feat: restrict calendar invitation participants

Signed-off-by: SebastianKrupinski <[email protected]>

Author: SebastianKrupinski

apps/dav/lib/CalDAV/Schedule/IMipPlugin.php

@@ -124,6 +124,18 @@ public function schedule(Message $iTipMessage) {
 			$iTipMessage->scheduleStatus = '5.0; EMail delivery failed';
 			return;
 		}
+
+		// Check if external attendees are disabled
+		$externalAttendeesDisabled = $this->config->getValueBool('dav', 'caldav_external_attendees_disabled', false);
+		if ($externalAttendeesDisabled && !$this->imipService->isSystemUser($recipient)) {
+			$this->logger->debug('Invitation not sent to external attendee (external attendees disabled)', [
+				'uid' => $iTipMessage->uid,
+				'attendee' => $recipient,
+			]);
+			$iTipMessage->scheduleStatus = '5.0; External attendees are disabled';
+			return;
+		}
+
 		$recipientName = $iTipMessage->recipientName ? (string)$iTipMessage->recipientName : null;
 
 		$newEvents = $iTipMessage->message;

apps/dav/lib/CalDAV/Schedule/IMipService.php

@@ -873,6 +873,16 @@ public function getLastOccurrence(VCalendar $vObject) {
 		return $dtStart->getDateTime()->getTimeStamp();
 	}
 
+	/**
+	 * Check if an email address belongs to a system user
+	 *
+	 * @param string $email
+	 * @return bool True if the email belongs to a system user, false otherwise
+	 */
+	public function isSystemUser(string $email): bool {
+		return !empty($this->userManager->getByEmail($email));
+	}
+
 	/**
 	 * @param Property $attendee
 	 */

apps/dav/tests/unit/CalDAV/Schedule/IMipPluginCharsetTest.php

@@ -175,9 +175,12 @@ public function testCharsetMailer(): void {
 
 	public function testCharsetMailProvider(): void {
 		// Arrange
-		$this->appConfig->method('getValueBool')
-			->with('core', 'mail_providers_enabled', true)
-			->willReturn(true);
+		$this->appConfig->expects(self::exactly(2))
+			->method('getValueBool')
+			->willReturnMap([
+				['dav', 'caldav_external_attendees_disabled', false, false],
+				['core', 'mail_providers_enabled', true, true],
+			]);
 		$mailMessage = new MailProviderMessage();
 		$mailService = $this->createStubForIntersectionOfInterfaces([IService::class, IMessageSend::class]);
 		$mailService->method('initiateMessage')

