From 52d43bf3cc5d9743bb2949ad2fdd6b419b21f7b3 Mon Sep 17 00:00:00 2001
From: Joas Schilling <coding@schilljs.com>
Date: Tue, 9 Mar 2021 21:46:42 +0100
Subject: [PATCH] Add a config setting to restrict autocompletion to phonebook
 matches

Signed-off-by: Joas Schilling <coding@schilljs.com>
---
 apps/settings/js/admin.js                     |   1 +
 apps/settings/lib/Settings/Admin/Sharing.php  |   1 +
 .../templates/settings/admin/sharing.php      |  12 +-
 .../tests/Settings/Admin/SharingTest.php      | 221 ++++--------------
 4 files changed, 57 insertions(+), 178 deletions(-)

diff --git a/apps/settings/js/admin.js b/apps/settings/js/admin.js
index cffaefa3821..72b167d7e0d 100644
--- a/apps/settings/js/admin.js
+++ b/apps/settings/js/admin.js
@@ -144,6 +144,7 @@ window.addEventListener('DOMContentLoaded', function(){
 
 	$('#shareapi_allow_share_dialog_user_enumeration').on('change', function() {
 		$('#shareapi_restrict_user_enumeration_to_group_setting').toggleClass('hidden', !this.checked);
+		$('#shareapi_restrict_user_enumeration_to_phone_setting').toggleClass('hidden', !this.checked);
 	})
 
 	$('#allowLinks').change(function() {
diff --git a/apps/settings/lib/Settings/Admin/Sharing.php b/apps/settings/lib/Settings/Admin/Sharing.php
index 313a182501d..19eed576cd7 100644
--- a/apps/settings/lib/Settings/Admin/Sharing.php
+++ b/apps/settings/lib/Settings/Admin/Sharing.php
@@ -73,6 +73,7 @@ class Sharing implements ISettings {
 			'allowResharing' => $this->config->getAppValue('core', 'shareapi_allow_resharing', 'yes'),
 			'allowShareDialogUserEnumeration' => $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes'),
 			'restrictUserEnumerationToGroup' => $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no'),
+			'restrictUserEnumerationToPhone' => $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_phone', 'no'),
 			'enforceLinkPassword' => Util::isPublicLinkPasswordRequired(),
 			'onlyShareWithGroupMembers' => $this->shareManager->shareWithGroupMembersOnly(),
 			'shareAPIEnabled' => $this->config->getAppValue('core', 'shareapi_enabled', 'yes'),
diff --git a/apps/settings/templates/settings/admin/sharing.php b/apps/settings/templates/settings/admin/sharing.php
index 9f651ce6d6c..b02a7d2764c 100644
--- a/apps/settings/templates/settings/admin/sharing.php
+++ b/apps/settings/templates/settings/admin/sharing.php
@@ -173,7 +173,17 @@
 			<?php if ($_['restrictUserEnumerationToGroup'] === 'yes') {
 	print_unescaped('checked="checked"');
 } ?> />
-		<label for="shareapi_restrict_user_enumeration_to_group"><?php p($l->t('Restrict username autocompletion to users within the same groups'));?></label><br />
+		<label for="shareapi_restrict_user_enumeration_to_group"><?php p($l->t('Allow username autocompletion to users within the same groups'));?></label><br />
+	</p>
+
+	<p id="shareapi_restrict_user_enumeration_to_phone_setting" class="indent <?php if ($_['shareAPIEnabled'] === 'no' || $_['allowShareDialogUserEnumeration'] === 'no') {
+	p('hidden');
+}?>">
+		<input type="checkbox" name="shareapi_restrict_user_enumeration_to_phone" value="1" id="shareapi_restrict_user_enumeration_to_phone" class="checkbox"
+			<?php if ($_['restrictUserEnumerationToPhone'] === 'yes') {
+	print_unescaped('checked="checked"');
+} ?> />
+		<label for="shareapi_restrict_user_enumeration_to_phone"><?php p($l->t('Allow username autocompletion to users based on phonebook matches'));?></label><br />
 	</p>
 
