Loading Dockerfile +16 −14 Original line number Diff line number Diff line FROM nextcloud:25.0.6-fpm AS nextcloud ARG BASE_DIR="/usr/src/nextcloud" ARG TMP_PATCH_DIR="/tmp/build_patches" ARG THEME_HELPER_JOB_ID="566446" ARG THEME_HELPER_JOB_ID="583519" ARG NOTES_VERSION="4.7.2" ARG CONTACTS_JOB_ID="559941" ARG CALENDAR_JOB_ID="559880" ARG EMAIL_RECOVERY_JOB_ID="570722" ARG EA_JOB_ID="571462" ARG LAUNCHER_JOB_ID="570737" ARG CONTACTS_JOB_ID="582012" ARG CALENDAR_JOB_ID="582001" ARG EMAIL_RECOVERY_JOB_ID="582038" ARG EA_JOB_ID="582028" ARG LAUNCHER_JOB_ID="582666" ARG GOOGLE_INTEGRATION_VERSION="1.0.9" ARG DASHBOARD_JOB_ID="570430" ARG DASHBOARD_JOB_ID="582062" ARG SNAPPY_VERSION="2.27.2" ARG SNAPPY_THEME_VERSION="1.2.7" ARG SNAPPY_THEME_VERSION="2.0.0" ARG USER_MIGRATION_VERSION="3.0.0" RUN sed -i 's/25,0,6,1/25,0,6,2/' ${BASE_DIR}/version.php RUN sed -i 's/25,0,6,1/25,0,6,4/' ${BASE_DIR}/version.php COPY custom_entrypoint.sh / RUN chmod +x /custom_entrypoint.sh RUN mkdir -p /var/www/skeleton/Documents && mkdir -p /var/www/skeleton/Images Loading Loading @@ -97,7 +97,8 @@ RUN sed -i 's/logo-white-64x64.png/app.svg/' ${BASE_DIR}/custom_apps/snappymail/ RUN curl -fsSL -o Murena-snappymail-theme.tar.gz \ "https://gitlab.e.foundation/e/infra/ecloud/nextcloud-apps/snappymail-theme/-/archive/${SNAPPY_THEME_VERSION}/snappymail-theme-${SNAPPY_THEME_VERSION}.tar.gz" && \ tar -xf Murena-snappymail-theme.tar.gz -C /tmp/ && \ mv /tmp/snappymail-theme-${SNAPPY_THEME_VERSION}/ ${BASE_DIR}/themes/Murena && \ mkdir -p ${BASE_DIR}/themes/Murena && \ mv /tmp/snappymail-theme-${SNAPPY_THEME_VERSION}/ ${BASE_DIR}/themes/Murena/snappymail && \ chown -R www-data:www-data ${BASE_DIR}/themes/Murena/ && \ rm -rf Murena-snappymail-theme.tar.gz Loading @@ -116,7 +117,7 @@ CMD ["php-fpm"] From nextcloud as selfhost ARG BASE_DIR="/usr/src/nextcloud" ARG TMP_PATCH_DIR="/tmp/build_patches" ARG THEME_VERSION="selfhost-22.0.0" ARG THEME_VERSION="selfhost-24.0.10" ARG USER_BACKEND_RAW_SQL_VERSION="1.3.0" # Patches Loading @@ -135,6 +136,7 @@ RUN patch -u ${BASE_DIR}/apps/settings/lib/Sections/Personal/Groupware.php -i ${ RUN patch -u ${BASE_DIR}/apps/files/js/files.js -i ${TMP_PATCH_DIR}/021-repeated-storage-dialog-fix.patch RUN cd ${BASE_DIR} && patch -u ${BASE_DIR}/3rdparty/sabre/vobject/lib/ITip/Broker.php -i ${TMP_PATCH_DIR}/022-significantchange.patch RUN patch -u ${BASE_DIR}/apps/dav/lib/CalDAV/Reminder/ReminderService.php -i ${TMP_PATCH_DIR}/024-reminder-service-handle-exception.patch RUN patch -u ${BASE_DIR}/apps/theming/lib/Themes/CommonThemeTrait.php -i ${TMP_PATCH_DIR}/026-primary-color-fix.patch RUN rm -rf ${TMP_PATCH_DIR} Loading Loading @@ -167,9 +169,9 @@ RUN sed -i 's/this.appLimit=e/this.appLimit=this.appList.length/' ${BASE_DIR}/di From selfhost as ecloud ARG BASE_DIR="/usr/src/nextcloud" ARG TMP_PATCH_DIR="/tmp/build_patches" ARG THEME_VERSION="dev/nc-25" ARG THEME_VERSION="25.0.6" ARG LDAP_WRITE_SUPPORT_VERSION="1.7.0" ARG OIDC_LOGIN_VERSION="2.5.0" ARG OIDC_LOGIN_VERSION="2.5.1" # Patches COPY patches/ ${TMP_PATCH_DIR}/ Loading @@ -180,7 +182,7 @@ RUN patch -u ${BASE_DIR}/core/templates/layout.guest.php -i ${TMP_PATCH_DIR}/016 RUN patch -u ${BASE_DIR}/lib/private/Notification/Manager.php -i ${TMP_PATCH_DIR}/020-fairuse-notification-fix.patch RUN cd ${BASE_DIR} && patch -u ${BASE_DIR}/apps/user_ldap/lib/User_LDAP.php -i ${TMP_PATCH_DIR}/023-ldap-check-pwd-optimization.patch RUN patch -u ${BASE_DIR}/lib/private/User/Manager.php -i ${TMP_PATCH_DIR}/025-optimize-get-by-email.patch RUN patch -u ${BASE_DIR}/apps/theming/lib/Themes/CommonThemeTrait.php -i ${TMP_PATCH_DIR}/026-primary-color-fix.patch RUN patch -u ${BASE_DIR}/apps/dav/lib/Connector/Sabre/Principal.php -i ${TMP_PATCH_DIR}/027-displayname-user-leak-dav.patch RUN rm -rf ${TMP_PATCH_DIR} RUN curl -fsSL -o ldap_write_support.tar.gz \ Loading patches/006-recovery-email-changes.patch +29 −28 Original line number Diff line number Diff line --- ./core/Controller/LostController.php 2023-02-01 18:49:00.652101897 +0530 +++ ./core/Controller/LostController-new.php 2023-02-01 18:53:01.231516084 +0530 @@ -168,8 +168,23 @@ --- ./core/Controller/LostController.php 2023-05-05 18:38:07.080445742 +0530 +++ ./core/Controller/LostController-new.php 2023-05-05 18:48:27.385043088 +0530 @@ -172,8 +172,23 @@ */ protected function checkPasswordResetToken(string $token, string $userId): void { try { + $domain = $this->config->getSystemValue('mail_domain', ''); + $domainSuffix = !empty($domain) ? '@' . $domain : ''; + $altDomain = $this->config->getSystemValue('alt_mail_domain', ''); + $altDomainSuffix = !empty($altDomain) ? '@' . $altDomain : ''; + if(stristr($userId, $domainSuffix) !== FALSE) { + $userId = str_replace($domainSuffix, '', $userId); + $legacyDomain = $this->config->getSystemValue('legacy_domain', ''); + $legacyDomainSuffix = !empty($legacyDomain) ? '@' . $legacyDomain : ''; + $mainDomain = $this->config->getSystemValue('main_domain', ''); + $mainDomainSuffix = !empty($mainDomain) ? '@' . $mainDomain : ''; + if(str_ends_with($userId, $legacyDomainSuffix)) { + $userId = str_replace($legacyDomainSuffix, '', $userId); + } + if(stristr($userId, $altDomainSuffix) !== FALSE) { + $userId = str_replace($altDomainSuffix, '', $userId); + if(str_ends_with($userId, $mainDomainSuffix)) { + $userId = str_replace($mainDomainSuffix, '', $userId); + } + + if(!$this->userManager->userExists($userId)) { + $userId = $userId . $domainSuffix; + $userId = $userId . $legacyDomainSuffix; + } $user = $this->userManager->get($userId); - $this->verificationToken->check($token, $user, 'lostpassword', $user ? $user->getEMailAddress() : '', true); + $recoveryEmail = $this->config->getUserValue($userId, 'email-recovery', 'recovery-email'); + $mailAddress = is_null($recoveryEmail) ? '' : $recoveryEmail; + $this->verificationToken->check($token, $user, 'lostpassword', $mailAddress, true); + $recoveryEmail = $this->config->getUserValue($userId, 'email-recovery', 'recovery-email', ''); + $this->verificationToken->check($token, $user, 'lostpassword', $user ? $recoveryEmail : '', true); } catch (InvalidTokenException $e) { $error = $e->getCode() === InvalidTokenException::TOKEN_EXPIRED ? $this->l10n->t('Could not reset password because the token is expired') @@ -269,8 +284,21 @@ @@ -273,9 +288,22 @@ * @throws \OCP\PreConditionNotMetException */ protected function sendEmail(string $input): void { + $domain = $this->config->getSystemValue('mail_domain', ''); + $domainSuffix = !empty($domain) ? '@' . $domain : ''; + $altDomain = $this->config->getSystemValue('alt_mail_domain', ''); + $altDomainSuffix = !empty($altDomain) ? '@' . $altDomain : ''; + if (stristr($input, $domainSuffix) !