Add a config setting to restrict autocompletion to phonebook matches

Signed-off-by: Joas Schilling <coding@schilljs.com>

apps/settings/js/admin.js

@@ -144,6 +144,7 @@ window.addEventListener('DOMContentLoaded', function(){
 
 	$('#shareapi_allow_share_dialog_user_enumeration').on('change', function() {
 		$('#shareapi_restrict_user_enumeration_to_group_setting').toggleClass('hidden', !this.checked);
+		$('#shareapi_restrict_user_enumeration_to_phone_setting').toggleClass('hidden', !this.checked);
 	})
 
 	$('#allowLinks').change(function() {

apps/settings/lib/Settings/Admin/Sharing.php

@@ -73,6 +73,7 @@ class Sharing implements ISettings {
 			'allowResharing' => $this->config->getAppValue('core', 'shareapi_allow_resharing', 'yes'),
 			'allowShareDialogUserEnumeration' => $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes'),
 			'restrictUserEnumerationToGroup' => $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no'),
+			'restrictUserEnumerationToPhone' => $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_phone', 'no'),
 			'enforceLinkPassword' => Util::isPublicLinkPasswordRequired(),
 			'onlyShareWithGroupMembers' => $this->shareManager->shareWithGroupMembersOnly(),
 			'shareAPIEnabled' => $this->config->getAppValue('core', 'shareapi_enabled', 'yes'),

apps/settings/templates/settings/admin/sharing.php

@@ -173,7 +173,17 @@
 			<?php if ($_['restrictUserEnumerationToGroup'] === 'yes') {
 	print_unescaped('checked="checked"');
 } ?> />
-		<label for="shareapi_restrict_user_enumeration_to_group"><?php p($l->t('Restrict username autocompletion to users within the same groups'));?></label><br />
+		<label for="shareapi_restrict_user_enumeration_to_group"><?php p($l->t('Allow username autocompletion to users within the same groups'));?></label><br />
+	</p>
+
+	<p id="shareapi_restrict_user_enumeration_to_phone_setting" class="indent <?php if ($_['shareAPIEnabled'] === 'no' || $_['allowShareDialogUserEnumeration'] === 'no') {
+	p('hidden');
+}?>">
+		<input type="checkbox" name="shareapi_restrict_user_enumeration_to_phone" value="1" id="shareapi_restrict_user_enumeration_to_phone" class="checkbox"
+			<?php if ($_['restrictUserEnumerationToPhone'] === 'yes') {
+	print_unescaped('checked="checked"');
+} ?> />
+		<label for="shareapi_restrict_user_enumeration_to_phone"><?php p($l->t('Allow username autocompletion to users based on phonebook matches'));?></label><br />
 	</p>
 