 	<p>
diff --git a/apps/settings/tests/Settings/Admin/SharingTest.php b/apps/settings/tests/Settings/Admin/SharingTest.php
index 52e83f8ba7f..5d0794170a0 100644
--- a/apps/settings/tests/Settings/Admin/SharingTest.php
+++ b/apps/settings/tests/Settings/Admin/SharingTest.php
@@ -64,95 +64,28 @@ class SharingTest extends TestCase {
 
 	public function testGetFormWithoutExcludedGroups() {
 		$this->config
-			->expects($this->at(0))
 			->method('getAppValue')
-			->with('core', 'shareapi_exclude_groups_list', '')
-			->willReturn('');
-		$this->config
-			->expects($this->at(1))
-			->method('getAppValue')
-			->with('core', 'shareapi_allow_group_sharing', 'yes')
-			->willReturn('yes');
-		$this->config
-			->expects($this->at(2))
-			->method('getAppValue')
-			->with('core', 'shareapi_allow_links', 'yes')
-			->willReturn('yes');
-		$this->config
-			->expects($this->at(3))
-			->method('getAppValue')
-			->with('core', 'shareapi_allow_public_upload', 'yes')
-			->willReturn('yes');
-		$this->config
-			->expects($this->at(4))
-			->method('getAppValue')
-			->with('core', 'shareapi_allow_resharing', 'yes')
-			->willReturn('yes');
-		$this->config
-			->expects($this->at(5))
-			->method('getAppValue')
-			->with('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes')
-			->willReturn('yes');
-		$this->config
-			->expects($this->at(6))
-			->method('getAppValue')
-			->with('core', 'shareapi_restrict_user_enumeration_to_group', 'no')
-			->willReturn('no');
-		$this->config
-			->expects($this->at(7))
-			->method('getAppValue')
-			->with('core', 'shareapi_enabled', 'yes')
-			->willReturn('yes');
-		$this->config
-			->expects($this->at(8))
-			->method('getAppValue')
-			->with('core', 'shareapi_default_expire_date', 'no')
-			->willReturn('no');
-		$this->config
-			->expects($this->at(9))
-			->method('getAppValue')
-			->with('core', 'shareapi_expire_after_n_days', '7')
-			->willReturn('7');
-		$this->config
-			->expects($this->at(10))
-			->method('getAppValue')
-			->with('core', 'shareapi_enforce_expire_date', 'no')
-			->willReturn('no');
-		$this->config
-			->expects($this->at(11))
-			->method('getAppValue')
-			->with('core', 'shareapi_exclude_groups', 'no')
-			->willReturn('no');
-		$this->config
-			->expects($this->at(12))
-			->method('getAppValue')
-			->with('core', 'shareapi_public_link_disclaimertext', null)
-			->willReturn('Lorem ipsum');
-		$this->config
-			->expects($this->at(13))
-			->method('getAppValue')
-			->with('core', 'shareapi_enable_link_password_by_default', 'no')
-			->willReturn('yes');
-		$this->config
-			->expects($this->at(14))
-			->method('getAppValue')
-			->with('core', 'shareapi_default_permissions', Constants::PERMISSION_ALL)
-			->willReturn(Constants::PERMISSION_ALL);
-		$this->config
-			->expects($this->at(15))
-			->method('getAppValue')
-			->with('core', 'shareapi_default_internal_expire_date', 'no')
-			->willReturn('no');
-		$this->config
-			->expects($this->at(16))
-			->method('getAppValue')
-			->with('core', 'shareapi_internal_expire_after_n_days', '7')
-			->willReturn('7');
-		$this->config
-			->expects($this->at(17))
-			->method('getAppValue')
-			->with('core', 'shareapi_enforce_internal_expire_date', 'no')
-			->willReturn('no');
+			->willReturnMap([
+				['core', 'shareapi_exclude_groups_list', '', ''],
+				['core', 'shareapi_allow_group_sharing', 'yes', 'yes'],
+				['core', 'shareapi_allow_links', 'yes', 'yes'],
+				['core', 'shareapi_allow_public_upload', 'yes', 'yes'],
+				['core', 'shareapi_allow_resharing', 'yes', 'yes'],
+				['core', 'shareapi_allow_share_dialog_user_enumeration', 'yes', 'yes'],
+				['core', 'shareapi_restrict_user_enumeration_to_group', 'no', 'no'],
+				['core', 'shareapi_restrict_user_enumeration_to_phone', 'no', 'no'],
+				['core', 'shareapi_enabled', 'yes', 'yes'],
+				['core', 'shareapi_default_expire_date', 'no', 'no'],
+				['core', 'shareapi_expire_after_n_days', '7', '7'],
+				['core', 'shareapi_enforce_expire_date', 'no', 'no'],
+				['core', 'shareapi_exclude_groups', 'no', 'no'],
+				['core', 'shareapi_public_link_disclaimertext', null, 'Lorem ipsum'],
+				['core', 'shareapi_enable_link_password_by_default', 'no', 'yes'],
+				['core', 'shareapi_default_permissions', Constants::PERMISSION_ALL, Constants::PERMISSION_ALL],
+				['core', 'shareapi_default_internal_expire_date', 'no', 'no'],
+				['core', 'shareapi_internal_expire_after_n_days', '7', '7'],
+				['core', 'shareapi_enforce_internal_expire_date', 'no', 'no'],
+			]);
 