== FALSE) { + $input = str_replace($domainSuffix, '', $input); + $legacyDomain = $this->config->getSystemValue('legacy_domain', ''); + $legacyDomainSuffix = !empty($legacyDomain) ? '@' . $legacyDomain : ''; + $mainDomain = $this->config->getSystemValue('main_domain', ''); + $mainDomainSuffix = !empty($mainDomain) ? '@' . $mainDomain : ''; + if (str_ends_with($input, $legacyDomainSuffix)) { + $input = str_replace($legacyDomainSuffix, '', $input); + } + if(stristr($input, $altDomainSuffix) !== FALSE) { + $input = str_replace($altDomainSuffix, '', $input); + if(str_ends_with($input, $mainDomainSuffix)) { + $input = str_replace($mainDomainSuffix, '', $input); + } + if(!$this->userManager->userExists($input) ) { + $input = $input . $domainSuffix; + $input = $input . $legacyDomainSuffix; + } $user = $this->findUserByIdOrMail($input); - $email = $user->getEMailAddress(); + $email = $this->config->getUserValue($user->getUID(), 'email-recovery', 'recovery-email'); $email = $user->getEMailAddress(); - + $email = $this->config->getUserValue($user->getUID(), 'email-recovery', 'recovery-email', ''); if (empty($email)) { throw new ResetPasswordException('Could not send reset e-mail since there is no email for username ' . $input); } patches/009-help-links.patch +2 −2 Original line number Diff line number Diff line Loading @@ -26,7 +26,7 @@ help links are shown -} ?>" <?php if ($_['mode'] === 'user') { print_unescaped('aria-current="page"'); } ?> - href="<?php print_unescaped($_['urlUserDocs']); ?>"> + <a class="icon-user" + href="https://docs.nextcloud.com/server/<?php print_unescaped($_['ncVersion']); ?>/user_manual/en" target="_blank" rel="noreferrer noopener"> + href="https://docs.nextcloud.com/server/<?php print_unescaped($_['ncVersion']); ?>/user_manual/en/" target="_blank" rel="noreferrer noopener"> <span class="help-list__text"> - <?php p($l->t('User documentation')); ?> + <?php p('Nextcloud ' . $_['ncVersion'] . ' ' . $l->t('User documentation')); ?> ↗ Loading @@ -39,7 +39,7 @@ help links are shown - p('active'); -} ?>" <?php if ($_['mode'] === 'admin') { print_unescaped('aria-current="page"'); } ?> - href="<?php print_unescaped($_['urlAdminDocs']); ?>"> + <a href="https://support.e.foundation/how-tos#ecloud-eemail--account" class="icon-category-office" target="_blank" rel="noreferrer noopener"> + <a href="https://support.e.foundation/support-topics/e-cloud-e-email-account" class="icon-category-office" target="_blank" rel="noreferrer noopener"> <span class="help-list__text"> - <?php p($l->t('Administrator documentation')); ?> + <?php p('/e/' . ' ' . $l->t('Documentation')); ?> Loading patches/025-optimize-get-by-email.patch +16 −16 Original line number Diff line number Diff line Loading @@ -2,43 +2,43 @@ From: Akhil <akhil@e.email> Date: Tue, 10 Mar 2023 10:00 +0530 Subject: [PATCH] To optimize getByEmail as we have boundary conditions that email is unique per-user and can only match one of the two domains --- ./lib/private/User/Manager.php 2023-03-10 10:01:44.729561986 +0530 +++ ./lib/private/User/Manager-new.php 2023-03-10 10:05:18.767230727 +0530 @@ -706,11 +706,33 @@ --- ./lib/private/User/Manager.php 2023-05-05 18:29:34.818568291 +0530 +++ ./lib/private/User/Manager-new.php 2023-05-05 18:33:49.872682118 +0530 @@ -693,12 +693,33 @@ */ public function getByEmail($email) { // looking for 'email' only (and not primary_mail) is intentional - $userIds = $this->config->getUsersForUserValueCaseInsensitive('settings', 'email', $email); + $mailDomain = $this->config->getSystemValue('mail_domain', ''); + $altMailDomain = $this->config->getSystemValue('alt_mail_domain', ''); + $legacyDomain = $this->config->getSystemValue('legacy_domain', ''); + $mainDomain = $this->config->getSystemValue('main_domain', ''); + $users = []; + + if(empty($mailDomain) && empty($altMailDomain)) { + $userIds = $this->config->getUsersForUserValueCaseInsensitive('settings', 'email', $email); - $users = array_map(function ($uid) { - return $this->get($uid); - }, $userIds); + if(empty($mailDomain) && empty($altMailDomain)) { + $userIds = $this->config->getUsersForUserValueCaseInsensitive('settings', 'email', $email); + $users = array_map(function ($uid) { + return $this->get($uid); + }, $userIds); + } else { + $uid = ''; + $mailDomainSuffix = empty($mailDomain) ? '' : '@' . $mailDomain; + $altMailDomainSuffix = empty($altMailDomain) ? '' : '@' . $altMailDomain; + $legacyDomainSuffix = empty($legacyDomain) ? '' : '@' . $legacyDomain; + $mainDomainSuffix = empty($mainDomain) ? '' : '@' . $mainDomain; + + if (!empty($mailDomainSuffix) && stristr($email, $mailDomainSuffix) !== FALSE) { + // In case of mail_domain, username is email + if (!empty($legacyDomainSuffix) && str_ends_with($email, $legacyDomainSuffix)) { + // In case of legacy_domain, username is email + $uid = $email; + } else if (!empty($altMailDomainSuffix) && stristr($email, $altMailDomainSuffix) !== FALSE) { + // In case of alt_mail_domain, username is email without domain suffix + $uid = str_replace($altMailDomainSuffix, '', $email); + } else if (!empty($mainDomainSuffix) && str_ends_with($email, $mainDomainSuffix)) { + // In case of main_domain, username is email without domain suffix + $uid = str_replace($mainDomainSuffix, '', $email); + } + // If no match of domain, no user + if(!empty($uid)) { + $users = [$this->get($uid)]; + } + } return array_values(array_filter($users, function ($u) { return ($u instanceof IUser); })); patches/027-displayname-user-leak-dav.patch 0 → 100644 +18 −0 Original line number Diff line number Diff line From: akhil <akhil.potukuchi.ext@murena.com> Date: Tue, 09 May 2023 15:50:00 +0530 Subject: [PATCH] Don't return results when searching by display name This patch(along with the right settings in the admin section "sharing") ensures that DAV searches are done only on the full email address of the user and not on the display name property --- ./apps/dav/lib/Connector/Sabre/Principal.php 2023-05-09 15:49:02.397783639 +0530 +++ ./apps/dav/lib/Connector/Sabre/Principal-new.php 2023-05-09 15:49:56.555305986 +0530 @@ -358,7 +358,7 @@ if (!$allowEnumeration) { if ($allowEnumerationFullMatch) { $lowerSearch = strtolower($value); - $users = $this->userManager->searchDisplayName($value, $searchLimit); + $users = []; $users = \array_filter($users, static function (IUser $user) use ($lowerSearch, $ignoreSecondDisplayName) { $lowerDisplayName = strtolower($user->getDisplayName()); return $lowerDisplayName === $lowerSearch || ($ignoreSecondDisplayName && trim(preg_replace('/ \(.*\)$/', '', $lowerDisplayName)) === $lowerSearch); Loading
