nextcloud / server

apps/settings/lib/ConfigLexicon.php

Indentation +66 added lines, -66 removed lines

@@ -20,73 +20,73 @@
  * Please Add & Manage your Config Keys in that file and keep the Lexicon up to date!
  */
 class ConfigLexicon implements ILexicon {
-	public const USER_SETTINGS_EMAIL = 'email';
-	public const USER_LIST_SHOW_STORAGE_PATH = 'user_list_show_storage_path';
-	public const USER_LIST_SHOW_USER_BACKEND = 'user_list_show_user_backend';
-	public const USER_LIST_SHOW_LAST_LOGIN = 'user_list_show_last_login';
-	public const USER_LIST_SHOW_FIRST_LOGIN = 'user_list_show_first_login';
-	public const USER_LIST_SHOW_NEW_USER_FORM = 'user_list_show_new_user_form';
-	public const USER_LIST_SHOW_LANGUAGES = 'user_list_show_languages';
+    public const USER_SETTINGS_EMAIL = 'email';
+    public const USER_LIST_SHOW_STORAGE_PATH = 'user_list_show_storage_path';
+    public const USER_LIST_SHOW_USER_BACKEND = 'user_list_show_user_backend';
+    public const USER_LIST_SHOW_LAST_LOGIN = 'user_list_show_last_login';
+    public const USER_LIST_SHOW_FIRST_LOGIN = 'user_list_show_first_login';
+    public const USER_LIST_SHOW_NEW_USER_FORM = 'user_list_show_new_user_form';
+    public const USER_LIST_SHOW_LANGUAGES = 'user_list_show_languages';
 
-	public function getStrictness(): Strictness {
-		return Strictness::IGNORE;
-	}
+    public function getStrictness(): Strictness {
+        return Strictness::IGNORE;
+    }
 
-	public function getAppConfigs(): array {
-		return [];
-	}
+    public function getAppConfigs(): array {
+        return [];
+    }
 
-	public function getUserConfigs(): array {
-		return [
-			new Entry(
-				key: self::USER_SETTINGS_EMAIL,
-				type: ValueType::STRING,
-				defaultRaw: '',
-				definition: 'account mail address',
-				flags: IUserConfig::FLAG_INDEXED,
-			),
-			new Entry(
-				key: self::USER_LIST_SHOW_STORAGE_PATH,
-				type: ValueType::BOOL,
-				defaultRaw: false,
-				definition: 'Show storage path column in user list',
-				lazy: true,
-			),
-			new Entry(
-				key: self::USER_LIST_SHOW_USER_BACKEND,
-				type: ValueType::BOOL,
-				defaultRaw: false,
-				definition: 'Show user account backend column in user list',
-				lazy: true,
-			),
-			new Entry(
-				key: self::USER_LIST_SHOW_LAST_LOGIN,
-				type: ValueType::BOOL,
-				defaultRaw: false,
-				definition: 'Show last login date column in user list',
-				lazy: true,
-			),
-			new Entry(
-				key: self::USER_LIST_SHOW_FIRST_LOGIN,
-				type: ValueType::BOOL,
-				defaultRaw: false,
-				definition: 'Show first login date column in user list',
-				lazy: true,
-			),
-			new Entry(
-				key: self::USER_LIST_SHOW_NEW_USER_FORM,
-				type: ValueType::BOOL,
-				defaultRaw: false,
-				definition: 'Show new user form in user list',
-				lazy: true,
-			),
-			new Entry(
-				key: self::USER_LIST_SHOW_LANGUAGES,
-				type: ValueType::BOOL,
-				defaultRaw: false,
-				definition: 'Show languages in user list',
-				lazy: true,
-			),
-		];
-	}
+    public function getUserConfigs(): array {
+        return [
+            new Entry(
+                key: self::USER_SETTINGS_EMAIL,
+                type: ValueType::STRING,
+                defaultRaw: '',
+                definition: 'account mail address',
+                flags: IUserConfig::FLAG_INDEXED,
+            ),
+            new Entry(
+                key: self::USER_LIST_SHOW_STORAGE_PATH,
+                type: ValueType::BOOL,
+                defaultRaw: false,
+                definition: 'Show storage path column in user list',
+                lazy: true,
+            ),
+            new Entry(
+                key: self::USER_LIST_SHOW_USER_BACKEND,
+                type: ValueType::BOOL,
+                defaultRaw: false,
+                definition: 'Show user account backend column in user list',
+                lazy: true,
+            ),
+            new Entry(
+                key: self::USER_LIST_SHOW_LAST_LOGIN,
+                type: ValueType::BOOL,
+                defaultRaw: false,
+                definition: 'Show last login date column in user list',
+                lazy: true,
+            ),
+            new Entry(
+                key: self::USER_LIST_SHOW_FIRST_LOGIN,
+                type: ValueType::BOOL,
+                defaultRaw: false,
+                definition: 'Show first login date column in user list',
+                lazy: true,
+            ),
+            new Entry(
+                key: self::USER_LIST_SHOW_NEW_USER_FORM,
+                type: ValueType::BOOL,
+                defaultRaw: false,
+                definition: 'Show new user form in user list',
+                lazy: true,
+            ),
+            new Entry(
+                key: self::USER_LIST_SHOW_LANGUAGES,
+                type: ValueType::BOOL,
+                defaultRaw: false,
+                definition: 'Show languages in user list',
+                lazy: true,
+            ),
+        ];
+    }
 }