 		$expected = new TemplateResponse(
 			'settings',
@@ -164,6 +97,7 @@ class SharingTest extends TestCase {
 				'allowResharing' => 'yes',
 				'allowShareDialogUserEnumeration' => 'yes',
 				'restrictUserEnumerationToGroup' => 'no',
+				'restrictUserEnumerationToPhone' => 'no',
 				'enforceLinkPassword' => false,
 				'onlyShareWithGroupMembers' => false,
 				'shareAPIEnabled' => 'yes',
@@ -188,96 +122,28 @@ class SharingTest extends TestCase {
 
 	public function testGetFormWithExcludedGroups() {
 		$this->config
-			->expects($this->at(0))
 			->method('getAppValue')
-			->with('core', 'shareapi_exclude_groups_list', '')
-			->willReturn('["NoSharers","OtherNoSharers"]');
-		$this->config
-			->expects($this->at(1))
-			->method('getAppValue')
-			->with('core', 'shareapi_allow_group_sharing', 'yes')
-			->willReturn('yes');
-		$this->config
-			->expects($this->at(2))
-			->method('getAppValue')
-			->with('core', 'shareapi_allow_links', 'yes')
-			->willReturn('yes');
-		$this->config
-			->expects($this->at(3))
-			->method('getAppValue')
-			->with('core', 'shareapi_allow_public_upload', 'yes')
-			->willReturn('yes');
-		$this->config
-			->expects($this->at(4))
-			->method('getAppValue')
-			->with('core', 'shareapi_allow_resharing', 'yes')
-			->willReturn('yes');
-		$this->config
-			->expects($this->at(5))
-			->method('getAppValue')
-			->with('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes')
-			->willReturn('yes');
-		$this->config
-			->expects($this->at(6))
-			->method('getAppValue')
-			->with('core', 'shareapi_restrict_user_enumeration_to_group', 'no')
-			->willReturn('no');
-		$this->config
-			->expects($this->at(7))
-			->method('getAppValue')
-			->with('core', 'shareapi_enabled', 'yes')
-			->willReturn('yes');
-		$this->config
-			->expects($this->at(8))
-			->method('getAppValue')
-			->with('core', 'shareapi_default_expire_date', 'no')
-			->willReturn('no');
-		$this->config
-			->expects($this->at(9))
-			->method('getAppValue')
-			->with('core', 'shareapi_expire_after_n_days', '7')
-			->willReturn('7');
-		$this->config
-			->expects($this->at(10))
-			->method('getAppValue')
-			->with('core', 'shareapi_enforce_expire_date', 'no')
-			->willReturn('no');
-		$this->config
-			->expects($this->at(11))
-			->method('getAppValue')
-			->with('core', 'shareapi_exclude_groups', 'no')
-			->willReturn('yes');
-		$this->config
-			->expects($this->at(12))
-			->method('getAppValue')
-			->with('core', 'shareapi_public_link_disclaimertext', null)
-			->willReturn('Lorem ipsum');
