fix(ProvisioningApi): only return verified additional mails per user#44341
Draft
fix(ProvisioningApi): only return verified additional mails per user#44341
Conversation
Pytal
approved these changes
Mar 20, 2024
Merged
nickvergessen
approved these changes
Mar 22, 2024
Merged
Member
Author
|
Integration tests fail, for no email verification was done there. That might be tricky. There is no way to modify it from outside, without exposing anything, so not the way to go. Maybe utilizing FakeSMTPHelper in the integration tests could help, did not have time for a closer look there yet (free time activity…). |
Member
Can add any code directly to the |
It would not per se be bad to return all of them, however the meta data about the verified state is missing. Since the information may go out to connected clients, those may have wrong trust the returned email addresses. Email verification still works with this change. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
266a79a to
35a0ee2
Compare
|
|
||
| class MailVerificationTestController extends OCSController { | ||
| public function __construct( | ||
| $appName, |
Check notice
Code scanning / Psalm
MissingParamType
Contributor
There was a problem hiding this comment.
Suggested change
| $appName, | |
| string $appName, |
|
|
||
| public function verify(string $userId, string $email): DataResponse { | ||
| $user = $this->userManager->get($userId); | ||
| $userAccount = $this->accountManager->getAccount($user); |
Check notice
Code scanning / Psalm
PossiblyNullArgument
Contributor
There was a problem hiding this comment.
Suggested change
| $userAccount = $this->accountManager->getAccount($user); | |
| if ($user === null) { | |
| throw new InvalidArgumentException('User not available.'); | |
| } | |
| $userAccount = $this->accountManager->getAccount($user); |
| @@ -0,0 +1,35 @@ | |||
| <?php | |||
Merged
susnux
reviewed
Sep 6, 2024
|
|
||
| class MailVerificationTestController extends OCSController { | ||
| public function __construct( | ||
| $appName, |
Contributor
There was a problem hiding this comment.
Suggested change
| $appName, | |
| string $appName, |
|
|
||
| public function verify(string $userId, string $email): DataResponse { | ||
| $user = $this->userManager->get($userId); | ||
| $userAccount = $this->accountManager->getAccount($user); |
Contributor
There was a problem hiding this comment.
Suggested change
| $userAccount = $this->accountManager->getAccount($user); | |
| if ($user === null) { | |
| throw new InvalidArgumentException('User not available.'); | |
| } | |
| $userAccount = $this->accountManager->getAccount($user); |
| @@ -0,0 +1,35 @@ | |||
| <?php | |||
|
|
|||
Contributor
There was a problem hiding this comment.
Suggested change
| declare(strict_types=1); | |
| /** | |
| * SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors | |
| * SPDX-License-Identifier: AGPL-3.0-or-later | |
| */ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
…it would not per se be bad to return all of them, however the meta data about the verified state is missing. Since the information may go out to connected clients, those may have wrong trust the returned email addresses.
Email verification still works with this change.
Checklist