nextcloud · blizzz · Mar 19, 2024 · nickvergessen · Jun 24, 2024 · susnux
diff --git a/apps/provisioning_api/lib/Controller/AUserData.php b/apps/provisioning_api/lib/Controller/AUserData.php
@@ -149,6 +149,9 @@ protected function getUserData(string $userId, bool $includeScopes = false): ?ar
 			$additionalEmails = $additionalEmailScopes = [];
 			$emailCollection = $userAccount->getPropertyCollection(IAccountManager::COLLECTION_EMAIL);
 			foreach ($emailCollection->getProperties() as $property) {
+				if ($property->getLocallyVerified() !== IAccountManager::VERIFIED) {
+					continue;
+				}
 				$additionalEmails[] = $property->getValue();
 				if ($includeScopes) {
 					$additionalEmailScopes[] = $property->getScope();

diff --git a/apps/testing/appinfo/routes.php b/apps/testing/appinfo/routes.php
@@ -63,5 +63,10 @@
 				'type' => null
 			]
 		],
+		[
+			'name' => 'MailVerificationTest',
+			'url' => '/api/v1/mailverification',
+			'verb' => 'POST',
+		]
 	],
 ];
diff --git a/apps/testing/lib/Controller/MailVerificationTestController.php b/apps/testing/lib/Controller/MailVerificationTestController.php
@@ -0,0 +1,35 @@
+<?php
+
-
+declare(strict_types=1);
+
+/**
+ * SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+*/
-
+declare(strict_types=1);
+
+/**
+ * SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+*/
+namespace OCA\Testing\Controller;
+
+use InvalidArgumentException;
+use OCP\Accounts\IAccountManager;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
+use OCP\AppFramework\Http\DataResponse;
+use OCP\AppFramework\OCSController;
+use OCP\IRequest;
+use OCP\IUser;
+use OCP\IUserManager;
+
+class MailVerificationTestController extends OCSController {
+	public function __construct(
+		$appName,
-		$appName,
+		string $appName,
-		$appName,
+		string $appName,
+		IRequest $request,
+		protected IAccountManager $accountManager,
+		protected IUserManager $userManager,
+	) {
+		parent::__construct($appName, $request);
+	}
+
+	public function verify(string $userId, string $email): DataResponse {
+		$user = $this->userManager->get($userId);
+		$userAccount = $this->accountManager->getAccount($user);
-		$userAccount = $this->accountManager->getAccount($user);
+		if ($user === null) {
+			throw new InvalidArgumentException('User not available.');
+		}
+		$userAccount = $this->accountManager->getAccount($user);
-		$userAccount = $this->accountManager->getAccount($user);
+		if ($user === null) {
+			throw new InvalidArgumentException('User not available.');
+		}
+		$userAccount = $this->accountManager->getAccount($user);
+		$emailProperty = $userAccount->getPropertyCollection(IAccountManager::COLLECTION_EMAIL)
+			->getPropertyByValue($email);
+		if ($emailProperty === null) {
+			throw new InvalidArgumentException('Email not available in account.');
+		}
+		$emailProperty->setLocallyVerified(IAccountManager::VERIFIED);
+		return new DataResponse();
+	}
+}
diff --git a/build/integration/features/bootstrap/Provisioning.php b/build/integration/features/bootstrap/Provisioning.php
@@ -980,4 +980,28 @@ public function userHasNotSetting($user, \Behat\Gherkin\Node\TableNode $settings
 			}
 		}
 	}
+
+	/**
+	 * @Then user :user verifies email :email
+	 */
+	public function userVerifiesEmail(string $userId, string $email): void {
+		$fullUrl = $this->baseUrl . "v{$this->apiVersion}.php/apps/testing/api/v1/mailverification";
+		$client = new Client();
+		$options = [];
+		if ($this->currentUser === 'admin') {
+			$options['auth'] = $this->adminUser;
+		}
+
+		$options['form_params'] = [
+			'userid' => $userId,
+			'email' => $email,
+		];
+
+		$options['headers'] = [
+			'OCS-APIREQUEST' => 'true',
+		];
+
+		$this->response = $client->post($fullUrl, $options);
+	}
 }
+
diff --git a/build/integration/features/provisioning-v1.feature b/build/integration/features/provisioning-v1.feature
@@ -129,11 +129,13 @@ Feature: provisioning
       | value | [email protected] |
     And the OCS status code should be "100"
     And the HTTP status code should be "200"
+    And user "brand-new-user" verifies email "[email protected]"
     And sending "PUT" to "/cloud/users/brand-new-user" with
       | key | additional_mail |
       | value | [email protected] |
     And the OCS status code should be "100"
     And the HTTP status code should be "200"
+    And user "brand-new-user" verifies email "[email protected]"
 		And sending "PUT" to "/cloud/users/brand-new-user" with
 			| key | phone |
 			| value | +49 711 / 25 24 28-90 |
@@ -302,11 +304,13 @@ Feature: provisioning
       | value | [email protected] |
     And the OCS status code should be "100"
     And the HTTP status code should be "200"
+    And user "brand-new-user" verifies email "[email protected]"
     And sending "PUT" to "/cloud/users/brand-new-user" with
       | key | additional_mail |
       | value | [email protected] |
     And the OCS status code should be "100"
     And the HTTP status code should be "200"
+    And user "brand-new-user" verifies email "[email protected]"
     When sending "PUT" to "/cloud/users/brand-new-user/additional_mail" with
       | key | [email protected] |
       | value | |