From 1a1e63306f482b6bc7baa6efa46cfdeee317ac21 Mon Sep 17 00:00:00 2001 From: Christian Richter Date: Thu, 28 Mar 2024 11:12:49 +0100 Subject: [PATCH 1/2] mask user emails in search results Signed-off-by: Christian Richter --- .../http/services/owncloud/ocs/config/config.go | 1 + .../handlers/apps/sharing/sharees/sharees.go | 17 +++++++++++++++++ 2 files changed, 18 insertions(+) diff --git a/internal/http/services/owncloud/ocs/config/config.go b/internal/http/services/owncloud/ocs/config/config.go index 554a9eeb3c..031eecf0dc 100644 --- a/internal/http/services/owncloud/ocs/config/config.go +++ b/internal/http/services/owncloud/ocs/config/config.go @@ -47,6 +47,7 @@ type Config struct { ListOCMShares bool `mapstructure:"list_ocm_shares"` Notifications map[string]interface{} `mapstructure:"notifications"` IncludeOCMSharees bool `mapstructure:"include_ocm_sharees"` + ShowEmailInResults bool `mapstructure:"show_email_in_results"` } // Init sets sane defaults diff --git a/internal/http/services/owncloud/ocs/handlers/apps/sharing/sharees/sharees.go b/internal/http/services/owncloud/ocs/handlers/apps/sharing/sharees/sharees.go index e3e3bbbeca..978f3d9666 100644 --- a/internal/http/services/owncloud/ocs/handlers/apps/sharing/sharees/sharees.go +++ b/internal/http/services/owncloud/ocs/handlers/apps/sharing/sharees/sharees.go @@ -40,6 +40,7 @@ type Handler struct { gatewayAddr string additionalInfoAttribute string includeOCMSharees bool + showUserEmailInResults bool } // Init initializes this and any contained handlers @@ -47,6 +48,7 @@ func (h *Handler) Init(c *config.Config) { h.gatewayAddr = c.GatewaySvc h.additionalInfoAttribute = c.AdditionalInfoAttribute h.includeOCMSharees = c.IncludeOCMSharees + h.showUserEmailInResults = c.ShowEmailInResults } // FindSharees implements the /apps/files_sharing/api/v1/sharees endpoint @@ -123,6 +125,21 @@ func (h *Handler) FindSharees(w http.ResponseWriter, r *http.Request) { } } + if !h.showUserEmailInResults { + for _, m := range userMatches { + m.Value.ShareWithAdditionalInfo = m.Value.ShareWith + } + for _, m := range exactUserMatches { + m.Value.ShareWithAdditionalInfo = m.Value.ShareWith + } + for _, m := range groupMatches { + m.Value.ShareWithAdditionalInfo = m.Value.ShareWith + } + for _, m := range exactGroupMatches { + m.Value.ShareWithAdditionalInfo = m.Value.ShareWith + } + } + response.WriteOCSSuccess(w, r, &conversions.ShareeData{ Exact: &conversions.ExactMatchesData{ Users: exactUserMatches, From 84dac71ede840e4de268f4540dc00816085f9bb2 Mon Sep 17 00:00:00 2001 From: Christian Richter Date: Thu, 28 Mar 2024 11:16:56 +0100 Subject: [PATCH 2/2] add changelog Signed-off-by: Christian Richter --- changelog/unreleased/mask-user-email-in-output.md | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 changelog/unreleased/mask-user-email-in-output.md diff --git a/changelog/unreleased/mask-user-email-in-output.md b/changelog/unreleased/mask-user-email-in-output.md new file mode 100644 index 0000000000..d0f1bf1af8 --- /dev/null +++ b/changelog/unreleased/mask-user-email-in-output.md @@ -0,0 +1,7 @@ +Bugfix: Mask user email in output + +We have fixed a bug where the user email was not masked in the output and the user emails could be enumerated through +the sharee search. + +https://github.com/cs3org/reva/pull/4603 +https://github.com/owncloud/ocis/issues/8726 \ No newline at end of file