UserPlugin.php 10 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2017 Arthur Schiwon <blizzz@arthur-schiwon.de>
  4. *
  5. * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
  6. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  7. * @author Georg Ehrke <oc.list@georgehrke.com>
  8. * @author Joas Schilling <coding@schilljs.com>
  9. * @author John Molakvoæ <skjnldsv@protonmail.com>
  10. * @author Julius Härtl <jus@bitgrid.net>
  11. * @author Morris Jobke <hey@morrisjobke.de>
  12. * @author Robin Appelman <robin@icewind.nl>
  13. * @author Roeland Jago Douma <roeland@famdouma.nl>
  14. * @author Thomas Citharel <nextcloud@tcit.fr>
  15. *
  16. * @license GNU AGPL version 3 or any later version
  17. *
  18. * This program is free software: you can redistribute it and/or modify
  19. * it under the terms of the GNU Affero General Public License as
  20. * published by the Free Software Foundation, either version 3 of the
  21. * License, or (at your option) any later version.
  22. *
  23. * This program is distributed in the hope that it will be useful,
  24. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  25. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  26. * GNU Affero General Public License for more details.
  27. *
  28. * You should have received a copy of the GNU Affero General Public License
  29. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  30. *
  31. */
  32. namespace OC\Collaboration\Collaborators;
  33. use OC\KnownUser\KnownUserService;
  34. use OCP\Collaboration\Collaborators\ISearchPlugin;
  35. use OCP\Collaboration\Collaborators\ISearchResult;
  36. use OCP\Collaboration\Collaborators\SearchResultType;
  37. use OCP\IConfig;
  38. use OCP\IGroupManager;
  39. use OCP\IUser;
  40. use OCP\IUserManager;
  41. use OCP\IUserSession;
  42. use OCP\Share\IShare;
  43. use OCP\UserStatus\IManager as IUserStatusManager;
  44. class UserPlugin implements ISearchPlugin {
  45. protected bool $shareWithGroupOnly;
  46. protected bool $shareeEnumeration;
  47. protected bool $shareeEnumerationInGroupOnly;
  48. protected bool $shareeEnumerationPhone;
  49. protected bool $shareeEnumerationFullMatch;
  50. protected bool $shareeEnumerationFullMatchUserId;
  51. protected bool $shareeEnumerationFullMatchEmail;
  52. protected bool $shareeEnumerationFullMatchIgnoreSecondDisplayName;
  53. public function __construct(
  54. private IConfig $config,
  55. private IUserManager $userManager,
  56. private IGroupManager $groupManager,
  57. private IUserSession $userSession,
  58. private KnownUserService $knownUserService,
  59. private IUserStatusManager $userStatusManager,
  60. private mixed $shareWithGroupOnlyExcludeGroupsList = [],
  61. ) {
  62. $this->shareWithGroupOnly = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members', 'no') === 'yes';
  63. $this->shareeEnumeration = $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') === 'yes';
  64. $this->shareeEnumerationInGroupOnly = $this->shareeEnumeration && $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no') === 'yes';
  65. $this->shareeEnumerationPhone = $this->shareeEnumeration && $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_phone', 'no') === 'yes';
  66. $this->shareeEnumerationFullMatch = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match', 'yes') === 'yes';
  67. $this->shareeEnumerationFullMatchUserId = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_userid', 'yes') === 'yes';
  68. $this->shareeEnumerationFullMatchEmail = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_email', 'yes') === 'yes';
  69. $this->shareeEnumerationFullMatchIgnoreSecondDisplayName = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_dn', 'no') === 'yes';