 	<p>

apps/settings/tests/Settings/Admin/SharingTest.php

@@ -64,95 +64,28 @@ class SharingTest extends TestCase {
 
 	public function testGetFormWithoutExcludedGroups() {
 		$this->config
-			->expects($this->at(0))
 			->method('getAppValue')
-			->with('core', 'shareapi_exclude_groups_list', '')
+			->willReturnMap([
-			->willReturn('');
+				['core', 'shareapi_exclude_groups_list', '', ''],
-		$this->config
+				['core', 'shareapi_allow_group_sharing', 'yes', 'yes'],
-			->expects($this->at(1))
+				['core', 'shareapi_allow_links', 'yes', 'yes'],
-			->method('getAppValue')
+				['core', 'shareapi_allow_public_upload', 'yes', 'yes'],
-			->with('core', 'shareapi_allow_group_sharing', 'yes')
+				['core', 'shareapi_allow_resharing', 'yes', 'yes'],
-			->willReturn('yes');
+				['core', 'shareapi_allow_share_dialog_user_enumeration', 'yes', 'yes'],
-		$this->config
+				['core', 'shareapi_restrict_user_enumeration_to_group', 'no', 'no'],
-			->expects($this->at(2))
+				['core', 'shareapi_restrict_user_enumeration_to_phone', 'no', 'no'],
-			->method('getAppValue')
+				['core', 'shareapi_enabled', 'yes', 'yes'],
-			->with('core', 'shareapi_allow_links', 'yes')
+				['core', 'shareapi_default_expire_date', 'no', 'no'],
-			->willReturn('yes');
+				['core', 'shareapi_expire_after_n_days', '7', '7'],
-		$this->config
+				['core', 'shareapi_enforce_expire_date', 'no', 'no'],
-			->expects($this->at(3))
+				['core', 'shareapi_exclude_groups', 'no', 'no'],
-			->method('getAppValue')
+				['core', 'shareapi_public_link_disclaimertext', null, 'Lorem ipsum'],
-			->with('core', 'shareapi_allow_public_upload', 'yes')
+				['core', 'shareapi_enable_link_password_by_default', 'no', 'yes'],
-			->willReturn('yes');
+				['core', 'shareapi_default_permissions', Constants::PERMISSION_ALL, Constants::PERMISSION_ALL],
-		$this->config
+				['core', 'shareapi_default_internal_expire_date', 'no', 'no'],
-			->expects($this->at(4))
+				['core', 'shareapi_internal_expire_after_n_days', '7', '7'],
-			->method('getAppValue')
+				['core', 'shareapi_enforce_internal_expire_date', 'no', 'no'],
-			->with('core', 'shareapi_allow_resharing', 'yes')
+			]);
-			->willReturn('yes');
-		$this->config
-			->expects($this->at(5))
-			->method('getAppValue')
-			->with('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes')
-			->willReturn('yes');
-		$this->config
-			->expects($this->at(6))
-			->method('getAppValue')
-			->with('core', 'shareapi_restrict_user_enumeration_to_group', 'no')
-			->willReturn('no');
-		$this->config
-			->expects($this->at(7))
-			->method('getAppValue')
-			->with('core', 'shareapi_enabled', 'yes')
-			->willReturn('yes');
-		$this->config
-			->expects($this->at(8))
-			->method('getAppValue')
-			->with('core', 'shareapi_default_expire_date', 'no')
-			->willReturn('no');
-		$this->config
-			->expects($this->at(9))
-			->method('getAppValue')
-			->with('core', 'shareapi_expire_after_n_days', '7')
-			->willReturn('7');
-		$this->config
-			->expects($this->at(10))
-			->method('getAppValue')
-			->with('core', 'shareapi_enforce_expire_date', 'no')
-			->willReturn('no');
-		$this->config
-			->expects($this->at(11))
-			->method('getAppValue')
-			->with('core', 'shareapi_exclude_groups', 'no')
-			->willReturn('no');
-		$this->config
-			->expects($this->at(12))
-			->method('getAppValue')
-			->with('core', 'shareapi_public_link_disclaimertext', null)
-			->willReturn('Lorem ipsum');
-		$this->config
-			->expects($this->at(13))
-			->method('getAppValue')
-			->with('core', 'shareapi_enable_link_password_by_default', 'no')
-			->willReturn('yes');
-		$this->config
-			->expects($this->at(14))
-			->method('getAppValue')
-			->with('core', 'shareapi_default_permissions', Constants::PERMISSION_ALL)
-			->willReturn(Constants::PERMISSION_ALL);
-		$this->config
-			->expects($this->at(15))
-			->method('getAppValue')
-			->with('core', 'shareapi_default_internal_expire_date', 'no')
-			->willReturn('no');
-		$this->config
-			->expects($this->at(16))
-			->method('getAppValue')
-			->with('core', 'shareapi_internal_expire_after_n_days', '7')
-			->willReturn('7');
-		$this->config
-			->expects($this->at(17))
-			->method('getAppValue')
-			->with('core', 'shareapi_enforce_internal_expire_date', 'no')
-			->willReturn('no');
 
 		$expected = new TemplateResponse(
 			'settings',
@@ -164,6 +97,7 @@ class SharingTest extends TestCase {
 				'allowResharing' => 'yes',
 				'allowShareDialogUserEnumeration' => 'yes',
 				'restrictUserEnumerationToGroup' => 'no',
+				'restrictUserEnumerationToPhone' => 'no',
 				'enforceLinkPassword' => false,
 				'onlyShareWithGroupMembers' => false,
 				'shareAPIEnabled' => 'yes',
@@ -188,96 +122,28 @@ class SharingTest extends TestCase {
 
