fix: adjust min search length if double quotes are used

owncloud · Dec 20, 2023 · 70f2e75 · 70f2e75
1 parent 73a49cd
commit 70f2e75
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 5 deletions.
diff --git a/services/graph/pkg/identity/odata.go b/services/graph/pkg/identity/odata.go
@@ -41,9 +41,6 @@ func GetSearchValues(req *godata.GoDataQuery) (string, error) {
 		return "", godata.NotImplementedError("complex search queries are not supported")
 	}
 
-	searchValue := req.Search.Tree.Token.Value
-	if strings.HasPrefix(searchValue, "\"") && strings.HasSuffix(searchValue, "\"") {
-		searchValue = strings.Trim(searchValue, "\"")
-	}
+	searchValue := strings.Trim(req.Search.Tree.Token.Value, "\"")
 	return searchValue, nil
 }
diff --git a/services/graph/pkg/service/v0/users.go b/services/graph/pkg/service/v0/users.go
@@ -223,7 +223,17 @@ func (g Graph) GetUsers(w http.ResponseWriter, r *http.Request) {
 	}
 
 	ctxHasFullPerms := g.contextUserHasFullAccountPerms(r.Context())
-	if !ctxHasFullPerms && (odataReq.Query == nil || odataReq.Query.Search == nil || len(odataReq.Query.Search.RawValue) < g.config.API.IdentitySearchMinLength) {
+	minSearchLength := g.config.API.IdentitySearchMinLength
+	searchHasAcceptableLength := false
+	if odataReq.Query != nil && odataReq.Query.Search != nil {
+		if strings.HasPrefix(odataReq.Query.Search.RawValue, "\"") {
+			// if search starts with double quotes then it must finish with double quotes
+			// add +2 to the minimum search length in this case
+			minSearchLength += 2
+		}
+		searchHasAcceptableLength = len(odataReq.Query.Search.RawValue) >= minSearchLength
+	}
+	if !ctxHasFullPerms && !searchHasAcceptableLength {
 		// for regular user the search term must have a minimum length
 		logger.Debug().Interface("query", r.URL.Query()).Msgf("search with less than %d chars for a regular user", g.config.API.IdentitySearchMinLength)
 		errorcode.AccessDenied.Render(w, r, http.StatusForbidden, "search term too short")