Loading patches/002-login-without-domain.patch +8 −10 Original line number Diff line number Diff line Loading @@ -9,11 +9,10 @@ only the admin user (also configured in env var) will not have his login appende diff --git ./core/Controller/LoginController.php ./core/Controller/LoginController-new.php --- ./core/Controller/LoginController.php 2024-04-26 15:08:54.979407062 +0530 +++ ./core/Controller/LoginController-new.php 2024-04-26 15:16:48.582366408 +0530 @@ -315,7 +315,28 @@ self::LOGIN_MSG_CSRFCHECKFAILED @@ -340,6 +340,26 @@ $this->l10n->t('Unsupported email length (>255)') ); } + $user = trim($user); + $user = mb_strtolower($user, 'UTF-8'); + $actualUser = $user; + $legacyDomain = $this->config->getSystemValue('legacy_domain', ''); Loading @@ -22,7 +21,7 @@ diff --git ./core/Controller/LoginController.php ./core/Controller/LoginControll + $mainDomainSuffix = !empty($mainDomain) ? '@' . $mainDomain : ''; + $admin_username = $_ENV["NEXTCLOUD_ADMIN_USER"]; + $is_admin = strcmp($user, $admin_username) === 0; + + if (!$is_admin && str_ends_with($user, $legacyDomainSuffix)) { + $user = str_replace($legacyDomainSuffix, '', $user); + } Loading @@ -34,11 +33,10 @@ diff --git ./core/Controller/LoginController.php ./core/Controller/LoginControll + if (!$this->userManager->userExists($user)) { + $user = $user . $legacyDomainSuffix; + } + $data = new LoginData( $this->request, trim($user), @@ -328,7 +349,7 @@ @@ -353,7 +373,7 @@ if (!$result->isSuccess()) { return $this->createLoginFailedResponse( $data->getUsername(), Loading @@ -49,7 +47,7 @@ diff --git ./core/Controller/LoginController.php ./core/Controller/LoginControll ); --- ./core/Controller/WebAuthnController.php 2023-04-21 15:18:58.813220092 +0530 +++ ./core/Controller/WebAuthnController-new.php 2023-04-21 15:24:40.036538414 +0530 @@ -66,6 +66,27 @@ @@ -69,6 +69,27 @@ $this->logger->debug('Converting login name to UID'); $uid = $loginName; Loading Loading @@ -80,9 +78,9 @@ diff --git ./core/Controller/LoginController.php ./core/Controller/LoginControll --- ./lib/private/User/Session.php 2023-04-21 15:27:00.417034490 +0530 +++ ./lib/private/User/Session-new.php 2023-04-21 15:28:18.309111435 +0530 @@ -430,6 +430,10 @@ @@ -413,6 +413,10 @@ $remoteAddress = $request->getRemoteAddress(); $currentDelay = $throttler->sleepDelay($remoteAddress, 'login'); $currentDelay = $throttler->sleepDelayOrThrowOnMax($remoteAddress, 'login'); + $mainDomain = $this->config->getSystemValue('main_domain', ''); + $mainDomainSuffix = !empty($mainDomain) ? '@' . $mainDomain : ''; Loading patches/003-contact-search-removal.patch +1 −1 Original line number Diff line number Diff line Loading @@ -7,7 +7,7 @@ This patch removes the top right icon enabling the global user search function a diff --git layout.user.php layout.user.php-new --- ./core/templates/layout.user.php 2023-03-28 14:54:05.873566570 +0530 +++ ./core/templates/layout.user-new.php 2023-03-28 14:54:35.044218831 +0530 @@ -76,7 +76,6 @@ @@ -70,7 +70,6 @@ <div class="header-right"> <div id="unified-search"></div> <div id="notifications"></div> Loading patches/004-contact-search-controller-removal.patch +3 −2 Original line number Diff line number Diff line Loading @@ -7,11 +7,12 @@ This patch removes some results from the contact menu controller, not to leak us diff --git ContactsMenuController.php ContactsMenuController-new.php --- ./core/Controller/ContactsMenuController.php 2023-02-01 21:40:07.515628276 +0530 +++ ./core/Controller/ContactsMenuController-new.php 2023-02-01 21:39:07.398140201 +0530 @@ -49,7 +49,7 @@ * @throws Exception @@ -50,7 +50,7 @@ */ #[FrontpageRoute(verb: 'POST', url: '/contactsmenu/contacts')] public function index(?string $filter = null): array { - return $this->manager->getEntries($this->userSession->getUser(), $filter); + return []; } /** patches/005-autocomplete-user-leak-core.patch +1 −1 Original line number Diff line number Diff line Loading @@ -48,7 +48,7 @@ diff --git lib/private/Collaboration/Collaborators/MailPlugin.php lib/private/Co $this->shareeEnumeration = $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') === 'yes'; $this->shareWithGroupOnly = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members', 'no') === 'yes'; $this->shareeEnumerationInGroupOnly = $this->shareeEnumeration && $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no') === 'yes'; @@ -216,27 +219,61 @@ @@ -221,27 +224,61 @@ if ($exactEmailMatch) { $searchResult->markExactIdMatch($emailType); } Loading patches/006-recovery-email-changes.patch +2 −2 Original line number Diff line number Diff line --- ./core/Controller/LostController.php 2023-05-05 18:38:07.080445742 +0530 +++ ./core/Controller/LostController-new.php 2023-05-05 18:48:27.385043088 +0530 @@ -172,8 +172,23 @@ @@ -151,8 +151,23 @@ */ protected function checkPasswordResetToken(string $token, string $userId): void { try { Loading @@ -25,7 +25,7 @@ } catch (InvalidTokenException $e) { $error = $e->getCode() === InvalidTokenException::TOKEN_EXPIRED ? $this->l10n->t('Could not reset password because the token is expired') @@ -273,9 +288,22 @@ @@ -266,9 +281,22 @@ * @throws \OCP\PreConditionNotMetException */ protected function sendEmail(string $input): void { Loading Loading
patches/002-login-without-domain.patch +8 −10 Original line number Diff line number Diff line Loading @@ -9,11 +9,10 @@ only the admin user (also configured in env var) will not have his login appende diff --git ./core/Controller/LoginController.php ./core/Controller/LoginController-new.php --- ./core/Controller/LoginController.php 2024-04-26 15:08:54.979407062 +0530 +++ ./core/Controller/LoginController-new.php 2024-04-26 15:16:48.582366408 +0530 @@ -315,7 +315,28 @@ self::LOGIN_MSG_CSRFCHECKFAILED @@ -340,6 +340,26 @@ $this->l10n->t('Unsupported email length (>255)') ); } + $user = trim($user); + $user = mb_strtolower($user, 'UTF-8'); + $actualUser = $user; + $legacyDomain = $this->config->getSystemValue('legacy_domain', ''); Loading @@ -22,7 +21,7 @@ diff --git ./core/Controller/LoginController.php ./core/Controller/LoginControll + $mainDomainSuffix = !empty($mainDomain) ? '@' . $mainDomain : ''; + $admin_username = $_ENV["NEXTCLOUD_ADMIN_USER"]; + $is_admin = strcmp($user, $admin_username) === 0; + + if (!$is_admin && str_ends_with($user, $legacyDomainSuffix)) { + $user = str_replace($legacyDomainSuffix, '', $user); + } Loading @@ -34,11 +33,10 @@ diff --git ./core/Controller/LoginController.php ./core/Controller/LoginControll + if (!$this->userManager->userExists($user)) { + $user = $user . $legacyDomainSuffix; + } + $data = new LoginData( $this->request, trim($user), @@ -328,7 +349,7 @@ @@ -353,7 +373,7 @@ if (!