-
-
Notifications
You must be signed in to change notification settings - Fork 4.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
don't blame randome people for background email updates #10687
Conversation
the information is being collected with admin_audit Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
and remove some deprecated code Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
try { | ||
$uuid = $this->access->getUserMapper()->getUUIDByDN($dn); | ||
if (!$uuid) { | ||
return false; | ||
} | ||
$newDn = $this->access->getUserDnByUuid($uuid); | ||
//check if renamed user is still valid by reapplying the ldap filter | ||
if (!is_array($this->access->readAttribute($newDn, '', $this->access->connection->ldapUserFilter))) { | ||
if ($newDn === $dn || !is_array($this->access->readAttribute($newDn, '', $this->access->connection->ldapUserFilter))) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is just hardening right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
and avoiding an uneccesary request to LDAP
@@ -173,15 +174,11 @@ public function onChangeEmail(IUser $user, $oldMailAddress) { | |||
$this->config->getSystemValue('default_language', 'en') | |||
) | |||
); | |||
|
|||
$text = $this->l->t('%1$s changed your email address on %2$s.', [$actor->getDisplayName(), $instanceUrl]); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My guess is this case was there to notify you if an admin changed your e-mail... right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actually, that's further below. Though i don't know what that works at it checks the user who is logged in. But it works.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The one below is for the CLI change. That one here is for all web based accesses.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This was for admin cases where its done via the UI. So you know whome to contact if someone changes your details.
The admin strings below are for not logged in users, aka CLI commands.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tested and works 👍
@blizzz Please prepare the back ports. |
Commit 1)
We have the feature that when, for example, the email address was changed, a notification is sent to the affected user (https://github.com/nextcloud/server/blob/master/settings/Hooks.php#L168-L179).
Now it is possible that a user record is refreshed from its original source while the user was looked up by other means. Specifically happens on two scenarios in LDAP, and at least one, when ajax as backgroud job mode is used, is not going to change (soon). When this happens, the affected user is notified by "your acquaintance updated your email address", which she didn't herself.
admin_audit now logs email address changes, so this can always be looked up by the admin.
Is there any issue with changing this behaviour? It was reported by a customer and should be backported.
Commit 2)
Latest in 14, we do not need to force a refresh on LDAP user with userExists check, since auth is repeated regularly in the background with the csrf update. IIRC. The Exception check is not necessary anymore as it happens higher in the stack already.