From ba0a6180f9b4bb1ee13e369e63fad032945b53ce Mon Sep 17 00:00:00 2001
From: o <o@immerda.ch>
Date: Mon, 6 May 2019 13:23:05 +0200
Subject: [PATCH 1/2] honor user enumeration prevention of the share api

If user enumeration is disabled in nextcloud core, then circle can
be used to circumvent this measure. For example the adduser button
in the user facing circle UI allows enumeration of all registered
users.

This patch honors the choice made in
 'shareapi_allow_share_dialog_user_enumeration'
for deciding if auto completion should present partial results.
This is in line with other apps, such as webdav, which reuse this
configuration choice to disable user enumeration.

In case this preference is set, all partial results are removed
from the results.

Fixes #152
---
 lib/Controller/MembersController.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/Controller/MembersController.php b/lib/Controller/MembersController.php
index eefa132ea..9568839de 100644
--- a/lib/Controller/MembersController.php
+++ b/lib/Controller/MembersController.php
@@ -173,6 +173,12 @@ public function searchGlobal($search) {
 				);
 		}
 
+		if ($this->configService->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') !== 'yes')
+			$result = array_filter($result,
+			                       function($data, $k) use ($search) {
+			                           return $data->getIdent() == $search;
+			                       }, ARRAY_FILTER_USE_BOTH);
+
 		return $this->success(['search' => $search, 'result' => $result]);
 	}
 

From 3f8610d31406c19704a8e3f7211420791adcf563 Mon Sep 17 00:00:00 2001
From: Maxence Lange <maxence@artificial-owl.com>
Date: Mon, 24 Jun 2019 17:44:23 -0100
Subject: [PATCH 2/2] fixing some stuff

Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
---
 lib/Controller/MembersController.php | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/lib/Controller/MembersController.php b/lib/Controller/MembersController.php
index 9568839de..29360486b 100644
--- a/lib/Controller/MembersController.php
+++ b/lib/Controller/MembersController.php
@@ -27,6 +27,7 @@
 namespace OCA\Circles\Controller;
 
 use OCA\Circles\Model\Member;
+use OCA\Circles\Model\SearchResult;
 use OCA\Circles\Service\MiscService;
 use OCP\AppFramework\Http\DataResponse;
 
@@ -173,11 +174,15 @@ public function searchGlobal($search) {
 				);
 		}
 
-		if ($this->configService->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') !== 'yes')
-			$result = array_filter($result,
-			                       function($data, $k) use ($search) {
-			                           return $data->getIdent() == $search;
-			                       }, ARRAY_FILTER_USE_BOTH);
+		if ($this->configService->getAppValue('shareapi_allow_share_dialog_user_enumeration') !== 'yes') {
+			$result = array_filter(
+				$result,
+				function($data, $k) use ($search) {
+					/** @var SearchResult $data */
+					return $data->getIdent() === $search;
+				}, ARRAY_FILTER_USE_BOTH
+			);
+		}
 
 		return $this->success(['search' => $search, 'result' => $result]);
 	}