$result->isSuccess()) { return $this->createLoginFailedResponse( $data->getUsername(), Loading @@ -49,7 +47,7 @@ diff --git ./core/Controller/LoginController.php ./core/Controller/LoginControll ); --- ./core/Controller/WebAuthnController.php 2023-04-21 15:18:58.813220092 +0530 +++ ./core/Controller/WebAuthnController-new.php 2023-04-21 15:24:40.036538414 +0530 @@ -66,6 +66,27 @@ @@ -69,6 +69,27 @@ $this->logger->debug('Converting login name to UID'); $uid = $loginName; Loading Loading @@ -80,9 +78,9 @@ diff --git ./core/Controller/LoginController.php ./core/Controller/LoginControll --- ./lib/private/User/Session.php 2023-04-21 15:27:00.417034490 +0530 +++ ./lib/private/User/Session-new.php 2023-04-21 15:28:18.309111435 +0530 @@ -430,6 +430,10 @@ @@ -413,6 +413,10 @@ $remoteAddress = $request->getRemoteAddress(); $currentDelay = $throttler->sleepDelay($remoteAddress, 'login'); $currentDelay = $throttler->sleepDelayOrThrowOnMax($remoteAddress, 'login'); + $mainDomain = $this->config->getSystemValue('main_domain', ''); + $mainDomainSuffix = !empty($mainDomain) ? '@' . $mainDomain : ''; Loading
patches/003-contact-search-removal.patch +1 −1 Original line number Diff line number Diff line Loading @@ -7,7 +7,7 @@ This patch removes the top right icon enabling the global user search function a diff --git layout.user.php layout.user.php-new --- ./core/templates/layout.user.php 2023-03-28 14:54:05.873566570 +0530 +++ ./core/templates/layout.user-new.php 2023-03-28 14:54:35.044218831 +0530 @@ -76,7 +76,6 @@ @@ -70,7 +70,6 @@ <div class="header-right"> <div id="unified-search"></div> <div id="notifications"></div> Loading
patches/004-contact-search-controller-removal.patch +3 −2 Original line number Diff line number Diff line Loading @@ -7,11 +7,12 @@ This patch removes some results from the contact menu controller, not to leak us diff --git ContactsMenuController.php ContactsMenuController-new.php --- ./core/Controller/ContactsMenuController.php 2023-02-01 21:40:07.515628276 +0530 +++ ./core/Controller/ContactsMenuController-new.php 2023-02-01 21:39:07.398140201 +0530 @@ -49,7 +49,7 @@ * @throws Exception @@ -50,7 +50,7 @@ */ #[FrontpageRoute(verb: 'POST', url: '/contactsmenu/contacts')] public function index(?string $filter = null): array { - return $this->manager->getEntries($this->userSession->getUser(), $filter); + return []; } /**
patches/005-autocomplete-user-leak-core.patch +1 −1 Original line number Diff line number Diff line Loading @@ -48,7 +48,7 @@ diff --git lib/private/Collaboration/Collaborators/MailPlugin.php lib/private/Co $this->shareeEnumeration = $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') === 'yes'; $this->shareWithGroupOnly = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members', 'no') === 'yes'; $this->shareeEnumerationInGroupOnly = $this->shareeEnumeration && $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no') === 'yes'; @@ -216,27 +219,61 @@ @@ -221,27 +224,61 @@ if ($exactEmailMatch) { $searchResult->markExactIdMatch($emailType); } Loading
patches/006-recovery-email-changes.patch +2 −2 Original line number Diff line number Diff line --- ./core/Controller/LostController.php 2023-05-05 18:38:07.080445742 +0530 +++ ./core/Controller/LostController-new.php 2023-05-05 18:48:27.385043088 +0530 @@ -172,8 +172,23 @@ @@ -151,8 +151,23 @@ */ protected function checkPasswordResetToken(string $token, string $userId): void { try { Loading @@ -25,7 +25,7 @@ } catch (InvalidTokenException $e) { $error = $e->getCode() === InvalidTokenException::TOKEN_EXPIRED ? $this->l10n->t('Could not reset password because the token is expired') @@ -273,9 +288,22 @@ @@ -266,9 +281,22 @@ * @throws \OCP\PreConditionNotMetException */ protected function sendEmail(string $input): void { Loading
