Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enhance privacy of contactsmenu fixes #5107 #5585

Merged
merged 8 commits into from
Sep 18, 2017
Merged

Conversation

LEDfan
Copy link
Member

@LEDfan LEDfan commented Jul 2, 2017

This filter outs all contacts which shouldn't be visible according to the rules in #5107.

@codecov
Copy link

codecov bot commented Jul 2, 2017

Codecov Report

Merging #5585 into master will decrease coverage by 16.42%.
The diff coverage is 0%.

@@              Coverage Diff              @@
##             master    #5585       +/-   ##
=============================================
- Coverage     53.44%   37.01%   -16.43%     
- Complexity    22542    22552       +10     
=============================================
  Files          1408     1408               
  Lines         87206    87233       +27     
  Branches       1328     1328               
=============================================
- Hits          46604    32291    -14313     
- Misses        40602    54942    +14340
Impacted Files Coverage Δ Complexity Δ
...ib/private/Contacts/ContactsMenu/ContactsStore.php 0% <0%> (-92.31%) 34 <10> (+10)
apps/files/lib/Activity/Settings/FileFavorite.php 0% <0%> (-100%) 8% <0%> (ø)
apps/sharebymail/lib/Settings.php 0% <0%> (-100%) 3% <0%> (ø)
lib/private/Files/SimpleFS/SimpleFolder.php 0% <0%> (-100%) 11% <0%> (ø)
core/Command/TwoFactorAuth/Disable.php 0% <0%> (-100%) 4% <0%> (ø)
core/Command/TwoFactorAuth/Enable.php 0% <0%> (-100%) 4% <0%> (ø)
apps/federation/lib/Hooks.php 0% <0%> (-100%) 4% <0%> (ø)
...ddleware/Security/Exceptions/NotAdminException.php 0% <0%> (-100%) 1% <0%> (ø)
...pps/files/lib/Activity/Settings/FavoriteAction.php 0% <0%> (-100%) 8% <0%> (ø)
settings/Activity/SecurityFilter.php 0% <0%> (-100%) 7% <0%> (ø)
... and 482 more

Copy link
Member

@ChristophWurst ChristophWurst left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some early feedback. I haven't had a closer look yet, nor did I test this. Will do ASAP.
Thanks!

* 1. filter the current user
* 2. if the `shareapi_exclude_groups` config option is enabled and the
* current user is in an excluded group it will filter all local users.
* 3. if the ``shareapi_only_share_with_group_members config option is
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should be

`shareapi_only_share_with_group_members`

I guess

* @return array the filtered contacts
*/
private function filterContacts(IUser $self, Array $entries) {
$excludedGroups = $this->config->getAppValue('core', 'shareapi_exclude_groups', 'no') === 'yes' ? true : false;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

? true : false is not necessary, the === check will already result in a boolean value.

$excludedGroups = $this->config->getAppValue('core', 'shareapi_exclude_groups', 'no') === 'yes' ? true : false;

$skipLocal = false; // whether to filter out local users
$ownGroupsOnly = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members', 'no') === 'yes' ? true : false; // whether to filter out all users which doesn't have the same group as the current user
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same as above

@LEDfan LEDfan force-pushed the contacts_menu_privacy branch from f10cd5b to 6b79567 Compare July 8, 2017 06:04
@rotanid
Copy link

rotanid commented Aug 3, 2017

milestone nextcloud 13?? i would definitely call this serious privacy problem a regression that has to be fixed with the next maintenance release.

Copy link
Member

@ChristophWurst ChristophWurst left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested and works as expected. Thanks a lot 👍

I've left some comments regarding coding style.

* enabled it will filter all users which doens't have a common group
* with the current user.
* @param IUser $self
* @param $entries Entry[]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should be @param Entry[] $entries

* @param $entries Entry[]
* @return array the filtered contacts
*/
private function filterContacts(IUser $self, Array $entries) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

array instead of Array

* with the current user.
* @param IUser $self
* @param $entries Entry[]
* @return array the filtered contacts
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@return Entry[]

private function filterContacts(IUser $self, Array $entries) {
$excludedGroups = $this->config->getAppValue('core', 'shareapi_exclude_groups', 'no') === 'yes';

$skipLocal = false; // whether to filter out local users
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

move inline comments to a new line please

}

public function testGetContactsOnlyIfInTheSameGroup() {
$this->config->expects($this->at(0)) ->method('getAppValue')
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

great to have this tested 👍

@LEDfan
Copy link
Member Author

LEDfan commented Aug 5, 2017

@ChristophWurst I addressed your issues, thanks for testing.

