Skip to content

[stable30] feat: restrict calendar invitation participants #57463

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
AndyScherzinger merged 1 commit into from
Jan 13, 2026
+301 −6
Merged

[stable30] feat: restrict calendar invitation participants #57463

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions apps/dav/lib/CalDAV/Schedule/IMipPlugin.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -138,6 +138,18 @@ public function schedule(Message $iTipMessage) {
$iTipMessage->scheduleStatus = '5.0; EMail delivery failed';
return;
}

// Check if external attendees are disabled
$externalAttendeesDisabled = $this->config->getValueBool('dav', 'caldav_external_attendees_disabled', false);
if ($externalAttendeesDisabled && !$this->imipService->isSystemUser($recipient)) {
$this->logger->debug('Invitation not sent to external attendee (external attendees disabled)', [
'uid' => $iTipMessage->uid,
'attendee' => $recipient,
]);
$iTipMessage->scheduleStatus = '5.0; External attendees are disabled';
return;
}

$recipientName = $iTipMessage->recipientName ? (string) $iTipMessage->recipientName : null;

$newEvents = $iTipMessage->message;
Expand Down
19 changes: 17 additions & 2 deletions apps/dav/lib/CalDAV/Schedule/IMipService.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
use OCP\IConfig;
use OCP\IDBConnection;
use OCP\IL10N;
use OCP\IUserManager;
use OCP\L10N\IFactory as L10NFactory;
use OCP\Mail\IEMailTemplate;
use OCP\Security\ISecureRandom;
Expand All @@ -35,7 +36,8 @@ class IMipService {
private L10NFactory $l10nFactory;
private IL10N $l10n;
private ITimeFactory $timeFactory;

private IUserManager $userManager;

/** @var string[] */
private const STRING_DIFF = [
'meeting_title' => 'SUMMARY',
Expand All @@ -49,13 +51,16 @@ public function __construct(URLGenerator $urlGenerator,
IDBConnection $db,
ISecureRandom $random,
L10NFactory $l10nFactory,
ITimeFactory $timeFactory) {
ITimeFactory $timeFactory,
IUserManager $userManager,
) {
$this->urlGenerator = $urlGenerator;
$this->config = $config;
$this->db = $db;
$this->random = $random;
$this->l10nFactory = $l10nFactory;
$this->timeFactory = $timeFactory;
$this->userManager = $userManager;
$language = $this->l10nFactory->findGenericLanguage();
$locale = $this->l10nFactory->findLocale($language);
$this->l10n = $this->l10nFactory->get('dav', $language, $locale);
Expand Down Expand Up @@ -1182,6 +1187,16 @@ public function getReplyingAttendee(Message $iTipMessage): ?Property {
return null;
}

/**
* Check if an email address belongs to a system user
*
* @param string $email
* @return bool True if the email belongs to a system user, false otherwise
*/
public function isSystemUser(string $email): bool {
return !empty($this->userManager->getByEmail($email));
}

public function isRoomOrResource(Property $attendee): bool {
$cuType = $attendee->offsetGet('CUTYPE');
if (!$cuType instanceof Parameter) {
Expand Down
243 changes: 240 additions & 3 deletions apps/dav/tests/unit/CalDAV/Schedule/IMipPluginTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -157,6 +157,10 @@ public function testDeliveryNoSignificantChange(): void {
$message->senderName = 'Mr. Wizard';
$message->recipient = 'mailto:' . '[email protected]';
$message->significantChange = false;

$this->config->expects(self::never())
->method('getValueBool');

