sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nextcloud-server/apps/user_status/tests/Unit
History
Jonas Meurer 02ce5c8f7d
Respect user enumeration settings in user status lists 
So far, the functions to find user statuses listed didn't respect user
enumeration settings (`shareapi_allow_share_dialog_user_enumeration`
and `shareapi_restrict_user_enumeration_to_group` core app settings).

Fix this privacy issue by returning an empty list in case
`shareapi_allow_share_dialog_user_enumeration` is unset or
`shareapi_restrict_user_enumeration_to_group` is set.

In the long run, we might want to return users from common groups if
`shareapi_restrict_user_enumeration_to_group` is set. It's complicated
to implement this in a way that scales, though. See the discussion at
https://github.com/nextcloud/server/pull/27879#pullrequestreview-753655308
for details.

Also, don't register the user_status dashboard widget at all if
`shareapi_allow_share_dialog_user_enumeration` is unset or
`shareapi_restrict_user_enumeration_to_group` is set.

Fixes: #27122

Signed-off-by: Jonas Meurer <jonas@freesources.org>
 		2021-10-25 10:05:33 +07:00
..
BackgroundJob Increase the timeout of statuses 2020-10-01 08:54:35 +07:00
Connector Provide a PHP Api for UserStatus 2020-08-05 13:48:46 +07:00
Controller Reset the user status when clearing the custom message 2020-09-30 14:12:02 +07:00
Dashboard Format code to a single space around binary operators 2020-10-05 20:25:24 +07:00
Db Don't update statuses to offline again and again 2021-06-07 10:14:35 +07:00
Listener Another test for user live status listener 2020-10-01 21:27:45 +07:00
Service Respect user enumeration settings in user status lists 2021-10-25 10:05:33 +07:00
CapabilitiesTest.php Add user-status app 2020-07-31 16:45:27 +07:00