graph/users: Make minimum search term length configurable

2026-05-06 11:31:00 -05:00 · 2023-12-06 12:48:38 +01:00
parent 639c8d4ed3
commit 4cb6d99e88
3 changed files with 12 additions and 10 deletions
@@ -108,9 +108,10 @@ type Identity struct {

 // API represents API configuration parameters.
 type API struct {
-	GroupMembersPatchLimit int    `yaml:"group_members_patch_limit" env:"GRAPH_GROUP_MEMBERS_PATCH_LIMIT" desc:"The amount of group members allowed to be added with a single patch request."`
-	UsernameMatch          string `yaml:"graph_username_match" env:"GRAPH_USERNAME_MATCH" desc:"Apply restrictions to usernames. Supported values are 'default' and 'none'. When set to 'default', user names must not start with a number and are restricted to ASCII characters. When set to 'none', no restrictions are applied. The default value is 'default'."`
-	AssignDefaultUserRole  bool   `yaml:"graph_assign_default_user_role" env:"GRAPH_ASSIGN_DEFAULT_USER_ROLE" desc:"Whether to assign newly created users the default role 'User'. Set this to 'false' if you want to assign roles manually, or if the role assignment should happen at first login. Set this to 'true' (the default) to assign the role 'User' when creating a new user."`
+	GroupMembersPatchLimit  int    `yaml:"group_members_patch_limit" env:"GRAPH_GROUP_MEMBERS_PATCH_LIMIT" desc:"The amount of group members allowed to be added with a single patch request."`
+	UsernameMatch           string `yaml:"graph_username_match" env:"GRAPH_USERNAME_MATCH" desc:"Apply restrictions to usernames. Supported values are 'default' and 'none'. When set to 'default', user names must not start with a number and are restricted to ASCII characters. When set to 'none', no restrictions are applied. The default value is 'default'."`
+	AssignDefaultUserRole   bool   `yaml:"graph_assign_default_user_role" env:"GRAPH_ASSIGN_DEFAULT_USER_ROLE" desc:"Whether to assign newly created users the default role 'User'. Set this to 'false' if you want to assign roles manually, or if the role assignment should happen at first login. Set this to 'true' (the default) to assign the role 'User' when creating a new user."`
+	IdentitySearchMinLength int    `yaml:"graph_identity_search_min_length" env:"GRAPH_IDENTITY_SEARCH_MIN_LENGTH" desc:"The minimum length the search term needs to have for unprivileged users when searching for users or groups."`
 }

 // Events combines the configuration options for the event bus.
@@ -44,9 +44,10 @@ func DefaultConfig() *config.Config {
 			DisplayName: "ownCloud Infinite Scale",
 		},
 		API: config.API{
-			GroupMembersPatchLimit: 20,
-			UsernameMatch:          "default",
-			AssignDefaultUserRole:  true,
+			GroupMembersPatchLimit:  20,
+			UsernameMatch:           "default",
+			AssignDefaultUserRole:   true,
+			IdentitySearchMinLength: 3,
 		},
 		Reva: shared.DefaultRevaConfig(),
 		Spaces: config.Spaces{
@@ -223,10 +223,10 @@ func (g Graph) GetUsers(w http.ResponseWriter, r *http.Request) {
 	}

 	ctxHasFullPerms := g.contextUserHasFullAccountPerms(r.Context())
-	if !ctxHasFullPerms && (odataReq.Query == nil || odataReq.Query.Search == nil || len(odataReq.Query.Search.RawValue) < 3) {
-		// regular user must search with at least 3 chars
-		logger.Debug().Interface("query", r.URL.Query()).Msg("search with less than 3 chars for a regular user")
-		errorcode.InvalidRequest.Render(w, r, http.StatusBadRequest, "regular users must enter at least 3 characters to search")
+	if !ctxHasFullPerms && (odataReq.Query == nil || odataReq.Query.Search == nil || len(odataReq.Query.Search.RawValue) < g.config.API.IdentitySearchMinLength) {
+		// for regular user the search term must have a minimum length
+		logger.Debug().Interface("query", r.URL.Query()).Msgf("search with less than %d chars for a regular user", g.config.API.IdentitySearchMinLength)
+		errorcode.InvalidRequest.Render(w, r, http.StatusBadRequest, "search term too short")
 		return
 	}