$this->plugin->schedule($message);
$this->assertEquals('1.0', $message->getScheduleStatus());
}
Expand Down Expand Up @@ -204,6 +208,17 @@ public function testParsingSingle(): void {
$this->service->expects(self::once())
->method('getLastOccurrence')
->willReturn(1496912700);
$this->config->expects(self::exactly(2))
->method('getValueBool')
->willReturnCallback(function ($app, $key, $default) {
if ($app === 'dav' && $key === 'caldav_external_attendees_disabled') {
return false;
}
if ($app === 'core' && $key === 'mail_providers_enabled') {
return false;
}
return $default;
});
$this->mailer->expects(self::once())
->method('validateMailAddress')
->with('[email protected]')
Expand Down Expand Up @@ -311,6 +326,10 @@ public function testAttendeeIsResource(): void {
$this->service->expects(self::once())
->method('getLastOccurrence')
->willReturn(1496912700);
$this->config->expects(self::once())
->method('getValueBool')
->with('dav', 'caldav_external_attendees_disabled', false)
->willReturn(false);
$this->mailer->expects(self::once())
->method('validateMailAddress')
->with('[email protected]')
Expand Down Expand Up @@ -389,6 +408,10 @@ public function testAttendeeIsCircle(): void {
$this->service->expects(self::once())
->method('getLastOccurrence')
->willReturn(1496912700);
$this->config->expects(self::once())
->method('getValueBool')
->with('dav', 'caldav_external_attendees_disabled', false)
->willReturn(false);
$this->mailer->expects(self::once())
->method('validateMailAddress')
->with('[email protected]')
Expand Down Expand Up @@ -494,6 +517,17 @@ public function testParsingRecurrence(): void {
$this->service->expects(self::once())
->method('getLastOccurrence')
->willReturn(1496912700);
$this->config->expects(self::exactly(2))
->method('getValueBool')
->willReturnCallback(function ($app, $key, $default) {
if ($app === 'dav' && $key === 'caldav_external_attendees_disabled') {
return false;
}
if ($app === 'core' && $key === 'mail_providers_enabled') {
return false;
}
return $default;
});
$this->mailer->expects(self::once())
->method('validateMailAddress')
->with('[email protected]')
Expand Down Expand Up @@ -746,6 +780,17 @@ public function testMailProviderSend(): void {
$this->service->expects(self::once())
->method('getLastOccurrence')
->willReturn(1496912700);
$this->config->expects(self::exactly(2))
->method('getValueBool')
->willReturnCallback(function ($app, $key, $default) {
if ($app === 'dav' && $key === 'caldav_external_attendees_disabled') {
return false;
}
if ($app === 'core' && $key === 'mail_providers_enabled') {
return true;
}
return $default;
});
$this->service->expects(self::once())
->method('getCurrentAttendee')
->with($message)
Expand Down Expand Up @@ -897,10 +942,17 @@ public function testMailProviderDisabled(): void {
->method('getValueString')
->with('dav', 'invitation_link_recipients', 'yes')
->willReturn('yes');
$this->config->expects(self::once())
$this->config->expects(self::exactly(2))
->method('getValueBool')
->with('core', 'mail_providers_enabled', true)
->willReturn(false);
->willReturnCallback(function ($app, $key, $default) {
if ($app === 'dav' && $key === 'caldav_external_attendees_disabled') {
return false;
}
if ($app === 'core' && $key === 'mail_providers_enabled') {
return false;
}
return $default;
});
$this->service->expects(self::once())
->method('createInvitationToken')
->with($message, $newVevent, 1496912700)
Expand Down Expand Up @@ -948,6 +1000,17 @@ public function testNoOldEvent(): void {
$this->service->expects(self::once())
->method('getLastOccurrence')
->willReturn(1496912700);
$this->config->expects(self::exactly(2))
->method('getValueBool')
->willReturnCallback(function ($app, $key, $default) {
if ($app === 'dav' && $key === 'caldav_external_attendees_disabled') {
return false;
}
if ($app === 'core' && $key === 'mail_providers_enabled') {
return false;
}
return $default;
});
$this->mailer->expects(self::once())
->method('validateMailAddress')
->with('[email protected]')
Expand Down Expand Up @@ -1045,6 +1108,17 @@ public function testNoButtons(): void {
$this->service->expects(self::once())
->method('getLastOccurrence')
->willReturn(1496912700);
$this->config->expects(self::exactly(2))
->method('getValueBool')
->willReturnCallback(function ($app, $key, $default) {
if ($app === 'dav' && $key === 'caldav_external_attendees_disabled') {
return false;
}
if ($app === 'core' && $key === 'mail_providers_enabled') {
return false;
}
return $default;
});
$this->mailer->expects(self::once())
->method('validateMailAddress')
->with('[email protected]')
Expand Down Expand Up @@ -1108,4 +1182,167 @@ public function testNoButtons(): void {
$this->plugin->schedule($message);
$this->assertEquals('1.1', $message->getScheduleStatus());
}

public function testExternalAttendeesDisabledForExternalUser(): void {
$message = new Message();
$message->method = 'REQUEST';
$newVCalendar = new VCalendar();
$newVevent = new VEvent($newVCalendar, 'one', array_merge([
'UID' => 'uid-1234',
'SEQUENCE' => 1,
'SUMMARY' => 'Fellowship meeting',
'DTSTART' => new \DateTime('2016-01-01 00:00:00')
], []));
$newVevent->add('ORGANIZER', 'mailto:[email protected]');
$newVevent->add('ATTENDEE', 'mailto:[email protected]', ['RSVP' => 'TRUE', 'CN' => 'External User']);
$message->message = $newVCalendar;
$message->sender = 'mailto:[email protected]';
$message->senderName = 'Mr. Wizard';
$message->recipient = 'mailto:[email protected]';

$this->service->expects(self::once())
->method('getLastOccurrence')
->willReturn(1496912700);
$this->config->expects(self::once())
->method('getValueBool')
->with('dav', 'caldav_external_attendees_disabled', false)
->willReturn(true);
$this->service->expects(self::once())
->method('isSystemUser')
->with('[email protected]')
->willReturn(false);
$this->eventComparisonService->expects(self::never())
->method('findModified');
$this->service->expects(self::never())
->method('getCurrentAttendee');
$this->mailer->expects(self::once())
->method('validateMailAddress')
->willReturn(true);
$this->mailer->expects(self::never())
->method('send');