apps/dav/tests/unit/CalDAV/Schedule/IMipPluginTest.php

@@ -126,6 +126,10 @@ public function testDeliveryNoSignificantChange(): void {
 		$message->senderName = 'Mr. Wizard';
 		$message->recipient = 'mailto:' . '[email protected]';
 		$message->significantChange = false;
+
+		$this->config->expects(self::never())
+			->method('getValueBool');
+
 		$this->plugin->schedule($message);
 		$this->assertEquals('1.0', $message->getScheduleStatus());
 	}
@@ -173,6 +177,12 @@ public function testParsingSingle(): void {
 		$this->service->expects(self::once())
 			->method('getLastOccurrence')
 			->willReturn(1496912700);
+		$this->config->expects(self::exactly(2))
+			->method('getValueBool')
+			->willReturnMap([
+				['dav', 'caldav_external_attendees_disabled', false, false],
+				['core', 'mail_providers_enabled', true, false],
+			]);
 		$this->mailer->expects(self::once())
 			->method('validateMailAddress')
 			->with('[email protected]')
@@ -280,6 +290,10 @@ public function testAttendeeIsResource(): void {
 		$this->service->expects(self::once())
 			->method('getLastOccurrence')
 			->willReturn(1496912700);
+		$this->config->expects(self::once())
+			->method('getValueBool')
+			->with('dav', 'caldav_external_attendees_disabled', false)
+			->willReturn(false);
 		$this->mailer->expects(self::once())
 			->method('validateMailAddress')
 			->with('[email protected]')
@@ -358,6 +372,10 @@ public function testAttendeeIsCircle(): void {
 		$this->service->expects(self::once())
 			->method('getLastOccurrence')
 			->willReturn(1496912700);
+		$this->config->expects(self::once())
+			->method('getValueBool')
+			->with('dav', 'caldav_external_attendees_disabled', false)
+			->willReturn(false);
 		$this->mailer->expects(self::once())
 			->method('validateMailAddress')
 			->with('[email protected]')
@@ -463,6 +481,12 @@ public function testParsingRecurrence(): void {
 		$this->service->expects(self::once())
 			->method('getLastOccurrence')
 			->willReturn(1496912700);
+		$this->config->expects(self::exactly(2))
+			->method('getValueBool')
+			->willReturnMap([
+				['dav', 'caldav_external_attendees_disabled', false, false],
+				['core', 'mail_providers_enabled', true, false],
+			]);
 		$this->mailer->expects(self::once())
 			->method('validateMailAddress')
 			->with('[email protected]')
@@ -715,6 +739,12 @@ public function testMailProviderSend(): void {
 		$this->service->expects(self::once())
 			->method('getLastOccurrence')
 			->willReturn(1496912700);
+		$this->config->expects(self::exactly(2))
+			->method('getValueBool')
+			->willReturnMap([
+				['dav', 'caldav_external_attendees_disabled', false, false],
+				['core', 'mail_providers_enabled', true, true],
+			]);
 		$this->service->expects(self::once())
 			->method('getCurrentAttendee')
 			->with($message)
@@ -866,10 +896,12 @@ public function testMailProviderDisabled(): void {
 			->method('getValueString')
 			->with('dav', 'invitation_link_recipients', 'yes')
 			->willReturn('yes');
-		$this->config->expects(self::once())
+		$this->config->expects(self::exactly(2))
 			->method('getValueBool')
-			->with('core', 'mail_providers_enabled', true)
-			->willReturn(false);
+			->willReturnMap([
+				['dav', 'caldav_external_attendees_disabled', false, false],
+				['core', 'mail_providers_enabled', true, false],
+			]);
 		$this->service->expects(self::once())
 			->method('createInvitationToken')
 			->with($message, $newVevent, 1496912700)
@@ -917,6 +949,12 @@ public function testNoOldEvent(): void {
 		$this->service->expects(self::once())
 			->method('getLastOccurrence')
 			->willReturn(1496912700);
+		$this->config->expects(self::exactly(2))
+			->method('getValueBool')
+			->willReturnMap([
+				['dav', 'caldav_external_attendees_disabled', false, false],
+				['core', 'mail_providers_enabled', true, false],
+			]);
 		$this->mailer->expects(self::once())
 			->method('validateMailAddress')
 			->with('[email protected]')
@@ -1014,6 +1052,12 @@ public function testNoButtons(): void {
 		$this->service->expects(self::once())
 			->method('getLastOccurrence')
 			->willReturn(1496912700);
+		$this->config->expects(self::exactly(2))
+			->method('getValueBool')
+			->willReturnMap([
+				['dav', 'caldav_external_attendees_disabled', false, false],
+				['core', 'mail_providers_enabled', true, false],
+			]);
 		$this->mailer->expects(self::once())
 			->method('validateMailAddress')
 			->with('[email protected]')
@@ -1077,4 +1121,162 @@ public function testNoButtons(): void {
 		$this->plugin->schedule($message);
 		$this->assertEquals('1.1', $message->getScheduleStatus());
 	}
+
+	public function testExternalAttendeesDisabledForExternalUser(): void {
+		$message = new Message();
+		$message->method = 'REQUEST';
+		$newVCalendar = new VCalendar();
+		$newVevent = new VEvent($newVCalendar, 'one', array_merge([
+			'UID' => 'uid-1234',
+			'SEQUENCE' => 1,
+			'SUMMARY' => 'Fellowship meeting',
+			'DTSTART' => new \DateTime('2016-01-01 00:00:00')
+		], []));
+		$newVevent->add('ORGANIZER', 'mailto:[email protected]');
+		$newVevent->add('ATTENDEE', 'mailto:[email protected]', ['RSVP' => 'TRUE', 'CN' => 'External User']);
+		$message->message = $newVCalendar;
+		$message->sender = 'mailto:[email protected]';
+		$message->senderName = 'Mr. Wizard';
+		$message->recipient = 'mailto:[email protected]';
+
+		$this->service->expects(self::once())
+			->method('getLastOccurrence')
+			->willReturn(1496912700);
+		$this->config->expects(self::once())
+			->method('getValueBool')
+			->with('dav', 'caldav_external_attendees_disabled', false)
+			->willReturn(true);
+		$this->service->expects(self::once())
+			->method('isSystemUser')
+			->with('[email protected]')
+			->willReturn(false);
+		$this->eventComparisonService->expects(self::never())
+			->method('findModified');
+		$this->service->expects(self::never())
+			->method('getCurrentAttendee');
+		$this->mailer->expects(self::once())
+			->method('validateMailAddress')
+			->willReturn(true);
+		$this->mailer->expects(self::never())
+			->method('send');
+
+		$this->plugin->schedule($message);
+		$this->assertEquals('5.0', $message->getScheduleStatus());
+	}
+
+	public function testExternalAttendeesDisabledForSystemUser(): void {
+		$message = new Message();
+		$message->method = 'REQUEST';
+		$newVCalendar = new VCalendar();
+		$newVevent = new VEvent($newVCalendar, 'one', array_merge([
+			'UID' => 'uid-1234',
+			'SEQUENCE' => 1,
+			'SUMMARY' => 'Fellowship meeting',
+			'DTSTART' => new \DateTime('2016-01-01 00:00:00')
+		], []));
+		$newVevent->add('ORGANIZER', 'mailto:[email protected]');
+		$newVevent->add('ATTENDEE', 'mailto:[email protected]', ['RSVP' => 'TRUE', 'CN' => 'Frodo']);
+		$message->message = $newVCalendar;
+		$message->sender = 'mailto:[email protected]';
+		$message->senderName = 'Mr. Wizard';
+		$message->recipient = 'mailto:[email protected]';
+
+		$oldVCalendar = new VCalendar();
+		$oldVEvent = new VEvent($oldVCalendar, 'one', [
+			'UID' => 'uid-1234',
+			'SEQUENCE' => 0,
+			'SUMMARY' => 'Fellowship meeting',
+			'DTSTART' => new \DateTime('2016-01-01 00:00:00')
+		]);
+		$oldVEvent->add('ORGANIZER', 'mailto:[email protected]');
+		$oldVEvent->add('ATTENDEE', 'mailto:[email protected]', ['RSVP' => 'TRUE', 'CN' => 'Frodo']);
+		$oldVCalendar->add($oldVEvent);
+
+		$data = ['invitee_name' => 'Mr. Wizard',
+			'meeting_title' => 'Fellowship meeting',
+			'attendee_name' => '[email protected]'
+		];
+		$attendees = $newVevent->select('ATTENDEE');
+		$atnd = '';
+		foreach ($attendees as $attendee) {
+			if (strcasecmp($attendee->getValue(), $message->recipient) === 0) {
+				$atnd = $attendee;
+			}
+		}
+		$this->plugin->setVCalendar($oldVCalendar);
+		$this->service->expects(self::once())
+			->method('getLastOccurrence')
+			->willReturn(1496912700);
+		$this->config->expects(self::exactly(2))
+			->method('getValueBool')
+			->willReturnMap([
+				['dav', 'caldav_external_attendees_disabled', false, true],
+				['core', 'mail_providers_enabled', true, false],
+			]);
+		$this->service->expects(self::once())
+			->method('isSystemUser')
+			->with('[email protected]')
+			->willReturn(true);
+		$this->eventComparisonService->expects(self::once())
+			->method('findModified')
+			->willReturn(['new' => [$newVevent], 'old' => [$oldVEvent]]);
+		$this->service->expects(self::once())
+			->method('getCurrentAttendee')
+			->with($message)
+			->willReturn($atnd);
+		$this->service->expects(self::once())
+			->method('isRoomOrResource')
+			->with($atnd)
+			->willReturn(false);
+		$this->service->expects(self::once())
+			->method('isCircle')
+			->with($atnd)
+			->willReturn(false);
+		$this->service->expects(self::once())
+			->method('buildBodyData')
+			->with($newVevent, $oldVEvent)
+			->willReturn($data);
+		$this->user->expects(self::any())
+			->method('getUID')
+			->willReturn('user1');
+		$this->user->expects(self::any())
+			->method('getDisplayName')
+			->willReturn('Mr. Wizard');
+		$this->userSession->expects(self::any())
+			->method('getUser')
+			->willReturn($this->user);
+		$this->service->expects(self::once())
+			->method('getFrom');
+		$this->service->expects(self::once())
+			->method('addSubjectAndHeading')
+			->with($this->emailTemplate, 'request', 'Mr. Wizard', 'Fellowship meeting', true);
+		$this->service->expects(self::once())
+			->method('addBulletList')
+			->with($this->emailTemplate, $newVevent, $data);
+		$this->service->expects(self::once())
+			->method('getAttendeeRsvpOrReqForParticipant')
+			->willReturn(true);
+		$this->config->expects(self::once())
+			->method('getValueString')
+			->with('dav', 'invitation_link_recipients', 'yes')
+			->willReturn('yes');
+		$this->service->expects(self::once())
+			->method('createInvitationToken')
+			->with($message, $newVevent, 1496912700)
+			->willReturn('token');
+		$this->service->expects(self::once())
+			->method('addResponseButtons')
+			->with($this->emailTemplate, 'token');
+		$this->service->expects(self::once())
+			->method('addMoreOptionsButton')
+			->with($this->emailTemplate, 'token');
+		$this->mailer->expects(self::once())
+			->method('validateMailAddress')
+			->willReturn(true);
+		$this->mailer->expects(self::once())
+			->method('send')
+			->willReturn([]);
+		$this->plugin->schedule($message);
+		$this->assertEquals('1.1', $message->getScheduleStatus());
+	}
 }

apps/dav/tests/unit/CalDAV/Schedule/IMipServiceTest.php

@@ -157,6 +157,31 @@ public function testGetFrom(): void {
 		$this->assertEquals($expected, $actual);
 	}
 
+	public function testIsSystemUserWhenUserExists(): void {
+		$email = '[email protected]';
+		$user = $this->createMock(\OCP\IUser::class);
+
+		$this->userManager->expects(self::once())
+			->method('getByEmail')
+			->with($email)
+			->willReturn([$user]);
+
+		$result = $this->service->isSystemUser($email);
+		$this->assertTrue($result);
+	}
+
+	public function testIsSystemUserWhenUserDoesNotExist(): void {
+		$email = '[email protected]';
+
+		$this->userManager->expects(self::once())
+			->method('getByEmail')
+			->with($email)
+			->willReturn([]);
+
+		$result = $this->service->isSystemUser($email);
+		$this->assertFalse($result);
+	}
+
 	public function testBuildBodyDataCreated(): void {
 
 		// construct l10n return(s)