 	public function testGetFormWithExcludedGroups() {
 		$this->config
-			->expects($this->at(0))
 			->method('getAppValue')
-			->with('core', 'shareapi_exclude_groups_list', '')
+			->willReturnMap([
-			->willReturn('["NoSharers","OtherNoSharers"]');
+				['core', 'shareapi_exclude_groups_list', '', '["NoSharers","OtherNoSharers"]'],
-		$this->config
+				['core', 'shareapi_allow_group_sharing', 'yes', 'yes'],
-			->expects($this->at(1))
+				['core', 'shareapi_allow_links', 'yes', 'yes'],
-			->method('getAppValue')
+				['core', 'shareapi_allow_public_upload', 'yes', 'yes'],
-			->with('core', 'shareapi_allow_group_sharing', 'yes')
+				['core', 'shareapi_allow_resharing', 'yes', 'yes'],
-			->willReturn('yes');
+				['core', 'shareapi_allow_share_dialog_user_enumeration', 'yes', 'yes'],
-		$this->config
+				['core', 'shareapi_restrict_user_enumeration_to_group', 'no', 'no'],
-			->expects($this->at(2))
+				['core', 'shareapi_restrict_user_enumeration_to_phone', 'no', 'no'],
-			->method('getAppValue')
+				['core', 'shareapi_enabled', 'yes', 'yes'],
-			->with('core', 'shareapi_allow_links', 'yes')
+				['core', 'shareapi_default_expire_date', 'no', 'no'],
-			->willReturn('yes');
+				['core', 'shareapi_expire_after_n_days', '7', '7'],
-		$this->config
+				['core', 'shareapi_enforce_expire_date', 'no', 'no'],
-			->expects($this->at(3))
+				['core', 'shareapi_exclude_groups', 'no', 'yes'],
-			->method('getAppValue')
+				['core', 'shareapi_public_link_disclaimertext', null, 'Lorem ipsum'],
-			->with('core', 'shareapi_allow_public_upload', 'yes')
+				['core', 'shareapi_enable_link_password_by_default', 'no', 'yes'],
-			->willReturn('yes');
+				['core', 'shareapi_default_permissions', Constants::PERMISSION_ALL, Constants::PERMISSION_ALL],
-		$this->config
+				['core', 'shareapi_default_internal_expire_date', 'no', 'no'],
-			->expects($this->at(4))
+				['core', 'shareapi_internal_expire_after_n_days', '7', '7'],
-			->method('getAppValue')
+				['core', 'shareapi_enforce_internal_expire_date', 'no', 'no'],
-			->with('core', 'shareapi_allow_resharing', 'yes')
+			]);
-			->willReturn('yes');
-		$this->config
-			->expects($this->at(5))
-			->method('getAppValue')
-			->with('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes')
-			->willReturn('yes');
-		$this->config
-			->expects($this->at(6))
-			->method('getAppValue')
-			->with('core', 'shareapi_restrict_user_enumeration_to_group', 'no')
-			->willReturn('no');
-		$this->config
-			->expects($this->at(7))
-			->method('getAppValue')
-			->with('core', 'shareapi_enabled', 'yes')
-			->willReturn('yes');
-		$this->config
-			->expects($this->at(8))
-			->method('getAppValue')
-			->with('core', 'shareapi_default_expire_date', 'no')
-			->willReturn('no');
-		$this->config
-			->expects($this->at(9))
-			->method('getAppValue')
-			->with('core', 'shareapi_expire_after_n_days', '7')
-			->willReturn('7');
-		$this->config
-			->expects($this->at(10))
-			->method('getAppValue')
-			->with('core', 'shareapi_enforce_expire_date', 'no')
-			->willReturn('no');
-		$this->config
-			->expects($this->at(11))
-			->method('getAppValue')
-			->with('core', 'shareapi_exclude_groups', 'no')
-			->willReturn('yes');
-		$this->config
-			->expects($this->at(12))
-			->method('getAppValue')
-			->with('core', 'shareapi_public_link_disclaimertext', null)
-			->willReturn('Lorem ipsum');
-		$this->config
-			->expects($this->at(13))
-			->method('getAppValue')
-			->with('core', 'shareapi_enable_link_password_by_default', 'no')
-			->willReturn('yes');
-		$this->config
-			->expects($this->at(14))
-			->method('getAppValue')
-			->with('core', 'shareapi_default_permissions', Constants::PERMISSION_ALL)
-			->willReturn(Constants::PERMISSION_ALL);
-		$this->config
-			->expects($this->at(15))
-			->method('getAppValue')
-			->with('core', 'shareapi_default_internal_expire_date', 'no')
-			->willReturn('no');
-		$this->config
-			->expects($this->at(16))
-			->method('getAppValue')
-			->with('core', 'shareapi_internal_expire_after_n_days', '7')
-			->willReturn('7');
-		$this->config
-			->expects($this->at(17))
-			->method('getAppValue')
-			->with('core', 'shareapi_enforce_internal_expire_date', 'no')
-			->willReturn('no');
-
 
 		$expected = new TemplateResponse(
 			'settings',
@@ -289,6 +155,7 @@ class SharingTest extends TestCase {
 				'allowResharing' => 'yes',
 				'allowShareDialogUserEnumeration' => 'yes',
 				'restrictUserEnumerationToGroup' => 'no',
+				'restrictUserEnumerationToPhone' => 'no',
 				'enforceLinkPassword' => false,
 				'onlyShareWithGroupMembers' => false,
 				'shareAPIEnabled' => 'yes',