apps/settings/lib/Controller/UsersController.php

Indentation +549 added lines, -549 removed lines

@@ -59,553 +59,553 @@
 
 #[OpenAPI(scope: OpenAPI::SCOPE_IGNORE)]
 class UsersController extends Controller {
-	/** Limit for counting users for subadmins, to avoid spending too much time */
-	private const COUNT_LIMIT_FOR_SUBADMINS = 999;
-
-	public const ALLOWED_USER_PREFERENCES = [
-		ConfigLexicon::USER_LIST_SHOW_STORAGE_PATH,
-		ConfigLexicon::USER_LIST_SHOW_USER_BACKEND,
-		ConfigLexicon::USER_LIST_SHOW_FIRST_LOGIN,
-		ConfigLexicon::USER_LIST_SHOW_LAST_LOGIN,
-		ConfigLexicon::USER_LIST_SHOW_NEW_USER_FORM,
-		ConfigLexicon::USER_LIST_SHOW_LANGUAGES,
-	];
-
-	public function __construct(
-		string $appName,
-		IRequest $request,
-		private UserManager $userManager,
-		private IGroupManager $groupManager,
-		private IUserSession $userSession,
-		private IConfig $config,
-		private IAppConfig $appConfig,
-		private IUserConfig $userConfig,
-		private IL10N $l10n,
-		private IMailer $mailer,
-		private IFactory $l10nFactory,
-		private IAppManager $appManager,
-		private IAccountManager $accountManager,
-		private Manager $keyManager,
-		private IJobList $jobList,
-		private IManager $encryptionManager,
-		private KnownUserService $knownUserService,
-		private IEventDispatcher $dispatcher,
-		private IInitialState $initialState,
-	) {
-		parent::__construct($appName, $request);
-	}
-
-
-	/**
-	 * Display users list template
-	 *
-	 * @return TemplateResponse
-	 */
-	#[NoAdminRequired]
-	#[NoCSRFRequired]
-	public function usersListByGroup(INavigationManager $navigationManager, ISubAdmin $subAdmin): TemplateResponse {
-		return $this->usersList($navigationManager, $subAdmin);
-	}
-
-	/**
-	 * Display users list template
-	 *
-	 * @return TemplateResponse
-	 */
-	#[NoAdminRequired]
-	#[NoCSRFRequired]
-	public function usersList(INavigationManager $navigationManager, ISubAdmin $subAdmin): TemplateResponse {
-		$user = $this->userSession->getUser();
-		$uid = $user->getUID();
-		$isAdmin = $this->groupManager->isAdmin($uid);
-		$isDelegatedAdmin = $this->groupManager->isDelegatedAdmin($uid);
-
-		$navigationManager->setActiveEntry('core_users');
-
-		/* SORT OPTION: SORT_USERCOUNT or SORT_GROUPNAME */
-		$sortGroupsBy = MetaData::SORT_USERCOUNT;
-		$isLDAPUsed = false;
-		if ($this->config->getSystemValueBool('sort_groups_by_name', false)) {
-			$sortGroupsBy = MetaData::SORT_GROUPNAME;
-		} else {
-			if ($this->appManager->isEnabledForUser('user_ldap')) {
-				$isLDAPUsed
-					= $this->groupManager->isBackendUsed('\OCA\User_LDAP\Group_Proxy');
-				if ($isLDAPUsed) {
-					// LDAP user count can be slow, so we sort by group name here
-					$sortGroupsBy = MetaData::SORT_GROUPNAME;
-				}
-			}
-		}
-
-		$canChangePassword = $this->canAdminChangeUserPasswords();
-
-		/* GROUPS */
-		$groupsInfo = new MetaData(
-			$uid,
-			$isAdmin,
-			$isDelegatedAdmin,
-			$this->groupManager,
-			$this->userSession
-		);
-
-		$adminGroup = $this->groupManager->get('admin');
-		$adminGroupData = [
-			'id' => $adminGroup->getGID(),
-			'name' => $adminGroup->getDisplayName(),