  70. if ($this->shareWithGroupOnly) {
  71. $this->shareWithGroupOnlyExcludeGroupsList = json_decode($this->config->getAppValue('core', 'shareapi_only_share_with_group_members_exclude_group_list', ''), true) ?? [];
  72. }
  73. }
  74. public function search($search, $limit, $offset, ISearchResult $searchResult): bool {
  75. $result = ['wide' => [], 'exact' => []];
  76. $users = [];
  77. $hasMoreResults = false;
  78. $currentUserId = $this->userSession->getUser()->getUID();
  79. $currentUserGroups = $this->groupManager->getUserGroupIds($this->userSession->getUser());
  80. // ShareWithGroupOnly filtering
  81. $currentUserGroups = array_diff($currentUserGroups, $this->shareWithGroupOnlyExcludeGroupsList);
  82. if ($this->shareWithGroupOnly || $this->shareeEnumerationInGroupOnly) {
  83. // Search in all the groups this user is part of
  84. foreach ($currentUserGroups as $userGroupId) {
  85. $usersInGroup = $this->groupManager->displayNamesInGroup($userGroupId, $search, $limit, $offset);
  86. foreach ($usersInGroup as $userId => $displayName) {
  87. $userId = (string) $userId;
  88. $user = $this->userManager->get($userId);
  89. if (!$user->isEnabled()) {
  90. // Ignore disabled users
  91. continue;
  92. }
  93. $users[$userId] = $user;
  94. }
  95. if (count($usersInGroup) >= $limit) {
  96. $hasMoreResults = true;
  97. }
  98. }
  99. if (!$this->shareWithGroupOnly && $this->shareeEnumerationPhone) {
  100. $usersTmp = $this->userManager->searchKnownUsersByDisplayName($currentUserId, $search, $limit, $offset);
  101. if (!empty($usersTmp)) {
  102. foreach ($usersTmp as $user) {
  103. if ($user->isEnabled()) { // Don't keep deactivated users
  104. $users[$user->getUID()] = $user;
  105. }
  106. }
  107. uasort($users, function ($a, $b) {
  108. /**
  109. * @var \OC\User\User $a
  110. * @var \OC\User\User $b
  111. */
  112. return strcasecmp($a->getDisplayName(), $b->getDisplayName());
  113. });
  114. }
  115. }
  116. } else {
  117. // Search in all users
  118. if ($this->shareeEnumerationPhone) {
  119. $usersTmp = $this->userManager->searchKnownUsersByDisplayName($currentUserId, $search, $limit, $offset);
  120. } else {
  121. $usersTmp = $this->userManager->searchDisplayName($search, $limit, $offset);
  122. }
  123. foreach ($usersTmp as $user) {
  124. if ($user->isEnabled()) { // Don't keep deactivated users
  125. $users[$user->getUID()] = $user;
  126. }
  127. }
  128. }
  129. $this->takeOutCurrentUser($users);
  130. if (!$this->shareeEnumeration || count($users) < $limit) {
  131. $hasMoreResults = true;
  132. }
  133. $foundUserById = false;
  134. $lowerSearch = strtolower($search);
  135. $userStatuses = $this->userStatusManager->getUserStatuses(array_keys($users));
  136. foreach ($users as $uid => $user) {
  137. $userDisplayName = $user->getDisplayName();
  138. $userEmail = $user->getSystemEMailAddress();
  139. $uid = (string) $uid;
  140. $status = [];
  141. if (array_key_exists($uid, $userStatuses)) {
  142. $userStatus = $userStatuses[$uid];
  143. $status = [
  144. 'status' => $userStatus->getStatus(),
  145. 'message' => $userStatus->getMessage(),
  146. 'icon' => $userStatus->getIcon(),
  147. 'clearAt' => $userStatus->getClearAt()
  148. ? (int)$userStatus->getClearAt()->format('U')
  149. : null,
  150. ];
  151. }
  152. if (
  153. $this->shareeEnumerationFullMatch &&
  154. $lowerSearch !== '' && (strtolower($uid) === $lowerSearch ||
  155. strtolower($userDisplayName) === $lowerSearch ||
  156. ($this->shareeEnumerationFullMatchIgnoreSecondDisplayName && trim(strtolower(preg_replace('/ \(.*\)$/', '', $userDisplayName))) === $lowerSearch) ||
