nextcloud · nickvergessen · May 1, 2025 · May 2, 2025 · May 2, 2025 · come-nc
diff --git a/.gitignore b/.gitignore
@@ -11,3 +11,4 @@ js
 .vscode
 .php_cs.cache
 .php-cs-fixer.cache
+.phpunit.result.cache
@@ -14,7 +14,7 @@
 Guests accounts can be created from the share menu by entering either the recipients email or name and choosing "create guest account", once the share is created the guest user will receive an email notification about the mail with a link to set their password.
 
 Guests users can only access files shared to them and cannot create any files outside of shares, additionally, the apps accessible to guest accounts are whitelisted.]]></description>
-	<version>4.2.0</version>
+	<version>4.2.1</version>
 	<licence>agpl</licence>
 	<author>Nextcloud</author>
 	<types>

diff --git a/lib/Command/AddCommand.php b/lib/Command/AddCommand.php
@@ -8,6 +8,7 @@
 
 namespace OCA\Guests\Command;
 
+use OCA\Guests\Config;
 use OCA\Guests\GuestManager;
 use OCP\IUser;
 use OCP\IUserManager;
@@ -21,18 +22,13 @@
 use Symfony\Component\Console\Question\Question;
 
 class AddCommand extends Command {
-	/** @var IUserManager */
-	private $userManager;
-	/** @var GuestManager */
-	private $guestManager;
-	/** @var IMailer */
-	private $mailer;
-
-	public function __construct(IUserManager $userManager, IMailer $mailer, GuestManager $guestManager) {
+	public function __construct(
+		private IUserManager $userManager,
+		private IMailer $mailer,
+		private GuestManager $guestManager,
+		private Config $config,
+	) {
 		parent::__construct();
-		$this->userManager = $userManager;
-		$this->guestManager = $guestManager;
-		$this->mailer = $mailer;
 	}
 
 	protected function configure() {
@@ -85,14 +81,20 @@ protected function execute(InputInterface $input, OutputInterface $output) {
 			return 1;
 		}
 
+		$email = $input->getArgument('email');
+		if ($this->config->useHashedEmailAsUserID()) {
+			$email = strtolower($email);
+			$uid = hash('sha256', $email);
+		} else {
+			$uid = $email;
+		}
+
 		// same behavior like in the UsersController
-		$uid = $input->getArgument('email');
 		if ($this->userManager->userExists($uid)) {
 			$output->writeln('<error>The user "' . $uid . '" already exists.</error>');
 			return 1;
 		}
 
-		$email = $input->getArgument('email');
 		if (!$this->mailer->validateMailAddress($email)) {
 			$output->writeln('<error>Invalid email address "' . $email . '".</error>');
 			return 1;

diff --git a/lib/Command/ListCommand.php b/lib/Command/ListCommand.php
@@ -46,7 +46,7 @@ protected function execute(InputInterface $input, OutputInterface $output): int
 			$this->writeArrayInOutputFormat($input, $output, $guests);
 		} else {
 			$table = new Table($output);
-			$table->setHeaders(['Email', 'Name', 'Invited By']);
+			$table->setHeaders(['Email', 'UserID', 'Name', 'Invited By']);
 			$table->setRows($guests);
 			$table->render();
 		}

diff --git a/lib/Config.php b/lib/Config.php
@@ -35,6 +35,14 @@ public function setAllowExternalStorage($allow) {
 		$this->appConfig->setAppValueBool('allow_external_storage', $allow === true || $allow === 'true') ;
 	}
 
+	public function useHashedEmailAsUserID(): bool {
+		return $this->appConfig->getAppValueBool('hash_user_ids', true);
+	}
+
+	public function setUseHashedEmailAsUserID(bool $useHash): void {
+		$this->appConfig->setAppValueBool('hash_user_ids', $useHash) ;
+	}
+
 	public function hideOtherUsers(): bool {
 		return $this->appConfig->getAppValueBool('hide_users', true);
 	}
@@ -94,7 +102,7 @@ public function canCreateGuests(): bool {
 			|| $this->subAdmin->isSubAdmin($user)) {
 			return true;
 		}
-		
+
 		// Check if we have a group restriction
 		// and if the user belong to that group
 		$groupRestriction = $this->getCreateRestrictedToGroup();