Dockerfile +16 −14 Original line number Diff line number Diff line FROM nextcloud:25.0.6-fpm AS nextcloud ARG BASE_DIR="/usr/src/nextcloud" ARG TMP_PATCH_DIR="/tmp/build_patches" ARG THEME_HELPER_JOB_ID="566446" ARG THEME_HELPER_JOB_ID="583519" ARG NOTES_VERSION="4.7.2" ARG CONTACTS_JOB_ID="559941" ARG CALENDAR_JOB_ID="559880" ARG EMAIL_RECOVERY_JOB_ID="570722" ARG EA_JOB_ID="571462" ARG LAUNCHER_JOB_ID="570737" ARG CONTACTS_JOB_ID="582012" ARG CALENDAR_JOB_ID="582001" ARG EMAIL_RECOVERY_JOB_ID="582038" ARG EA_JOB_ID="582028" ARG LAUNCHER_JOB_ID="582666" ARG GOOGLE_INTEGRATION_VERSION="1.0.9" ARG DASHBOARD_JOB_ID="570430" ARG DASHBOARD_JOB_ID="582062" ARG SNAPPY_VERSION="2.27.2" ARG SNAPPY_THEME_VERSION="1.2.7" ARG SNAPPY_THEME_VERSION="2.0.0" ARG USER_MIGRATION_VERSION="3.0.0" RUN sed -i 's/25,0,6,1/25,0,6,2/' ${BASE_DIR}/version.php RUN sed -i 's/25,0,6,1/25,0,6,4/' ${BASE_DIR}/version.php COPY custom_entrypoint.sh / RUN chmod +x /custom_entrypoint.sh RUN mkdir -p /var/www/skeleton/Documents && mkdir -p /var/www/skeleton/Images Loading Loading @@ -97,7 +97,8 @@ RUN sed -i 's/logo-white-64x64.png/app.svg/' ${BASE_DIR}/custom_apps/snappymail/ RUN curl -fsSL -o Murena-snappymail-theme.tar.gz \ "https://gitlab.e.foundation/e/infra/ecloud/nextcloud-apps/snappymail-theme/-/archive/${SNAPPY_THEME_VERSION}/snappymail-theme-${SNAPPY_THEME_VERSION}.tar.gz" && \ tar -xf Murena-snappymail-theme.tar.gz -C /tmp/ && \ mv /tmp/snappymail-theme-${SNAPPY_THEME_VERSION}/ ${BASE_DIR}/themes/Murena && \ mkdir -p ${BASE_DIR}/themes/Murena && \ mv /tmp/snappymail-theme-${SNAPPY_THEME_VERSION}/ ${BASE_DIR}/themes/Murena/snappymail && \ chown -R www-data:www-data ${BASE_DIR}/themes/Murena/ && \ rm -rf Murena-snappymail-theme.tar.gz Loading @@ -116,7 +117,7 @@ CMD ["php-fpm"] From nextcloud as selfhost ARG BASE_DIR="/usr/src/nextcloud" ARG TMP_PATCH_DIR="/tmp/build_patches" ARG THEME_VERSION="selfhost-22.0.0" ARG THEME_VERSION="selfhost-24.0.10" ARG USER_BACKEND_RAW_SQL_VERSION="1.3.0" # Patches Loading @@ -135,6 +136,7 @@ RUN patch -u ${BASE_DIR}/apps/settings/lib/Sections/Personal/Groupware.php -i ${ RUN patch -u ${BASE_DIR}/apps/files/js/files.js -i ${TMP_PATCH_DIR}/021-repeated-storage-dialog-fix.patch RUN cd ${BASE_DIR} && patch -u ${BASE_DIR}/3rdparty/sabre/vobject/lib/ITip/Broker.php -i ${TMP_PATCH_DIR}/022-significantchange.patch RUN patch -u ${BASE_DIR}/apps/dav/lib/CalDAV/Reminder/ReminderService.php -i ${TMP_PATCH_DIR}/024-reminder-service-handle-exception.patch RUN patch -u ${BASE_DIR}/apps/theming/lib/Themes/CommonThemeTrait.php -i ${TMP_PATCH_DIR}/026-primary-color-fix.patch RUN rm -rf ${TMP_PATCH_DIR} Loading Loading @@ -167,9 +169,9 @@ RUN sed -i 's/this.appLimit=e/this.appLimit=this.appList.length/' ${BASE_DIR}/di From selfhost as ecloud ARG BASE_DIR="/usr/src/nextcloud" ARG TMP_PATCH_DIR="/tmp/build_patches" ARG THEME_VERSION="dev/nc-25" ARG THEME_VERSION="25.0.6" ARG LDAP_WRITE_SUPPORT_VERSION="1.7.0" ARG OIDC_LOGIN_VERSION="2.5.0" ARG OIDC_LOGIN_VERSION="2.5.1" # Patches COPY patches/ ${TMP_PATCH_DIR}/ Loading @@ -180,7 +182,7 @@ RUN patch -u ${BASE_DIR}/core/templates/layout.guest.php -i ${TMP_PATCH_DIR}/016 RUN patch -u ${BASE_DIR}/lib/private/Notification/Manager.php -i ${TMP_PATCH_DIR}/020-fairuse-notification-fix.patch RUN cd ${BASE_DIR} && patch -u ${BASE_DIR}/apps/user_ldap/lib/User_LDAP.php -i ${TMP_PATCH_DIR}/023-ldap-check-pwd-optimization.patch RUN patch -u ${BASE_DIR}/lib/private/User/Manager.php -i ${TMP_PATCH_DIR}/025-optimize-get-by-email.patch RUN patch -u ${BASE_DIR}/apps/theming/lib/Themes/CommonThemeTrait.php -i ${TMP_PATCH_DIR}/026-primary-color-fix.patch RUN patch -u ${BASE_DIR}/apps/dav/lib/Connector/Sabre/Principal.php -i ${TMP_PATCH_DIR}/027-displayname-user-leak-dav.patch RUN rm -rf ${TMP_PATCH_DIR} RUN curl -fsSL -o ldap_write_support.tar.gz \ Loading
patches/006-recovery-email-changes.patch +29 −28 Original line number Diff line number Diff line --- ./core/Controller/LostController.php 2023-02-01 18:49:00.652101897 +0530 +++ ./core/Controller/LostController-new.php 2023-02-01 18:53:01.231516084 +0530 @@ -168,8 +168,23 @@ --- ./core/Controller/LostController.php 2023-05-05 18:38:07.080445742 +0530 +++ ./core/Controller/LostController-new.php 2023-05-05 18:48:27.385043088 +0530 @@ -172,8 +172,23 @@ */ protected function checkPasswordResetToken(string $token, string $userId): void { try { + $domain = $this->config->getSystemValue('mail_domain', ''); + $domainSuffix = !empty($domain) ? '@' . $domain : ''; + $altDomain = $this->config->getSystemValue('alt_mail_domain', ''); + $altDomainSuffix = !empty($altDomain) ? '@' . $altDomain : ''; + if(stristr($userId, $domainSuffix) !== FALSE) { + $userId = str_replace($domainSuffix, '', $userId); + $legacyDomain = $this->config->getSystemValue('legacy_domain', ''); + $legacyDomainSuffix = !empty($legacyDomain) ? '@' . $legacyDomain : ''; + $mainDomain = $this->config->getSystemValue('main_domain', ''); + $mainDomainSuffix = !empty($mainDomain) ? '@' . $mainDomain : ''; + if(str_ends_with($userId, $legacyDomainSuffix)) { + $userId = str_replace($legacyDomainSuffix, '', $userId); + } + if(stristr($userId, $altDomainSuffix) !== FALSE) { + $userId = str_replace($altDomainSuffix, '', $userId); + if(str_ends_with($userId, $mainDomainSuffix)) { + $userId = str_replace($mainDomainSuffix, '', $userId); + } + + if(!$this->userManager->userExists($userId)) { + $userId = $userId . $domainSuffix; + $userId = $userId . $legacyDomainSuffix; + } $user = $this->userManager->get($userId); - $this->verificationToken->check($token, $user, 'lostpassword', $user ? $user->getEMailAddress() : '', true); + $recoveryEmail = $this->config->getUserValue($userId, 'email-recovery', 'recovery-email'); + $mailAddress = is_null($recoveryEmail) ? '' : $recoveryEmail; + $this->verificationToken->check($token, $user, 'lostpassword', $mailAddress, true); + $recoveryEmail = $this->config->getUserValue($userId, 'email-recovery', 'recovery-email', ''); + $this->verificationToken->check($token, $user, 'lostpassword', $user ? $recoveryEmail : '', true); } catch (InvalidTokenException $e) { $error = $e->getCode() === InvalidTokenException::TOKEN_EXPIRED ? $this->l10n->t('Could not reset password because the token is expired') @@ -269,8 +284,21 @@ @@ -273,9 +288,22 @@ * @throws \OCP\PreConditionNotMetException */ protected function sendEmail(string $input): void { + $domain = $this->config->getSystemValue('mail_domain', ''); + $domainSuffix = !empty($domain) ? '@' . $domain : ''; + $altDomain = $this->config->getSystemValue('alt_mail_domain', ''); + $altDomainSuffix = !empty($altDomain) ? '@' . $altDomain : ''; + if (stristr($input, $domainSuffix) !