$this->plugin->schedule($message);
$this->assertEquals('5.0', $message->getScheduleStatus());
}

public function testExternalAttendeesDisabledForSystemUser(): void {
$message = new Message();
$message->method = 'REQUEST';
$newVCalendar = new VCalendar();
$newVevent = new VEvent($newVCalendar, 'one', array_merge([
'UID' => 'uid-1234',
'SEQUENCE' => 1,
'SUMMARY' => 'Fellowship meeting',
'DTSTART' => new \DateTime('2016-01-01 00:00:00')
], []));
$newVevent->add('ORGANIZER', 'mailto:[email protected]');
$newVevent->add('ATTENDEE', 'mailto:[email protected]', ['RSVP' => 'TRUE', 'CN' => 'Frodo']);
$message->message = $newVCalendar;
$message->sender = 'mailto:[email protected]';
$message->senderName = 'Mr. Wizard';
$message->recipient = 'mailto:[email protected]';

$oldVCalendar = new VCalendar();
$oldVEvent = new VEvent($oldVCalendar, 'one', [
'UID' => 'uid-1234',
'SEQUENCE' => 0,
'SUMMARY' => 'Fellowship meeting',
'DTSTART' => new \DateTime('2016-01-01 00:00:00')
]);
$oldVEvent->add('ORGANIZER', 'mailto:[email protected]');
$oldVEvent->add('ATTENDEE', 'mailto:[email protected]', ['RSVP' => 'TRUE', 'CN' => 'Frodo']);
$oldVCalendar->add($oldVEvent);

$data = ['invitee_name' => 'Mr. Wizard',
'meeting_title' => 'Fellowship meeting',
'attendee_name' => '[email protected]'
];
$attendees = $newVevent->select('ATTENDEE');
$atnd = '';
foreach ($attendees as $attendee) {
if (strcasecmp($attendee->getValue(), $message->recipient) === 0) {
$atnd = $attendee;
}
}
$this->plugin->setVCalendar($oldVCalendar);
$this->service->expects(self::once())
->method('getLastOccurrence')
->willReturn(1496912700);
$this->config->expects(self::exactly(2))
->method('getValueBool')
->willReturnCallback(function ($app, $key, $default) {
if ($app === 'dav' && $key === 'caldav_external_attendees_disabled') {
return true;
}
if ($app === 'core' && $key === 'mail_providers_enabled') {
return false;
}
return $default;
});
$this->service->expects(self::once())
->method('isSystemUser')
->with('[email protected]')
->willReturn(true);
$this->eventComparisonService->expects(self::once())
->method('findModified')
->willReturn(['new' => [$newVevent], 'old' => [$oldVEvent]]);
$this->service->expects(self::once())
->method('getCurrentAttendee')
->with($message)
->willReturn($atnd);
$this->service->expects(self::once())
->method('isRoomOrResource')
->with($atnd)
->willReturn(false);
$this->service->expects(self::once())
->method('isCircle')
->with($atnd)
->willReturn(false);
$this->service->expects(self::once())
->method('buildBodyData')
->with($newVevent, $oldVEvent)
->willReturn($data);
$this->user->expects(self::any())
->method('getUID')
->willReturn('user1');
$this->user->expects(self::any())
->method('getDisplayName')
->willReturn('Mr. Wizard');
$this->userSession->expects(self::any())
->method('getUser')
->willReturn($this->user);
$this->service->expects(self::once())
->method('getFrom');
$this->service->expects(self::once())
->method('addSubjectAndHeading')
->with($this->emailTemplate, 'request', 'Mr. Wizard', 'Fellowship meeting', true);
$this->service->expects(self::once())
->method('addBulletList')
->with($this->emailTemplate, $newVevent, $data);
$this->service->expects(self::once())
->method('getAttendeeRsvpOrReqForParticipant')
->willReturn(true);
$this->config->expects(self::once())
->method('getValueString')
->with('dav', 'invitation_link_recipients', 'yes')
->willReturn('yes');
$this->service->expects(self::once())
->method('createInvitationToken')
->with($message, $newVevent, 1496912700)
->willReturn('token');
$this->service->expects(self::once())
->method('addResponseButtons')
->with($this->emailTemplate, 'token');
$this->service->expects(self::once())
->method('addMoreOptionsButton')
->with($this->emailTemplate, 'token');
$this->mailer->expects(self::once())
->method('validateMailAddress')
->willReturn(true);
$this->mailer->expects(self::once())
->method('send')
->willReturn([]);
$this->plugin->schedule($message);
$this->assertEquals('1.1', $message->getScheduleStatus());
}
}
Loading
Loading