  157. ($this->shareeEnumerationFullMatchEmail && strtolower($userEmail ?? '') === $lowerSearch))
  158. ) {
  159. if (strtolower($uid) === $lowerSearch) {
  160. $foundUserById = true;
  161. }
  162. $result['exact'][] = [
  163. 'label' => $userDisplayName,
  164. 'subline' => $status['message'] ?? '',
  165. 'icon' => 'icon-user',
  166. 'value' => [
  167. 'shareType' => IShare::TYPE_USER,
  168. 'shareWith' => $uid,
  169. ],
  170. 'shareWithDisplayNameUnique' => !empty($userEmail) ? $userEmail : $uid,
  171. 'status' => $status,
  172. ];
  173. } else {
  174. $addToWideResults = false;
  175. if ($this->shareeEnumeration &&
  176. !($this->shareeEnumerationInGroupOnly || $this->shareeEnumerationPhone)) {
  177. $addToWideResults = true;
  178. }
  179. if ($this->shareeEnumerationPhone && $this->knownUserService->isKnownToUser($currentUserId, $user->getUID())) {
  180. $addToWideResults = true;
  181. }
  182. if (!$addToWideResults && $this->shareeEnumerationInGroupOnly) {
  183. $commonGroups = array_intersect($currentUserGroups, $this->groupManager->getUserGroupIds($user));
  184. if (!empty($commonGroups)) {
  185. $addToWideResults = true;
  186. }
  187. }
  188. if ($addToWideResults) {
  189. $result['wide'][] = [
  190. 'label' => $userDisplayName,
  191. 'subline' => $status['message'] ?? '',
  192. 'icon' => 'icon-user',
  193. 'value' => [
  194. 'shareType' => IShare::TYPE_USER,
  195. 'shareWith' => $uid,
  196. ],
  197. 'shareWithDisplayNameUnique' => !empty($userEmail) ? $userEmail : $uid,
  198. 'status' => $status,
  199. ];
  200. }
  201. }
  202. }
  203. if ($this->shareeEnumerationFullMatch && $this->shareeEnumerationFullMatchUserId && $offset === 0 && !$foundUserById) {
  204. // On page one we try if the search result has a direct hit on the
  205. // user id and if so, we add that to the exact match list
  206. $user = $this->userManager->get($search);
  207. if ($user instanceof IUser) {
  208. $addUser = true;
  209. if ($this->shareWithGroupOnly) {
  210. // Only add, if we have a common group
  211. $commonGroups = array_intersect($currentUserGroups, $this->groupManager->getUserGroupIds($user));
  212. $addUser = !empty($commonGroups);
  213. }
  214. if ($addUser) {
  215. $status = [];
  216. $uid = $user->getUID();
  217. $userEmail = $user->getSystemEMailAddress();
  218. if (array_key_exists($user->getUID(), $userStatuses)) {
  219. $userStatus = $userStatuses[$user->getUID()];
  220. $status = [
  221. 'status' => $userStatus->getStatus(),
  222. 'message' => $userStatus->getMessage(),
  223. 'icon' => $userStatus->getIcon(),
  224. 'clearAt' => $userStatus->getClearAt()
  225. ? (int)$userStatus->getClearAt()->format('U')
  226. : null,
  227. ];
  228. }
  229. $result['exact'][] = [
  230. 'label' => $user->getDisplayName(),
  231. 'icon' => 'icon-user',
  232. 'subline' => $status['message'] ?? '',
  233. 'value' => [
  234. 'shareType' => IShare::TYPE_USER,
  235. 'shareWith' => $user->getUID(),
  236. ],
  237. 'shareWithDisplayNameUnique' => $userEmail !== null && $userEmail !== '' ? $userEmail : $uid,
  238. 'status' => $status,
  239. ];
  240. }
  241. }
  242. }
  243. $type = new SearchResultType('users');
  244. $searchResult->addResultSet($type, $result['wide'], $result['exact']);
  245. if (count($result['exact'])) {
  246. $searchResult->markExactIdMatch($type);
  247. }
  248. return $hasMoreResults;
  249. }
  250. public function takeOutCurrentUser(array &$users): void {
  251. $currentUser = $this->userSession->getUser();
  252. if (!is_null($currentUser)) {
  253. if (isset($users[$currentUser->getUID()])) {
  254. unset($users[$currentUser->getUID()]);
  255. }
  256. }
  257. }
  258. }