Skip to content

No user enumeration on DAV if disabled #12814

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
rullzer merged 1 commit into from
Dec 5, 2018
Merged

No user enumeration on DAV if disabled #12814

rullzer merged 1 commit into from
Dec 5, 2018

Conversation

@rullzer
Copy link
Member

@rullzer rullzer commented Dec 4, 2018
edited by MorrisJobke
Loading

If you disable the Allow username autocompletion in share dialog. If this is disabled the full username or email address needs to be entered. (share options)

Then we should also not allow enumeration on this endpoint.

Fixes #9058

Depends on:

@rullzer rullzer added the 3. to review Waiting for reviews label Dec 4, 2018
@rullzer rullzer added this to the Nextcloud 16 milestone Dec 4, 2018
@MorrisJobke
Copy link
Member

MorrisJobke commented Dec 4, 2018

[x] #12813

Was merged.

@rullzer
No DAV user enumeration if disabled
58ca6b1 
Fixes #9058

If the option to autocomplete users is disabled. We also should not
enumerate the users on this endpoint.

Signed-off-by: Roeland Jago Douma <[email protected]>
@rullzer rullzer force-pushed the fix/9058/no_user_enumartion_if_disabled branch from 1538b07 to 58ca6b1 Compare December 4, 2018 14:33
ChristophWurst
ChristophWurst approved these changes Dec 4, 2018
View reviewed changes
Copy link
Member

@ChristophWurst ChristophWurst left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code looks good, change makes sense!

@MorrisJobke MorrisJobke mentioned this pull request Dec 5, 2018
Merged
12 tasks
@rullzer rullzer merged commit 8ddc0de into master Dec 5, 2018
@rullzer rullzer deleted the fix/9058/no_user_enumartion_if_disabled branch December 5, 2018 19:58
@rullzer
Copy link
Member Author

rullzer commented Dec 5, 2018

/backport to stable15

@backportbot-nextcloud backportbot-nextcloud bot mentioned this pull request Dec 5, 2018
Merged
@backportbot-nextcloud
Copy link

backportbot-nextcloud bot commented Dec 5, 2018

backport to stable15 in #12856

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nickvergessen nickvergessen nickvergessen approved these changes

@ChristophWurst ChristophWurst ChristophWurst approved these changes

@MorrisJobke MorrisJobke Awaiting requested review from MorrisJobke

@georgehrke georgehrke Awaiting requested review from georgehrke

Assignees

No one assigned

Labels

3. to review Waiting for reviews

Projects

None yet

Milestone

Nextcloud 16

Development

Successfully merging this pull request may close these issues.

5 participants

@rullzer @MorrisJobke @nickvergessen @ChristophWurst