-			'usercount' => $sortGroupsBy === MetaData::SORT_USERCOUNT ? $adminGroup->count() : 0,
-			'disabled' => $adminGroup->countDisabled(),
-			'canAdd' => $adminGroup->canAddUser(),
-			'canRemove' => $adminGroup->canRemoveUser(),
-		];
-
-		if (!$isLDAPUsed && $this->appManager->isEnabledForUser('user_ldap')) {
-			$isLDAPUsed = (bool)array_reduce($this->userManager->getBackends(), function ($ldapFound, $backend) {
-				return $ldapFound || $backend instanceof User_Proxy;
-			});
-		}
-
-		$disabledUsers = -1;
-		$userCount = 0;
-
-		if (!$isLDAPUsed) {
-			if ($isAdmin || $isDelegatedAdmin) {
-				$disabledUsers = $this->userManager->countDisabledUsers();
-				$userCount = array_reduce($this->userManager->countUsers(), function ($v, $w) {
-					return $v + (int)$w;
-				}, 0);
-			} else {
-				// User is subadmin !
-				[$userCount,$disabledUsers] = $this->userManager->countUsersAndDisabledUsersOfGroups($groupsInfo->getGroups(), self::COUNT_LIMIT_FOR_SUBADMINS);
-			}
-
-			if ($disabledUsers > 0) {
-				$userCount -= $disabledUsers;
-			}
-		}
-
-		$recentUsersGroup = [
-			'id' => '__nc_internal_recent',
-			'name' => $this->l10n->t('Recently active'),
-			'usercount' => $this->userManager->countSeenUsers(),
-		];
-
-		$disabledUsersGroup = [
-			'id' => 'disabled',
-			'name' => $this->l10n->t('Disabled accounts'),
-			'usercount' => $disabledUsers
-		];
-
-		if (!$isAdmin && !$isDelegatedAdmin) {
-			$subAdminGroups = array_map(
-				fn (IGroup $group) => ['id' => $group->getGID(), 'name' => $group->getDisplayName()],
-				$subAdmin->getSubAdminsGroups($user),
-			);
-			$subAdminGroups = array_values($subAdminGroups);
-		}
-
-		/* QUOTAS PRESETS */
-		$quotaPreset = $this->parseQuotaPreset($this->appConfig->getValueString('files', 'quota_preset', '1 GB, 5 GB, 10 GB'));
-		$allowUnlimitedQuota = $this->appConfig->getValueBool('files', 'allow_unlimited_quota', true);
-		if (!$allowUnlimitedQuota && count($quotaPreset) > 0) {
-			$defaultQuota = $this->appConfig->getValueString('files', 'default_quota', $quotaPreset[0]);
-		} else {
-			$defaultQuota = $this->appConfig->getValueString('files', 'default_quota', 'none');
-		}
-
-		$event = new BeforeTemplateRenderedEvent();
-		$this->dispatcher->dispatch('OC\Settings\Users::loadAdditionalScripts', $event);
-		$this->dispatcher->dispatchTyped($event);
-
-		/* LANGUAGES */
-		$languages = $this->l10nFactory->getLanguages();
-
-		/** Using LDAP or admins (system config) can enfore sorting by group name, in this case the frontend setting is overwritten */
-		$forceSortGroupByName = $sortGroupsBy === MetaData::SORT_GROUPNAME;
-
-		/* FINAL DATA */
-		$serverData = [];
-		// groups
-		$serverData['systemGroups'] = [$adminGroupData, $recentUsersGroup, $disabledUsersGroup];
-		$serverData['subAdminGroups'] = $subAdminGroups ?? [];
-		// Various data
-		$serverData['isAdmin'] = $isAdmin;
-		$serverData['isDelegatedAdmin'] = $isDelegatedAdmin;
-		$serverData['sortGroups'] = $forceSortGroupByName
-			? MetaData::SORT_GROUPNAME
-			: (int)$this->appConfig->getValueString('core', 'group.sortBy', (string)MetaData::SORT_USERCOUNT);
