mirror of
https://github.com/nextcloud/server.git
synced 2026-06-11 17:52:02 -04:00
269 lines
8.8 KiB
PHP
269 lines
8.8 KiB
PHP
<?php
|
|
|
|
/**
|
|
* SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors
|
|
* SPDX-License-Identifier: AGPL-3.0-or-later
|
|
*/
|
|
|
|
namespace OC\Collaboration\Collaborators;
|
|
|
|
use OC\KnownUser\KnownUserService;
|
|
use OCP\Collaboration\Collaborators\ISearchPlugin;
|
|
use OCP\Collaboration\Collaborators\ISearchResult;
|
|
use OCP\Collaboration\Collaborators\SearchResultType;
|
|
use OCP\Contacts\IManager;
|
|
use OCP\Federation\ICloudId;
|
|
use OCP\Federation\ICloudIdManager;
|
|
use OCP\IConfig;
|
|
use OCP\IGroupManager;
|
|
use OCP\IUser;
|
|
use OCP\IUserManager;
|
|
use OCP\IUserSession;
|
|
use OCP\Mail\IEmailValidator;
|
|
use OCP\Share\IShare;
|
|
use RuntimeException;
|
|
|
|
class MailPlugin implements ISearchPlugin {
|
|
protected bool $shareWithGroupOnly;
|
|
|
|
protected bool $shareeEnumeration;
|
|
|
|
protected bool $shareeEnumerationInGroupOnly;
|
|
|
|
protected bool $shareeEnumerationPhone;
|
|
|
|
protected bool $shareeEnumerationFullMatch;
|
|
|
|
protected bool $shareeEnumerationFullMatchEmail;
|
|
|
|
public function __construct(
|
|
private IManager $contactsManager,
|
|
private ICloudIdManager $cloudIdManager,
|
|
private IConfig $config,
|
|
private IGroupManager $groupManager,
|
|
private KnownUserService $knownUserService,
|
|
private IUserSession $userSession,
|
|
private IEmailValidator $emailValidator,
|
|
private IUserManager $userManager,
|
|
private mixed $shareWithGroupOnlyExcludeGroupsList,
|
|
private int $shareType,
|
|
) {
|
|
$this->shareeEnumeration = $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') === 'yes';
|
|
$this->shareWithGroupOnly = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members', 'no') === 'yes';
|
|
$this->shareeEnumerationInGroupOnly = $this->shareeEnumeration && $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no') === 'yes';
|
|
$this->shareeEnumerationPhone = $this->shareeEnumeration && $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_phone', 'no') === 'yes';
|
|
$this->shareeEnumerationFullMatch = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match', 'yes') === 'yes';
|
|
$this->shareeEnumerationFullMatchEmail = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_email', 'yes') === 'yes';
|
|
|
|
if ($this->shareWithGroupOnly) {
|
|
$this->shareWithGroupOnlyExcludeGroupsList = json_decode($this->config->getAppValue('core', 'shareapi_only_share_with_group_members_exclude_group_list', ''), true) ?? [];
|
|
}
|
|
}
|
|
|
|
/**
|
|
* {@inheritdoc}
|
|
*/
|
|
#[\Override]
|
|
public function search($search, $limit, $offset, ISearchResult $searchResult): bool {
|
|
if ($this->shareeEnumerationFullMatch && !$this->shareeEnumerationFullMatchEmail) {
|
|
return false;
|
|
}
|
|
|
|
// Extract the email address from "Foo Bar <foo.bar@example.tld>" and then search with "foo.bar@example.tld" instead
|
|
