'no') === 'yes';
 	}

diff --git a/lib/public/Share/IManager.php b/lib/public/Share/IManager.php
@@ -448,11 +448,19 @@ public function limitEnumerationToPhone(): bool;
 	 */
 	public function allowEnumerationFullMatch(): bool;
 
+	/**
+	 * Check if the search should match the email
+	 *
+	 * @return bool
+	 * @since 25.0.0
+	 */
+	public function matchEmail(): bool;
+
 	/**
 	 * Check if the search should ignore the second in parentheses display name if there is any
 	 *
 	 * @return bool
-	 * @since 24.0.0
+	 * @since 25.0.0
 	 */
 	public function ignoreSecondDisplayName(): bool;