@rotanid I do agree with you.
@karlitschek should this be backported to 12?

@karlitschek
Copy link
Member

i think this should be backported

@LEDfan
Copy link
Member Author

LEDfan commented Aug 6, 2017

I just realized that the ContactsStore API probably should be public, so apps who interact with the contacts menu knows which contacts are available in the menu. E.g. in the Chat app we want to limit chatting to the users available in the Contacts menu (i.e. filtered by this PR)

An alternative way could be to move the filtering to the ContactsManager API.

What do you think?

@LEDfan LEDfan force-pushed the contacts_menu_privacy branch from 60b961f to 3253e11 Compare August 14, 2017 09:47
@LEDfan
Copy link
Member Author

LEDfan commented Aug 14, 2017

@ChristophWurst I fixed a bug and also updated the findOne method because that wasn't filtered already.

@LEDfan
Copy link
Member Author

LEDfan commented Aug 31, 2017

@MorrisJobke @LukasReschke @blizzz @rullzer @schiessle @nickvergessen @georgehrke Excuse me for pinging you all 😄 , but can someone please review this? There are many people asking for this.

Also please point out your opinion about #5585 (comment) and #5107 (comment)

Thanks!

@LukasReschke LukasReschke self-assigned this Sep 15, 2017
@LukasReschke
Copy link
Member

I'll review this and additionally revert 56a9084 in here and add the handling here itself.

 - Groups, which are excluded from sharing should not see local users at all
 - If sharing is restricted to users own groups, he should only see contacts from his groups:

Signed-off-by: Tobia De Koninck <tobia@ledfan.be>
Signed-off-by: Tobia De Koninck <tobia@ledfan.be>
Signed-off-by: Tobia De Koninck <tobia@ledfan.be>
Signed-off-by: Tobia De Koninck <tobia@ledfan.be>
Signed-off-by: Tobia De Koninck <tobia@ledfan.be>
…ption + fix findOne

Signed-off-by: Tobia De Koninck <tobia@ledfan.be>
@LukasReschke
Copy link
Member

Rebased upon master.

This adjusts the contacts menu to also support searching by email address which is relevant in scenarios where no UID is known such as LDAP, etc.

Furthermore, if `shareapi_allow_share_dialog_user_enumeration` is disabled only results are shown that match the full user ID or email address.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
@LukasReschke
Copy link
Member

I added 5896176...705432c, in particular:

  • Searching for email addresses with shareapi_allow_share_dialog_user_enumeration is now possible again as it was in stable11:

screen shot 2017-09-15 at 16 02 36

screen shot 2017-09-15 at 16 02 42

  • The contacts menu in the top right show contacts if a full UID or the full email has been searched for:

screen shot 2017-09-15 at 16 03 41

screen shot 2017-09-15 at 16 03 35

Note that the search is on "UID" and "EMAIL". So "FN" is not searched.

Copy link
Member

@LukasReschke LukasReschke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Works 👍

Copy link
Member

@danxuliu danxuliu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CI complains because reverted commit was not signed, but as it is a revert commit it is not a big deal.

Tested and works; code looks good (but, please, next time do not mix code style changes and behaviour changes in the same commit!) 👍

@LEDfan
Copy link
Member Author

LEDfan commented Sep 16, 2017

@LukasReschke thanks for taking care of this!

Note that the search is on "UID" and "EMAIL". So "FN" is not searched.

Is there a reason for? E.g. on LDAP you as user would know the FN but not the UID?

@LukasReschke
Copy link
Member

LukasReschke commented Sep 16, 2017

Is there a reason for? E.g. on LDAP you as user would know the FN but not the UID?

Mainly because we have a business requirement requiring this behaviour: Filtering via UID / EMAIL should be possible but for whatever reason filtering to FN shouldn't be possible.

cc @oparoz Or would filtering for complete FN here also be acceptable? Your call 😉

@MorrisJobke MorrisJobke merged commit 8b1eaba into master Sep 18, 2017
@MorrisJobke MorrisJobke deleted the contacts_menu_privacy branch September 18, 2017 12:25
@LukasReschke
Copy link
Member

Backport at #6554

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

8 participants