if (preg_match('/<([^@]+@.+)>$/', $search, $matches) && filter_var($matches[1], FILTER_VALIDATE_EMAIL)) {
|
|
$search = $matches[1];
|
|
}
|
|
|
|
$currentUserId = $this->userSession->getUser()->getUID();
|
|
$userGroups = null;
|
|
|
|
$hasMore = false;
|
|
$count = 0;
|
|
$results = ['wide' => [], 'exact' => []];
|
|
$type = match ($this->shareType) {
|
|
IShare::TYPE_USER => new SearchResultType('users'),
|
|
IShare::TYPE_EMAIL => new SearchResultType('emails'),
|
|
default => throw new RuntimeException(),
|
|
};
|
|
|
|
// Search in contacts
|
|
$addressBookContacts = $this->contactsManager->search(
|
|
$search,
|
|
['EMAIL', 'FN'],
|
|
[
|
|
// We request one more, so we can check if there are more results available
|
|
'limit' => $limit + 1,
|
|
'offset' => $offset,
|
|
'enumeration' => $this->shareeEnumeration,
|
|
'fullmatch' => $this->shareeEnumerationFullMatch,
|
|
]
|
|
);
|
|
$lowerSearch = strtolower($search);
|
|
foreach ($addressBookContacts as $contact) {
|
|
if (!isset($contact['EMAIL'])) {
|
|
continue;
|
|
}
|
|
|
|
$emailAddresses = $contact['EMAIL'];
|
|
if (\is_string($emailAddresses)) {
|
|
$emailAddresses = [$emailAddresses];
|
|
}
|
|
foreach ($emailAddresses as $emailAddress) {
|
|
$displayName = $emailAddress;
|
|
$emailAddressType = null;
|
|
if (\is_array($emailAddress)) {
|
|
$emailAddressData = $emailAddress;
|
|
$emailAddress = $emailAddressData['value'];
|
|
$emailAddressType = $emailAddressData['type'];
|
|
}
|
|
|
|
if (!filter_var($emailAddress, FILTER_VALIDATE_EMAIL)) {
|
|
continue;
|
|
}
|
|
|
|
if (isset($contact['FN'])) {
|
|
$displayName = $contact['FN'] . ' (' . $emailAddress . ')';
|
|
}
|
|
$exactEmailMatch = strtolower($emailAddress) === $lowerSearch;
|
|
|
|
if (isset($contact['isLocalSystemBook'])) {
|
|
$contactUser = $this->userManager->get($contact['UID']);
|
|
if ($contactUser === null) {
|
|
continue;
|
|
}
|
|
|
|
$contactGroups = $this->groupManager->getUserGroupIds($contactUser);
|
|
if ($this->shareWithGroupOnly) {
|
|
$userGroups ??= $this->groupManager->getUserGroupIds($this->userSession->getUser());
|
|
if (array_intersect($contactGroups, array_diff($userGroups, $this->shareWithGroupOnlyExcludeGroupsList)) === []) {
|
|
continue;
|
|
}
|
|
}
|
|
|
|
if ($exactEmailMatch && $this->shareeEnumerationFullMatch) {
|
|
try {
|
|
$cloud = $this->cloudIdManager->resolveCloudId($contact['CLOUD'][0] ?? '');
|
|
} catch (\InvalidArgumentException $e) {
|
|
continue;
|
|
}
|
|
|
|
if ($this->shareType === IShare::TYPE_USER && !$this->isCurrentUser($cloud) && !$searchResult->hasResult($type, $cloud->getUser())) {
|
|
$singleResult = [[
|
|
'label' => $displayName,
|
|
'uuid' => $contact['UID'] ?? $emailAddress,
|
|
'name' => $contact['FN'] ?? $displayName,
|
|
'value' => [
|
|
'shareType' => IShare::TYPE_USER,
|
|
'shareWith' => $cloud->getUser(),
|
|
],
|
|
'shareWithDisplayNameUnique' => !empty($emailAddress) ? $emailAddress : $cloud->getUser()
|
|
]];
|
|
$searchResult->addResultSet($type, [], $singleResult);
|
|
$searchResult->markExactIdMatch($type);
|
|
}
|
|
