Server: Tweak the default scopes for Accounts

Created on 20 Sep 2017 · 13Comments · Source: nextcloud/server

Currently the following default scopes for new accounts are defined inside AccountManager. We should let the server admin define them through the administration panel or config.php.
This is especially important on instances where users don't know each other.

self::PROPERTY_DISPLAYNAME =>
    [
        'value' => $user->getDisplayName(),
        'scope' => self::VISIBILITY_CONTACTS_ONLY,
        'verified' => self::NOT_VERIFIED,
    ],
self::PROPERTY_ADDRESS =>
    [
        'value' => '',
        'scope' => self::VISIBILITY_PRIVATE,
        'verified' => self::NOT_VERIFIED,
    ],
self::PROPERTY_WEBSITE =>
    [
        'value' => '',
        'scope' => self::VISIBILITY_PRIVATE,
        'verified' => self::NOT_VERIFIED,
    ],
self::PROPERTY_EMAIL =>
    [
        'value' => $user->getEMailAddress(),
        'scope' => self::VISIBILITY_CONTACTS_ONLY,
        'verified' => self::NOT_VERIFIED,
    ],
self::PROPERTY_AVATAR =>
    [
        'scope' => self::VISIBILITY_CONTACTS_ONLY
    ],
self::PROPERTY_PHONE =>
    [
        'value' => '',
        'scope' => self::VISIBILITY_PRIVATE,
        'verified' => self::NOT_VERIFIED,
    ],
self::PROPERTY_TWITTER =>
    [
        'value' => '',
        'scope' => self::VISIBILITY_PRIVATE,
        'verified' => self::NOT_VERIFIED,
    ],

1. to develop enhancement federation settings users and groups

Source

tcitworld

👍6

Most helpful comment

If someone want's to pick this up:

https://github.com/nextcloud/server/blob/35c2a9fe0a626bbc73e4cb3b6454c71507fb94be/lib/private/Accounts/AccountManager.php#L302

This method is called if no configuration for a user account is found. For reading a system configuration value at this place the constructor must be changed and IConfig injected as dependency and stored as class member. Next step is to read a value from config.php with getSystemValue and merge it with the default values. Probably not bad do check if the provided values are valid (e.g. it's a array with value, scope and verified). Please don't forget to update the tests. To change the existing configuration probably some command would be necessary.

Happy hacking :sunglasses:

kesselb on 8 Feb 2020

👍3

All 13 comments

Probably a duplicate of #6578.

tcitworld on 20 Sep 2017

cc @nextcloud/sharing

MorrisJobke on 29 Sep 2017

@nextcloud/designers

MorrisJobke on 29 Sep 2017

That was chosen by purpose because this was the default even before we introduced the setting. So we kept it as default in order not to break known behavior.

schiessle on 4 Apr 2018

What are you exactly suggesting we tweak from the current state? Which default visibility should be changed to what?

jancborchardt on 7 Apr 2018

I didn't ask to change the default ones, I asked for the possibility for the admin to change them. In my case, email would also be VISIBILITY_PRIVATE.

tcitworld on 8 Apr 2018

Ok, seems to make sense security-wise. We could have it as a setting in the config file, but not necessary in the interface.

@schiessle?

jancborchardt on 8 Apr 2018

👍1

Any update on this issue? Seems pretty important to me as this yet unchangeable default probably renders a lot of installations non-compliant in terms of data protection regulations.

Think of a nextcloud instance that allows users to create profiles / login via social accounts. The admin cannot prevent the e-mail address of new users from being automatically exposed to existing users. As most users won't be aware of this default setting and keep it, this means that the e-mail adresses of most existing users are immidiately exposed / available to a new user. He/she doesn't even have to belong to a group. That's most certainly even worse than how social networks deal with social data.

Not meant as a rant but a friendly request to review the priority of this issue.

Doesn't need the social login example to become relevant but it makes it even more obvious.

codeshell on 25 Sep 2018

👍1

Up ?

simon511000 on 15 Mar 2019

I arrived at this issue now as well and I don't understand how this has not been fixed yet. I'm using LDAP for authentication which means that Nextcloud shows the email addresses of all users, even if they haven't logged into Nextcloud yet (so they didn't even have the chance to disable email sharing). I will probably change this in code even though it might get overridden by an update because this seems super important to me.

stefandesu on 8 Feb 2020

👍2

If someone want's to pick this up:

https://github.com/nextcloud/server/blob/35c2a9fe0a626bbc73e4cb3b6454c71507fb94be/lib/private/Accounts/AccountManager.php#L302

Happy hacking :sunglasses:

kesselb on 8 Feb 2020

👍3

The huge number of comments/requests about mail visibility shows that seems to be a most-wished feature

fetfets on 24 Apr 2020

Please use the Github Reactions feature instead of commenting that also need a specific feature. That way we can see your support without notifying all users subscribed to a given issue.