diff --git a/lib/Controller/SettingsController.php b/lib/Controller/SettingsController.php
@@ -45,6 +45,7 @@ public function getConfig(): DataResponse {
 			'useWhitelist' => $useWhitelist,
 			'whitelist' => $whitelist,
 			'allowExternalStorage' => $allowExternalStorage,
+			'useHashedEmailAsUserID' => $this->config->useHashedEmailAsUserID(),
 			'hideUsers' => $hideUsers,
 			'whiteListableApps' => $this->appWhitelist->getWhitelistAbleApps(),
 			'sharingRestrictedToGroup' => $this->config->isSharingRestrictedToGroup(),
@@ -59,14 +60,15 @@ public function getConfig(): DataResponse {
 	 * @param $hideUsers bool
 	 * @return DataResponse
 	 */
-	public function setConfig(bool $useWhitelist, array $whitelist, bool $allowExternalStorage, bool $hideUsers, array $createRestrictedToGroup): DataResponse {
+	public function setConfig(bool $useWhitelist, array $whitelist, bool $allowExternalStorage, bool $useHashedEmailAsUserID, bool $hideUsers, array $createRestrictedToGroup): DataResponse {
 		$newWhitelist = [];
 		foreach ($whitelist as $app) {
 			$newWhitelist[] = trim($app);
 		}
 		$this->config->setUseWhitelist($useWhitelist);
 		$this->config->setAppWhitelist($newWhitelist);
 		$this->config->setAllowExternalStorage($allowExternalStorage);
+		$this->config->setUseHashedEmailAsUserID($useHashedEmailAsUserID);
 		$this->config->setHideOtherUsers($hideUsers);
 		$this->config->setCreateRestrictedToGroup($createRestrictedToGroup);
 		return new DataResponse();

diff --git a/lib/Controller/UsersController.php b/lib/Controller/UsersController.php
@@ -114,7 +114,12 @@ public function create(string $email, string $displayName, string $language, arr
 			);
 		}
 
-		$username = $email;
+		if ($this->config->useHashedEmailAsUserID()) {
+			$email = strtolower($email);
+			$username = hash('sha256', $email);
+		} else {
+			$username = $email;
+		}
 
 		$existingUsers = $this->userManager->getByEmail($email);
 		if (count($existingUsers) > 0) {

diff --git a/lib/GuestManager.php b/lib/GuestManager.php
@@ -67,6 +67,7 @@ public function createGuest(?IUser $createdBy, string $userId, string $email, st
 			$this->userBackend
 		);
 
+		$this->userBackend->setInitialEmail($userId, $email);
 		$user->setSystemEMailAddress($email);
 		if ($createdBy) {
 			$this->config->setUserValue($userId, 'guests', 'created_by', $createdBy->getUID());
@@ -111,11 +112,11 @@ public function listGuests(): array {
 	}
 
 	public function getGuestsInfo(): array {
-		$displayNames = $this->userBackend->getDisplayNames();
-		$guests = array_keys($displayNames);
+		$guestsInfo = $this->userBackend->getAllGuestAccounts();
+		$guests = array_keys($guestsInfo);
 		$shareCounts = $this->getShareCountForUsers($guests);
 		$createdBy = $this->config->getUserValueForUsers('guests', 'created_by', $guests);
-		return array_map(function ($uid) use ($createdBy, $displayNames, $shareCounts) {
+		return array_map(function ($uid) use ($createdBy, $guestsInfo, $shareCounts) {
 			$allSharesCount = count(array_merge(
 				$this->shareManager->getSharedWith($uid, IShare::TYPE_USER, null, -1, 0),
 				$this->shareManager->getSharedWith($uid, IShare::TYPE_GROUP, null, -1, 0),
@@ -124,8 +125,9 @@ public function getGuestsInfo(): array {
 				$this->shareManager->getSharedWith($uid, IShare::TYPE_ROOM, null, -1, 0),
 			));
 			return [
-				'email' => $uid,
-				'display_name' => $displayNames[$uid] ?? $uid,
+				'email' => $guestsInfo[$uid]['email'] ?? $uid,
+				'uid' => $uid,
+				'display_name' => $guestsInfo[$uid]['displayname'] ?? $uid,
 				'created_by' => $createdBy[$uid] ?? '',
 				'share_count' => isset($shareCounts[$uid]) ? $shareCounts[$uid] : 0,
 				'share_count_with_circles' => $allSharesCount,