return false;
|
|
}
|
|
|
|
if ($this->shareeEnumeration && $this->shareType === IShare::TYPE_USER) {
|
|
try {
|
|
if (!isset($contact['CLOUD'])) {
|
|
continue;
|
|
}
|
|
$cloud = $this->cloudIdManager->resolveCloudId($contact['CLOUD'][0] ?? '');
|
|
} catch (\InvalidArgumentException $e) {
|
|
continue;
|
|
}
|
|
$addToWide = !($this->shareeEnumerationInGroupOnly || $this->shareeEnumerationPhone);
|
|
|
|
if (!$addToWide && $this->shareeEnumerationPhone && $this->knownUserService->isKnownToUser($currentUserId, $contact['UID'])) {
|
|
$addToWide = true;
|
|
}
|
|
|
|
if (!$addToWide && $this->shareeEnumerationInGroupOnly) {
|
|
$userGroups ??= $this->groupManager->getUserGroupIds($this->userSession->getUser());
|
|
$addToWide = array_intersect($contactGroups, $userGroups) !== [];
|
|
}
|
|
|
|
if ($addToWide && !$this->isCurrentUser($cloud) && !$searchResult->hasResult($type, $cloud->getUser())) {
|
|
if ($count++ >= $limit) {
|
|
$hasMore = true;
|
|
} else {
|
|
$results['wide'][] = [
|
|
'label' => $displayName,
|
|
'uuid' => $contact['UID'] ?? $emailAddress,
|
|
'name' => $contact['FN'] ?? $displayName,
|
|
'value' => [
|
|
'shareType' => IShare::TYPE_USER,
|
|
'shareWith' => $cloud->getUser(),
|
|
],
|
|
'shareWithDisplayNameUnique' => !empty($emailAddress) ? $emailAddress : $cloud->getUser()
|
|
];
|
|
}
|
|
}
|
|
}
|
|
|
|
continue;
|
|
}
|
|
|
|
if ($this->shareType !== IShare::TYPE_EMAIL) {
|
|
continue;
|
|
}
|
|
|
|
if ($count++ >= $limit) {
|
|
$hasMore = true;
|
|
} elseif ($exactEmailMatch || (isset($contact['FN']) && strtolower($contact['FN']) === $lowerSearch)) {
|
|
if ($exactEmailMatch) {
|
|
$searchResult->markExactIdMatch($type);
|
|
}
|
|
|
|
$results['exact'][] = [
|
|
'label' => $displayName,
|
|
'uuid' => $contact['UID'] ?? $emailAddress,
|
|
'name' => $contact['FN'] ?? $displayName,
|
|
'type' => $emailAddressType ?? '',
|
|
'value' => [
|
|
'shareType' => IShare::TYPE_EMAIL,
|
|
'shareWith' => $emailAddress,
|
|
],
|
|
];
|
|
} else {
|
|
$results['wide'][] = [
|
|
'label' => $displayName,
|
|
'uuid' => $contact['UID'] ?? $emailAddress,
|
|
'name' => $contact['FN'] ?? $displayName,
|
|
'type' => $emailAddressType ?? '',
|
|
'value' => [
|
|
'shareType' => IShare::TYPE_EMAIL,
|
|
'shareWith' => $emailAddress,
|
|
],
|
|
];
|
|
}
|
|
}
|
|
}
|
|
|
|
if ($this->shareType === IShare::TYPE_EMAIL
|
|
&& !$searchResult->hasExactIdMatch($type) && $this->emailValidator->isValid($search)) {
|
|
if ($count++ >= $limit) {
|
|
$hasMore = true;
|
|
} else {
|
|
$results['exact'][] = [
|
|
'label' => $search,
|
|
'uuid' => $search,
|
|
'value' => [
|
|
'shareType' => IShare::TYPE_EMAIL,
|
|
'shareWith' => $search,
|
|
],
|
|
];
|
|
}
|
|
}
|
|
|
|
$searchResult->addResultSet($type, $results['wide'], $results['exact']);
|
|
|
|
return $hasMore;
|
|
}
|
|
|
|
public function isCurrentUser(ICloudId $cloud): bool {
|
|
$currentUser = $this->userSession->getUser();
|
|
return $currentUser instanceof IUser && $currentUser->getUID() === $cloud->getUser();
|
|
}
|
|
}
|