-		$this->config
-			->expects($this->at(13))
-			->method('getAppValue')
-			->with('core', 'shareapi_enable_link_password_by_default', 'no')
-			->willReturn('yes');
-		$this->config
-			->expects($this->at(14))
-			->method('getAppValue')
-			->with('core', 'shareapi_default_permissions', Constants::PERMISSION_ALL)
-			->willReturn(Constants::PERMISSION_ALL);
-		$this->config
-			->expects($this->at(15))
-			->method('getAppValue')
-			->with('core', 'shareapi_default_internal_expire_date', 'no')
-			->willReturn('no');
-		$this->config
-			->expects($this->at(16))
-			->method('getAppValue')
-			->with('core', 'shareapi_internal_expire_after_n_days', '7')
-			->willReturn('7');
-		$this->config
-			->expects($this->at(17))
-			->method('getAppValue')
-			->with('core', 'shareapi_enforce_internal_expire_date', 'no')
-			->willReturn('no');
-
+			->willReturnMap([
+				['core', 'shareapi_exclude_groups_list', '', '["NoSharers","OtherNoSharers"]'],
+				['core', 'shareapi_allow_group_sharing', 'yes', 'yes'],
+				['core', 'shareapi_allow_links', 'yes', 'yes'],
+				['core', 'shareapi_allow_public_upload', 'yes', 'yes'],
+				['core', 'shareapi_allow_resharing', 'yes', 'yes'],
+				['core', 'shareapi_allow_share_dialog_user_enumeration', 'yes', 'yes'],
+				['core', 'shareapi_restrict_user_enumeration_to_group', 'no', 'no'],
+				['core', 'shareapi_restrict_user_enumeration_to_phone', 'no', 'no'],
+				['core', 'shareapi_enabled', 'yes', 'yes'],
+				['core', 'shareapi_default_expire_date', 'no', 'no'],
+				['core', 'shareapi_expire_after_n_days', '7', '7'],
+				['core', 'shareapi_enforce_expire_date', 'no', 'no'],
+				['core', 'shareapi_exclude_groups', 'no', 'yes'],
+				['core', 'shareapi_public_link_disclaimertext', null, 'Lorem ipsum'],
+				['core', 'shareapi_enable_link_password_by_default', 'no', 'yes'],
+				['core', 'shareapi_default_permissions', Constants::PERMISSION_ALL, Constants::PERMISSION_ALL],
+				['core', 'shareapi_default_internal_expire_date', 'no', 'no'],
+				['core', 'shareapi_internal_expire_after_n_days', '7', '7'],
+				['core', 'shareapi_enforce_internal_expire_date', 'no', 'no'],
+			]);
 
 		$expected = new TemplateResponse(
 			'settings',
@@ -289,6 +155,7 @@ class SharingTest extends TestCase {
 				'allowResharing' => 'yes',
 				'allowShareDialogUserEnumeration' => 'yes',
 				'restrictUserEnumerationToGroup' => 'no',
+				'restrictUserEnumerationToPhone' => 'no',
 				'enforceLinkPassword' => false,
 				'onlyShareWithGroupMembers' => false,
 				'shareAPIEnabled' => 'yes',
-- 
GitLab