diff --git a/lib/Migration/Version4002Date20250501195008.php b/lib/Migration/Version4002Date20250501195008.php
@@ -0,0 +1,61 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+namespace OCA\Guests\Migration;
+
+use Closure;
+use OCP\DB\ISchemaWrapper;
+use OCP\IDBConnection;
+use OCP\Migration\IOutput;
+use OCP\Migration\SimpleMigrationStep;
+
+/**
+ * Add a column for the email so we know the originally invited email as well
+ */
+class Version4002Date20250501195008 extends SimpleMigrationStep {
+	public function __construct(
+		protected IDBConnection $db,
+	) {
+	}
+
+	/**
+	 * @param IOutput $output
+	 * @param Closure(): ISchemaWrapper $schemaClosure
+	 * @param array $options
+	 * @return null|ISchemaWrapper
+	 */
+	public function changeSchema(IOutput $output, Closure $schemaClosure, array $options): ?ISchemaWrapper {
+		/** @var ISchemaWrapper $schema */
+		$schema = $schemaClosure();
+
+		$table = $schema->getTable('guests_users');
+		if ($table->hasColumn('email')) {
+			return null;
+		}
+
+		$table->addColumn('email', 'string', [
+			'notnull' => false,
+			'length' => 64,
+			'default' => '',
+		]);
+		return $schema;
+	}
+
+	/**
+	 * @param IOutput $output
+	 * @param Closure(): ISchemaWrapper $schemaClosure
+	 * @param array $options
+	 */
+	public function postSchemaChange(IOutput $output, Closure $schemaClosure, array $options): void {
+		$query = $this->db->getQueryBuilder();
+		$query->update('guests_users')
+			->set('email', 'uid_lower');
+		$query->executeStatement();
+	}
+}
diff --git a/lib/UserBackend.php b/lib/UserBackend.php
@@ -109,6 +109,14 @@ public function deleteUser($uid): bool {
 		return $result ? true : false;
 	}
 
+	public function setInitialEmail(string $uid, string $email): bool {
+		$query = $this->dbConn->getQueryBuilder();
+		$query->update('guests_users')
+			->set('email', $query->createNamedParameter($email))
+			->where($query->expr()->eq('uid_lower', $query->createNamedParameter(mb_strtolower($uid))));
+		return (bool)$query->executeStatement();
+	}
+
 	/**
 	 * Set password
 	 *
@@ -248,6 +256,35 @@ public function getDisplayNames($search = '', $limit = null, $offset = null): ar
 		}
 	}
 
+	/**
+	 * Get a list of all users with their email and display name
+	 *
+	 * @return array<string, array{email: string, displayname: string}>
+	 */
+	public function getAllGuestAccounts(?int $limit = null, ?int $offset = null): array {
+		if (!$this->allowListing) {
+			return [];
+		}
+
+		$query = $this->dbConn->getQueryBuilder();
+		$query->select('uid', 'email', 'displayname')
+			->from('guests_users')
+			->orderBy('uid_lower', 'ASC')
+			->setMaxResults($limit)
+			->setFirstResult($offset);
+
+		$result = $query->execute();
+		$users = [];
+		while ($row = $result->fetch()) {
+			$users[(string)$row['uid']] = [
+				'email' => (string)$row['email'],
+				'displayname' => (string)$row['displayname'],
+			];
+		}
+
+		return $users;
+	}
+
 	/**
 	 * Check if the password is correct
 	 *
@@ -257,7 +294,7 @@ public function getDisplayNames($search = '', $limit = null, $offset = null): ar
 	 * returns the user id or false
 	 */
 	public function checkPassword(string $loginName, string $password) {
-		if (strpos($loginName, '@') === false) {
+		if (!$this->potentialGuestUserId($loginName)) {
 			return false;
 		}
 
