This app does not respect the "Allow sharing with groups"-setting

[pierreozoux]

Expected behavior

Given the following settings

When you write a new email, you shouldn't be proposed autocompletion emails from users from groups you are not in.

Actual behavior

It does propose you all the emails of the instance.

Steps to reproduce

1. configure the sharing settings like in the screenshot
2. create a new email
3. start to type in the to field and get autocompletion proposition from users outside your groups.

Mail app version

1.11.6

Mailserver or service

Not relevant.

Operating system

Not relevant.

PHP engine version

Other

Web server

Other

Database

Other

Additional info

Relates to this bug:
nextcloud/server#25390

On shared instance, this is a privacy issue.

[kesselb]

Hey @pierreozoux 👋

I need some help with your bug report.

Sharing Settings

Users & Groups

Test Case 1

• Login as alice
• Write a new message

Input To	Suggestion
bob	-
john	-
house	House Greyjoy (Nextcloud) House Stark (Nextcloud)
night	Night's Watch (Nextcloud)
admin	admin (Nextcloud)

* (Nextcloud) = Group in Nextcloud

Test Case 2

• Login as alice
• Write a new message to join@nightswatch.got
• Sent the message
• Open write a new message again

Input To	Suggestion
night	join@nightswatch.got Night's Watch (Nextcloud)

join@nightswatch.got is returned by the address collector (as we wrote an email earlier)

Night's Watch (Nextcloud) = Group in Nextcloud

Test Case 3

• Login as alice
• Open contacts
• Add a new contact Robb Stark with email robb@stark.got
• Open mail
• Write a new message

Input To	Suggestion
robb	Robb Stark (robb@stark.got)

Robb Stark (robb@stark.got) is a direct match from contacts then

Test Case 1, 2 and 3 look okay. I also had a quick look at the auto completion service. We use three sources: Contacts, Groups and collected addresses.

Can you share some more details how to reproduce it 🤔

[unteem]

Hi @kesselb

This looks definitely like a duplicate of #6148

I'll answer for @pierreozoux

Its weird I cannot replicate on a fresh install but on our current install we do have the issue of the autocompletion settings being ignored...

If I allow auto-completion for users in the same groups:
I should only see users from that group in the autocompletion when I start to type a recipient
What I actually see is an auto-completion of all the users in the instance.

Can it be something that is messed up during an upgrade when there was this issues ? We still have some stuff in the db that should be cleaned up ?

Nextcloud version 23.0.7
Mail verison 1.13.7

Thanks

[hrenard]

Hi @kesselb,

As I understand it, the ContactsManager (lib/private) is not responsible for filtering the results. Then, I don't see how the code would filter by groups as it only filters on shareapi_allow_share_dialog_user_enumeration.

mail/lib/Service/ContactsIntegration.php

Lines 56 to 63 in ca3f929

	$allowSystemUsers = $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'no') === 'yes';
	$result = $this->contactsManager->search($term, ['FN', 'EMAIL']);
	$receivers = [];
	foreach ($result as $r) {
	if (!$allowSystemUsers && isset($r['isLocalSystemBook']) && $r['isLocalSystemBook']) {
	continue;
	}

I believe we need something like this.

Have I missed something ?

Thanks !

[ChristophWurst]

Label dropped because it was a duplicate of the attribute at https://github.com/orgs/nextcloud/projects/61. The priority does not change.