-
-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Respect user enumeration settings on profile #29559
Merged
nickvergessen
merged 3 commits into
master
from
feat/28139/profile-respect-user-enumeration
Nov 9, 2021
Merged
Respect user enumeration settings on profile #29559
nickvergessen
merged 3 commits into
master
from
feat/28139/profile-respect-user-enumeration
Nov 9, 2021
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Pytal
added
enhancement
3. to review
Waiting for reviews
privacy
feature: profile
PRs or issues related to the Profile feature (e.g. Profile page, API, etc.)
labels
Nov 5, 2021
Pytal
requested review from
juliusknorr and
skjnldsv
and removed request for
a team
November 5, 2021 02:49
Pytal
force-pushed
the
feat/28139/profile-respect-user-enumeration
branch
from
November 5, 2021 02:53
32efe30
to
7f18664
Compare
nickvergessen
requested changes
Nov 5, 2021
Signed-off-by: Christopher Ng <chrng8@gmail.com>
Pytal
force-pushed
the
feat/28139/profile-respect-user-enumeration
branch
from
November 5, 2021 21:33
e8b47b9
to
f4307ef
Compare
nickvergessen
force-pushed
the
feat/28139/profile-respect-user-enumeration
branch
2 times, most recently
from
November 9, 2021 09:02
6001edc
to
2e24912
Compare
Signed-off-by: Joas Schilling <coding@schilljs.com>
nickvergessen
force-pushed
the
feat/28139/profile-respect-user-enumeration
branch
from
November 9, 2021 09:11
2e24912
to
fa036b2
Compare
nickvergessen
approved these changes
Nov 9, 2021
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Brought in my feedback as new commit after talking to Chris about it
skjnldsv
reviewed
Nov 9, 2021
juliusknorr
approved these changes
Nov 9, 2021
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
nickvergessen
added
4. to release
Ready to be released and/or waiting for tests to finish
and removed
3. to review
Waiting for reviews
labels
Nov 9, 2021
Signed-off-by: Joas Schilling <coding@schilljs.com>
nickvergessen
force-pushed
the
feat/28139/profile-respect-user-enumeration
branch
from
November 9, 2021 13:43
df9bbf1
to
3b91e4c
Compare
skjnldsv
approved these changes
Nov 9, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
4. to release
Ready to be released and/or waiting for tests to finish
enhancement
feature: profile
PRs or issues related to the Profile feature (e.g. Profile page, API, etc.)
privacy
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The
shareapi_*
user enumeration settings are already respected and hide profile entrypoints (if needed) in the contacts menu, Avatar menu, and other areas which pass throughfilterContacts
server/lib/private/Contacts/ContactsMenu/ContactsStore.php
Line 150 in e1c2c13
This PR is for when users navigate to a user's profile page directly by the
/u/{userId}
URL and respects the user enumeration settings listed below.shareapi_allow_share_dialog_user_enumeration
shareapi_restrict_user_enumeration_full_match
shareapi_restrict_user_enumeration_to_group
shareapi_restrict_user_enumeration_to_phone
The user's profile will not be displayed and instead show the "Profile not found" error page if restricted by any of these settings.
Contributes to #28139