fix(ProvisioningApi): only return verified additional mails per user

It would not per se be bad to return all of them, however the meta data about the verified state is missing. Since the information may go out to connected clients, those may have wrong trust the returned email addresses. Email verification still works with this change. Signed-off-by: Arthur Schiwon <[email protected]>
nextcloud · Mar 19, 2024 · 266a79a · 266a79a
1 parent 0681141
commit 266a79a
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/apps/provisioning_api/lib/Controller/AUserData.php b/apps/provisioning_api/lib/Controller/AUserData.php
@@ -173,6 +173,9 @@ protected function getUserData(string $userId, bool $includeScopes = false): ?ar
  $additionalEmails = $additionalEmailScopes = [];
  $emailCollection = $userAccount->getPropertyCollection(IAccountManager::COLLECTION_EMAIL);
  foreach ($emailCollection->getProperties() as $property) {
+ if ($property->getLocallyVerified() !== IAccountManager::VERIFIED) {
+ continue;
+ }
  $additionalEmails[] = $property->getValue();
  if ($includeScopes) {
  $additionalEmailScopes[] = $property->getScope();