don't blame randome people for background email updates #10687
Conversation
the information is being collected with admin_audit Signed-off-by: Arthur Schiwon <[email protected]>
and remove some deprecated code Signed-off-by: Arthur Schiwon <[email protected]>
blizzz
requested review from
rullzer,
nickvergessen,
ChristophWurst and
juliusknorr
Signed-off-by: Arthur Schiwon <[email protected]>
| try { | ||
| $uuid = $this->access->getUserMapper()->getUUIDByDN($dn); | ||
| if (!$uuid) { | ||
| return false; | ||
| } | ||
| $newDn = $this->access->getUserDnByUuid($uuid); | ||
| //check if renamed user is still valid by reapplying the ldap filter | ||
| if (!is_array($this->access->readAttribute($newDn, '', $this->access->connection->ldapUserFilter))) { | ||
| if ($newDn === $dn || !is_array($this->access->readAttribute($newDn, '', $this->access->connection->ldapUserFilter))) { |
There was a problem hiding this comment.
and avoiding an uneccesary request to LDAP
| @@ -173,15 +174,11 @@ public function onChangeEmail(IUser $user, $oldMailAddress) { | |||
| $this->config->getSystemValue('default_language', 'en') | |||
| ) | |||
| ); | |||
|
|
|||
| $text = $this->l->t('%1$s changed your email address on %2$s.', [$actor->getDisplayName(), $instanceUrl]); | |||
There was a problem hiding this comment.
My guess is this case was there to notify you if an admin changed your e-mail... right?
There was a problem hiding this comment.
Actually, that's further below. Though i don't know what that works at it checks the user who is logged in. But it works.
There was a problem hiding this comment.
The one below is for the CLI change. That one here is for all web based accesses.
There was a problem hiding this comment.
This was for admin cases where its done via the UI. So you know whome to contact if someone changes your details.
The admin strings below are for not logged in users, aka CLI commands.
|
@blizzz Please prepare the back ports. |
Commit 1)
We have the feature that when, for example, the email address was changed, a notification is sent to the affected user (https://github.com/nextcloud/server/blob/master/settings/Hooks.php#L168-L179).
Now it is possible that a user record is refreshed from its original source while the user was looked up by other means. Specifically happens on two scenarios in LDAP, and at least one, when ajax as backgroud job mode is used, is not going to change (soon). When this happens, the affected user is notified by "your acquaintance updated your email address", which she didn't herself.
admin_audit now logs email address changes, so this can always be looked up by the admin.
Is there any issue with changing this behaviour? It was reported by a customer and should be backported.
Commit 2)
Latest in 14, we do not need to force a refresh on LDAP user with userExists check, since auth is repeated regularly in the background with the csrf update. IIRC. The Exception check is not necessary anymore as it happens higher in the stack already.