@@ -294,9 +331,13 @@ public function checkPassword(string $loginName, string $password) {
 	 * @return bool true if user was found, false otherwise
 	 */
 	private function loadUser($uid): bool {
+		if (isset($this->cache[$uid]) && $this->cache[$uid] === false) {
+			return false;
+		}
+
 		// guests $uid could be NULL or ''
 		// or is not an email anyway
-		if (strpos($uid, '@') === false) {
+		if (!$this->potentialGuestUserId($uid)) {
 			$this->cache[$uid] = false;
 			return false;
 		}
@@ -416,7 +457,7 @@ public function getBackendName(): string {
 	}
 
 	public function getRealUID(string $uid): string {
-		if (strpos($uid, '@') === false) {
+		if (!$this->potentialGuestUserId($uid)) {
 			throw new \RuntimeException($uid . ' does not exist');
 		}
 
@@ -430,4 +471,16 @@ public function getRealUID(string $uid): string {
 
 		return $this->cache[$uid]['uid'];
 	}
+
+	/**
+	 * Guest app user ids are:
+	 * - either email addresses so they need to contain an @
+	 * - lowercase sha256 hashes of email addresses, 64 characters of a-f and 0-9
+	 *
+	 * @param string $userId
+	 * @return bool
+	 */
+	protected function potentialGuestUserId(string $userId): bool {
+		return str_contains($userId, '@') || preg_match('/^[a-f0-9]{64}$/', $userId);
+	}
 }
diff --git a/src/components/GuestList.vue b/src/components/GuestList.vue
@@ -11,6 +11,9 @@
 						<th :class="getSortClass('email')" @click="setSort('email')">
 							{{ t('guests', 'Email') }}
 						</th>
+						<th :class="getSortClass('uid')" @click="setSort('uid')">
+							{{ t('guests', 'User ID') }}
+						</th>
 						<th :class="getSortClass('display_name')" @click="setSort('display_name')">
 							{{ t('guests', 'Name') }}
 						</th>
@@ -31,6 +34,10 @@
 								:title="guest.email">
 								{{ guest.email }}
 							</td>
+							<td class="uid"
+								:title="guest.uid">
+								{{ guest.uid }}
+							</td>
 							<td class="display_name"
 								:title="guest.display_name">
 								{{ guest.display_name }}
@@ -46,7 +53,7 @@
 						<tr v-if="guest.email === details_for"
 							:key="guest.email + '-details'"
 							class="details">
-							<td colspan="4">
+							<td colspan="5">
 								<GuestDetails :guest-id="guest.email" />
 							</td>
 						</tr>

diff --git a/src/views/GuestSettings.vue b/src/views/GuestSettings.vue
@@ -29,6 +29,12 @@
 					{{ t('guests', 'Guest accounts can access mounted external storages') }}
 				</NcCheckboxRadioSwitch>
 
+				<NcCheckboxRadioSwitch :checked.sync="config.useHashedEmailAsUserID"
+					type="switch"
+					@update:checked="saveConfig">
+					{{ t('guests', 'Use a hash of the email as user ID for improved privacy') }}
+				</NcCheckboxRadioSwitch>
+
 				<NcCheckboxRadioSwitch :checked.sync="config.hideUsers"
 					type="switch"
 					@update:checked="saveConfig">
@@ -94,7 +100,7 @@
 import NcNoteCard from '@nextcloud/vue/components/NcNoteCard'
 import NcSelect from '@nextcloud/vue/components/NcSelect'
 import NcSettingsSection from '@nextcloud/vue/components/NcSettingsSection'
 import NcSettingsSelectGroup from '@nextcloud/vue/components/NcSettingsSelectGroup'

 import GuestList from '../components/GuestList.vue'
 import { showError } from '@nextcloud/dialogs'
@@ -121,6 +127,7 @@
 			config: {
 				useWhitelist: false,
 				allowExternalStorage: false,
+				useHashedEmailAsUserID: true,
 				hideUsers: false,
 				whitelist: [],
 				whiteListableApps: [],