From 6436795b192f67601276054479a789803babab9b Mon Sep 17 00:00:00 2001
From: Joas Schilling <coding@schilljs.com>
Date: Wed, 10 Apr 2019 10:25:32 +0200
Subject: Remove conversation names and tokens when you are not a participant

Signed-off-by: Joas Schilling <coding@schilljs.com>
---
 lib/Manager.php                         | 17 ++++++++++++++++-
 lib/Share/Helper/ShareAPIController.php |  8 ++++++++
 2 files changed, 24 insertions(+), 1 deletion(-)

(limited to 'lib')

diff --git a/lib/Manager.php b/lib/Manager.php
index 075e839bc..9e7e4fd03 100644
--- a/lib/Manager.php
+++ b/lib/Manager.php
@@ -583,13 +583,21 @@ class Manager {
 		if ($room->getType() === Room::CHANGELOG_CONVERSATION) {
 			return $this->l->t('Talk updates ✅');
 		}
+		if ($userId === '' && $room->getType() !== Room::PUBLIC_CALL) {
+			return $this->l->t('Private conversation');
+		}
+
 
 		if ($room->getType() !== Room::ONE_TO_ONE_CALL && $room->getName() === '') {
 			$room->setName($this->getRoomNameByParticipants($room));
 		}
 
 		// Set the room name to the other participant for one-to-one rooms
-		if ($userId !== '' && $room->getType() === Room::ONE_TO_ONE_CALL) {
+		if ($room->getType() === Room::ONE_TO_ONE_CALL) {
+			if ($userId === '') {
+				return $this->l->t('Private conversation');
+			}
+
 			$users = $room->getParticipantUserIds();
 			$otherParticipant = '';
 			$userIsParticipant = false;
@@ -616,6 +624,13 @@ class Manager {
 			return $otherParticipant;
 		}
 
+		try {
+			$room->getParticipant($userId);
+		} catch (ParticipantNotFoundException $e) {
+			// Do not leak the name of rooms the user is not a part of
+			return $this->l->t('Private conversation');
+		}
+
 		return $room->getName();
 	}
 
diff --git a/lib/Share/Helper/ShareAPIController.php b/lib/Share/Helper/ShareAPIController.php
index 64398f56a..04ecfdc4d 100644
--- a/lib/Share/Helper/ShareAPIController.php
+++ b/lib/Share/Helper/ShareAPIController.php
@@ -85,6 +85,14 @@ class ShareAPIController {
 		}
 
 		$result['share_with_displayname'] = $room->getDisplayName($this->userId);
+		try {
+			$room->getParticipant($this->userId);
+		} catch (ParticipantNotFoundException $e) {
+			// Removing the conversation token from the leaked data if not a participant.
+			// Adding some unique but reproducable part to the share_with here
+			// so the avatars for conversations are distinguishable
+			$result['share_with'] = 'private_conversation_' . substr(sha1($room->getName() . $room->getId()), 0, 6);
+		}
 		if ($room->getType() === Room::PUBLIC_CALL) {
 			$result['token'] = $share->getToken();
 		}
-- 
cgit v1.2.3