== FALSE) { + $input = str_replace($domainSuffix, '', $input); + $legacyDomain = $this->config->getSystemValue('legacy_domain', ''); + $legacyDomainSuffix = !empty($legacyDomain) ? '@' . $legacyDomain : ''; + $mainDomain = $this->config->getSystemValue('main_domain', ''); + $mainDomainSuffix = !empty($mainDomain) ? '@' . $mainDomain : ''; + if (str_ends_with($input, $legacyDomainSuffix)) { + $input = str_replace($legacyDomainSuffix, '', $input); + } + if(stristr($input, $altDomainSuffix) !== FALSE) { + $input = str_replace($altDomainSuffix, '', $input); + if(str_ends_with($input, $mainDomainSuffix)) { + $input = str_replace($mainDomainSuffix, '', $input); + } + if(!$this->userManager->userExists($input) ) { + $input = $input . $domainSuffix; + $input = $input . $legacyDomainSuffix; + } $user = $this->findUserByIdOrMail($input); - $email = $user->getEMailAddress(); + $email = $this->config->getUserValue($user->getUID(), 'email-recovery', 'recovery-email'); $email = $user->getEMailAddress(); - + $email = $this->config->getUserValue($user->getUID(), 'email-recovery', 'recovery-email', ''); if (empty($email)) { throw new ResetPasswordException('Could not send reset e-mail since there is no email for username ' . $input); }
patches/009-help-links.patch +2 −2 Original line number Diff line number Diff line Loading @@ -26,7 +26,7 @@ help links are shown -} ?>" <?php if ($_['mode'] === 'user') { print_unescaped('aria-current="page"'); } ?> - href="<?php print_unescaped($_['urlUserDocs']); ?>"> + <a class="icon-user" + href="https://docs.nextcloud.com/server/<?php print_unescaped($_['ncVersion']); ?>/user_manual/en" target="_blank" rel="noreferrer noopener"> + href="https://docs.nextcloud.com/server/<?php print_unescaped($_['ncVersion']); ?>/user_manual/en/" target="_blank" rel="noreferrer noopener"> <span class="help-list__text"> - <?php p($l->t('User documentation')); ?> + <?php p('Nextcloud ' . $_['ncVersion'] . ' ' . $l->t('User documentation')); ?> ↗ Loading @@ -39,7 +39,7 @@ help links are shown - p('active'); -} ?>" <?php if ($_['mode'] === 'admin') { print_unescaped('aria-current="page"'); } ?> - href="<?php print_unescaped($_['urlAdminDocs']); ?>"> + <a href="https://support.e.foundation/how-tos#ecloud-eemail--account" class="icon-category-office" target="_blank" rel="noreferrer noopener"> + <a href="https://support.e.foundation/support-topics/e-cloud-e-email-account" class="icon-category-office" target="_blank" rel="noreferrer noopener"> <span class="help-list__text"> - <?php p($l->t('Administrator documentation')); ?> + <?php p('/e/' . ' ' . $l->t('Documentation')); ?> Loading
patches/025-optimize-get-by-email.patch +16 −16 Original line number Diff line number Diff line Loading @@ -2,43 +2,43 @@ From: Akhil <akhil@e.email> Date: Tue, 10 Mar 2023 10:00 +0530 Subject: [PATCH] To optimize getByEmail as we have boundary conditions that email is unique per-user and can only match one of the two domains --- ./lib/private/User/Manager.php 2023-03-10 10:01:44.729561986 +0530 +++ ./lib/private/User/Manager-new.php 2023-03-10 10:05:18.767230727 +0530 @@ -706,11 +706,33 @@ --- ./lib/private/User/Manager.php 2023-05-05 18:29:34.818568291 +0530 +++ ./lib/private/User/Manager-new.php 2023-05-05 18:33:49.872682118 +0530 @@ -693,12 +693,33 @@ */ public function getByEmail($email) { // looking for 'email' only (and not primary_mail) is intentional - $userIds = $this->config->getUsersForUserValueCaseInsensitive('settings', 'email', $email); + $mailDomain = $this->config->getSystemValue('mail_domain', ''); + $altMailDomain = $this->config->getSystemValue('alt_mail_domain', ''); + $legacyDomain = $this->config->getSystemValue('legacy_domain', ''); + $mainDomain = $this->config->getSystemValue('main_domain', ''); + $users = []; + + if(empty($mailDomain) && empty($altMailDomain)) { + $userIds = $this->config->getUsersForUserValueCaseInsensitive('settings', 'email', $email); - $users = array_map(function ($uid) { - return $this->get($uid); - }, $userIds); + if(empty($mailDomain) && empty($altMailDomain)) { + $userIds = $this->config->getUsersForUserValueCaseInsensitive('settings', 'email', $email); + $users = array_map(function ($uid) { + return $this->get($uid); + }, $userIds); + } else { + $uid = ''; + $mailDomainSuffix = empty($mailDomain) ? '' : '@' . $mailDomain; + $altMailDomainSuffix = empty($altMailDomain) ? '' : '@' . $altMailDomain; + $legacyDomainSuffix = empty($legacyDomain) ? '' : '@' . $legacyDomain; + $mainDomainSuffix = empty($mainDomain) ? '' : '@' . $mainDomain; + + if (!empty($mailDomainSuffix) && stristr($email, $mailDomainSuffix) !== FALSE) { + // In case of mail_domain, username is email + if (!empty($legacyDomainSuffix) && str_ends_with($email, $legacyDomainSuffix)) { + // In case of legacy_domain, username is email + $uid = $email; + } else if (!empty($altMailDomainSuffix) && stristr($email, $altMailDomainSuffix) !== FALSE) { + // In case of alt_mail_domain, username is email without domain suffix + $uid = str_replace($altMailDomainSuffix, '', $email); + } else if (!empty($mainDomainSuffix) && str_ends_with($email, $mainDomainSuffix)) { + // In case of main_domain, username is email without domain suffix + $uid = str_replace($mainDomainSuffix, '', $email); + } + // If no match of domain, no user + if(!empty($uid)) { + $users = [$this->get($uid)]; + } + } return array_values(array_filter($users, function ($u) { return ($u instanceof IUser); }));
patches/027-displayname-user-leak-dav.patch 0 → 100644 +18 −0 Original line number Diff line number Diff line From: akhil <akhil.potukuchi.ext@murena.com> Date: Tue, 09 May 2023 15:50:00 +0530 Subject: [PATCH] Don't return results when searching by display name This patch(along with the right settings in the admin section "sharing") ensures that DAV searches are done only on the full email address of the user and not on the display name property --- ./apps/dav/lib/Connector/Sabre/Principal.php 2023-05-09 15:49:02.397783639 +0530 +++ ./apps/dav/lib/Connector/Sabre/Principal-new.php 2023-05-09 15:49:56.555305986 +0530 @@ -358,7 +358,7 @@ if (!$allowEnumeration) { if ($allowEnumerationFullMatch) { $lowerSearch = strtolower($value); - $users = $this->userManager->searchDisplayName($value, $searchLimit); + $users = []; $users = \array_filter($users, static function (IUser $user) use ($lowerSearch, $ignoreSecondDisplayName) { $lowerDisplayName = strtolower($user->getDisplayName()); return $lowerDisplayName === $lowerSearch || ($ignoreSecondDisplayName && trim(preg_replace('/ \(.*\)$/', '', $lowerDisplayName)) === $lowerSearch);
