Add option to disable user autocomplementation #152
Comments
4 tasks
immerda
pushed a commit
to immerda/circles
that referenced
this issue
May 6, 2019
If user enumeration is disabled in nextcloud core, then circle can be used to circumvent this measure. For example the adduser button in the user facing circle UI allows enumeration of all registered users. This patch honors the choice made in 'shareapi_allow_share_dialog_user_enumeration' for deciding if auto completion should present partial results. This is in line with other apps, such as webdav, which reuse this configuration choice to disable user enumeration. In case this preference is set, all partial results are removed from the results. Fixes nextcloud#152
backportbot-nextcloud bot
pushed a commit
that referenced
this issue
Jun 24, 2019
If user enumeration is disabled in nextcloud core, then circle can be used to circumvent this measure. For example the adduser button in the user facing circle UI allows enumeration of all registered users. This patch honors the choice made in 'shareapi_allow_share_dialog_user_enumeration' for deciding if auto completion should present partial results. This is in line with other apps, such as webdav, which reuse this configuration choice to disable user enumeration. In case this preference is set, all partial results are removed from the results. Fixes #152
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The Circles App does not honour the "Allow username autocomplementation in share dialog ..." setting!
If Circles is enabled and you add a new circle and click on "add a member" it will propose usernames to you. That could leak user information of other users.
It would be great to add an option to disable this autocomplementation feature, like the opt-out autocomplementation option for the sharing dialog
The text was updated successfully, but these errors were encountered: