diff --git a/services/graph/pkg/config/config.go b/services/graph/pkg/config/config.go index ee18c1a2dc..27a151bcf8 100644 --- a/services/graph/pkg/config/config.go +++ b/services/graph/pkg/config/config.go @@ -108,9 +108,10 @@ type Identity struct { // API represents API configuration parameters. type API struct { - GroupMembersPatchLimit int `yaml:"group_members_patch_limit" env:"GRAPH_GROUP_MEMBERS_PATCH_LIMIT" desc:"The amount of group members allowed to be added with a single patch request."` - UsernameMatch string `yaml:"graph_username_match" env:"GRAPH_USERNAME_MATCH" desc:"Apply restrictions to usernames. Supported values are 'default' and 'none'. When set to 'default', user names must not start with a number and are restricted to ASCII characters. When set to 'none', no restrictions are applied. The default value is 'default'."` - AssignDefaultUserRole bool `yaml:"graph_assign_default_user_role" env:"GRAPH_ASSIGN_DEFAULT_USER_ROLE" desc:"Whether to assign newly created users the default role 'User'. Set this to 'false' if you want to assign roles manually, or if the role assignment should happen at first login. Set this to 'true' (the default) to assign the role 'User' when creating a new user."` + GroupMembersPatchLimit int `yaml:"group_members_patch_limit" env:"GRAPH_GROUP_MEMBERS_PATCH_LIMIT" desc:"The amount of group members allowed to be added with a single patch request."` + UsernameMatch string `yaml:"graph_username_match" env:"GRAPH_USERNAME_MATCH" desc:"Apply restrictions to usernames. Supported values are 'default' and 'none'. When set to 'default', user names must not start with a number and are restricted to ASCII characters. When set to 'none', no restrictions are applied. The default value is 'default'."` + AssignDefaultUserRole bool `yaml:"graph_assign_default_user_role" env:"GRAPH_ASSIGN_DEFAULT_USER_ROLE" desc:"Whether to assign newly created users the default role 'User'. Set this to 'false' if you want to assign roles manually, or if the role assignment should happen at first login. Set this to 'true' (the default) to assign the role 'User' when creating a new user."` + IdentitySearchMinLength int `yaml:"graph_identity_search_min_length" env:"GRAPH_IDENTITY_SEARCH_MIN_LENGTH" desc:"The minimum length the search term needs to have for unprivileged users when searching for users or groups."` } // Events combines the configuration options for the event bus. diff --git a/services/graph/pkg/config/defaults/defaultconfig.go b/services/graph/pkg/config/defaults/defaultconfig.go index 730ce442d5..3062e5ed9c 100644 --- a/services/graph/pkg/config/defaults/defaultconfig.go +++ b/services/graph/pkg/config/defaults/defaultconfig.go @@ -44,9 +44,10 @@ func DefaultConfig() *config.Config { DisplayName: "ownCloud Infinite Scale", }, API: config.API{ - GroupMembersPatchLimit: 20, - UsernameMatch: "default", - AssignDefaultUserRole: true, + GroupMembersPatchLimit: 20, + UsernameMatch: "default", + AssignDefaultUserRole: true, + IdentitySearchMinLength: 3, }, Reva: shared.DefaultRevaConfig(), Spaces: config.Spaces{ diff --git a/services/graph/pkg/service/v0/users.go b/services/graph/pkg/service/v0/users.go index a7b71bd9ab..5e346fea9d 100644 --- a/services/graph/pkg/service/v0/users.go +++ b/services/graph/pkg/service/v0/users.go @@ -223,10 +223,10 @@ func (g Graph) GetUsers(w http.ResponseWriter, r *http.Request) { } ctxHasFullPerms := g.contextUserHasFullAccountPerms(r.Context()) - if !ctxHasFullPerms && (odataReq.Query == nil || odataReq.Query.Search == nil || len(odataReq.Query.Search.RawValue) < 3) { - // regular user must search with at least 3 chars - logger.Debug().Interface("query", r.URL.Query()).Msg("search with less than 3 chars for a regular user") - errorcode.InvalidRequest.Render(w, r, http.StatusBadRequest, "regular users must enter at least 3 characters to search") + if !ctxHasFullPerms && (odataReq.Query == nil || odataReq.Query.Search == nil || len(odataReq.Query.Search.RawValue) < g.config.API.IdentitySearchMinLength) { + // for regular user the search term must have a minimum length + logger.Debug().Interface("query", r.URL.Query()).Msgf("search with less than %d chars for a regular user", g.config.API.IdentitySearchMinLength) + errorcode.InvalidRequest.Render(w, r, http.StatusBadRequest, "search term too short") return }