share by email, resolve existing users by email

[felixboehm]

Follow up of

• Restrictions & Guest-App dilemma guests#81
• Creating a share for an existing mail address should share with that user instead guests#65

Creating a share entering a mail address that already exists for a user currently does not work and does not throw an error.

Needs core enhancements.

• Core changes to add sharing via mail Extend accounts table for custom search attributes #27832; needs testing

[felixboehm]

more concept will come from @pmaier1

[pmaier1]

Added concept.

[PVince81]

instead user3 configures the mail address of user2 in his personal settings

this is not possible, email addresses need to be verified since 10.0.0

[pmaier1]

this is not possible, email addresses need to be verified since 10.0.0

Sorry, bad example. Imported mail addresses from other user backends (e.g. LDAP) are not verified.

[PVince81]

but user2 as a regular user should not be able to modify their LDAP email address. Only an admin can. If an admin is malicious then it's already game over

[felixboehm]

Ok. So I can trust AD and internal emails. That makes it more easy.

[pmaier1]

👍 removed unnecessary stuff from top post

[felixboehm]

Needs splitting of option for restricting to share only with users in same groups

[pmaier1]

Needs splitting of option for restricting to share only with users in same groups

#27849

[pmaier1]

As we apparently don't require mail addresses to be unique: What will happen in the case when one address belongs to more than one user? At least we would need an error message for that.

[PVince81]

@IljaN @tomneedham do you know ? ^

[PVince81]

With @tomneedham's PR I was able to find the existing guest user by typing in the email address in the share autocomplete field: #27832 (comment)

Regarding uniqueness: in the guest dialog if you type an email from an already existing user the dialog doesn't save. Fails with 422 Unprocessable Entity. So I think some backend is already detecting this case. Needs more graceful handling in the guests app.

[PVince81]

That is, unless we want the guest share dialog to be clever and succeeds by simply creating a share instead of doing the email sending thing. But this could be more confusing because the dialog currently contains a user name as typed by the user. From my understanding all these UX changes (graceful duplicate handling) should be doable from inside the guests app.

[PVince81]

needs retesting with the new PR #27906 as the previous one was closed

[tomneedham]

• I created two regular users
• I set them to have the same email address
• I enabled the guests app
• I used a third regular user and created a share with a guest
• I entered the same email address
• A guest was created with this same email address
• The guest gets an email asking them to set their password
• The guest cannot login because their email is not unique - they can only login by their user_id which is not know to the guest

-> We should not create a guest account here if an account with the same email is detected
-> If just one account is foudn with that email, share with that user (this is a strange case, since you can now search for users based on email without the need for the guests app)

[tomneedham]

We could solve this by exposing the generated userid to the user in their welcome/invite email here: https://github.com/owncloud/guests/blob/master/templates/mail/altinvite.php#L21

[tomneedham]

But since I think this more of an edge case, it is nicer for these guests to login with their email, so we should add a check here (https://github.com/owncloud/guests/blob/master/controller/userscontroller.php#L104) for $manager->getByEmail() and count the results.

[PVince81]

@tomneedham weird... this worked fine with your previous PR

[PVince81]

Ok maybe not the exact same case. I tried to share with an existing guest and typing the guest name or his address in the share autocomplete properly found that user (with your old PR, didn't test with the new one)

[pmaier1]

-> We should not create a guest account here if an account with the same email is detected

Exactly. Instead we should share with the existing user if the address is unique as you said below.

-> If just one account is foudn with that email, share with that user (this is a strange case, since you can now search for users based on email without the need for the guests app)

Yes, somehow this is strange but if the user doesn't search for the mail address and doesn't know the username or if the user already has an account this is really needed to prevent duplicates. Still, if the address is not unique we need a handle.

We could solve this by exposing the generated userid to the user in their welcome/invite email here:

Hmm, would be a possibility to solve the login issue but not really nice.
So in the case where two users have identical addresses and I want to share using that address

• for sharing dialog autocompletion we could
  a) display both and let the user decide according to display names or
  b) we don't display any and make it impossible to share via mail address
  -> a) looks like better UX
• for the guests app I can currently only imagine an error message saying that the file/folder could not be shared since the address is in the system but not unique and point the user to the sharing dialog to be able to choose depending on the decision for the autocompletion, of course. Also not a good user experience though.. Any ideas?

[PVince81]

@tomneedham the login controller already has a check to count the emails, no need to add one: https://github.com/owncloud/core/blob/master/core/Controller/LoginController.php#L189

[PVince81]

Let's go with the following for now:

• sharing autocomplete must allow typing in an email or part of it and find local users and also guest users, this is already achieved by @tomneedham's PR but needs to be retested: User backend extendable account searching #27906
• display both results in share dialog if multiple users have the same email, I assume this is covered by @tomneedham's PR already, needs checking
• guest dialog must not allow setting email address if already exists: to be solved on the guest app side: Restrictions & Guest-App dilemma guests#81. Display an error and advise that the user can type in this email in the search field in the share panel. (they already come from it so it's still open).
  • optional / later: Automatically creating the share from the guest app would be nicer UX, but only if there is a single email address in the system. Duplicates should rather display an error as we don't want to add more UI elements in the guest dialog to pick the user for this corner case.

[PVince81]

Share to existing guest email doesn't seem to work in the new PR, #27906 (comment)

[tomneedham]

display both results in share dialog if multiple users have the same email, I assume this is covered by > @tomneedham's PR already, needs checking

tested and this works

[PVince81]

PR was merged #27906, needs retesting for the core pieces (sharing by email)

[PVince81]

Just tested OC 10.0.1RC3 EE with guest app. Sharing to existing guest email works, the autocomplete shows an entry with the guest user name.

When two users have the same email, both appear in the suggested list when typing in their email.

All core things work now. Guest app specific validation to be solved as part of owncloud/guests#81

[lock]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.