-		$serverData['forceSortGroupByName'] = $forceSortGroupByName;
-		$serverData['quotaPreset'] = $quotaPreset;
-		$serverData['allowUnlimitedQuota'] = $allowUnlimitedQuota;
-		$serverData['userCount'] = $userCount;
-		$serverData['languages'] = $languages;
-		$serverData['defaultLanguage'] = $this->config->getSystemValue('default_language', 'en');
-		$serverData['forceLanguage'] = $this->config->getSystemValue('force_language', false);
-		// Settings
-		$serverData['defaultQuota'] = $defaultQuota;
-		$serverData['canChangePassword'] = $canChangePassword;
-		$serverData['newUserGenerateUserID'] = $this->appConfig->getValueBool('core', 'newUser.generateUserID', false);
-		$serverData['newUserRequireEmail'] = $this->appConfig->getValueBool('core', 'newUser.requireEmail', false);
-		$serverData['newUserSendEmail'] = $this->appConfig->getValueBool('core', 'newUser.sendEmail', true);
-		$serverData['showConfig'] = [];
-		foreach (self::ALLOWED_USER_PREFERENCES as $key) {
-			$serverData['showConfig'][$key] = $this->userConfig->getValueBool($uid, $this->appName, $key, false);
-		}
-
-		$this->initialState->provideInitialState('usersSettings', $serverData);
-
-		Util::addStyle('settings', 'settings');
-		Util::addScript('settings', 'vue-settings-apps-users-management');
-
-		return new TemplateResponse('settings', 'settings/empty', ['pageTitle' => $this->l10n->t('Settings')]);
-	}
-
-	/**
-	 * @param string $key
-	 * @param string $value
-	 *
-	 * @return JSONResponse
-	 */
-	#[AuthorizedAdminSetting(settings:Users::class)]
-	public function setPreference(string $key, string $value): JSONResponse {
-		switch ($key) {
-			case 'newUser.sendEmail':
-				$this->appConfig->setValueBool('core', $key, $value === 'yes');
-				break;
-			case 'group.sortBy':
-				$this->appConfig->setValueString('core', $key, $value);
-				break;
-			default:
-				if (in_array($key, self::ALLOWED_USER_PREFERENCES, true)) {
-					$this->userConfig->setValueBool($this->userSession->getUser()->getUID(), $this->appName, $key, $value === 'true');
-				} else {
-					return new JSONResponse([], Http::STATUS_FORBIDDEN);
-				}
-				break;
-		}
-
-		return new JSONResponse([]);
-	}
-
-	/**
-	 * Parse the app value for quota_present
-	 *
-	 * @param string $quotaPreset
-	 * @return array
-	 */
-	protected function parseQuotaPreset(string $quotaPreset): array {
-		// 1 GB, 5 GB, 10 GB => [1 GB, 5 GB, 10 GB]
-		$presets = array_filter(array_map('trim', explode(',', $quotaPreset)));
-		// Drop default and none, Make array indexes numerically
-		return array_values(array_diff($presets, ['default', 'none']));
-	}
-
-	/**
-	 * check if the admin can change the users password
-	 *
-	 * The admin can change the passwords if:
-	 *
-	 *   - no encryption module is loaded and encryption is disabled
-	 *   - encryption module is loaded but it doesn't require per user keys
-	 *
-	 * The admin can not change the passwords if:
-	 *
-	 *   - an encryption module is loaded and it uses per-user keys
-	 *   - encryption is enabled but no encryption modules are loaded
-	 *
-	 * @return bool
-	 */
-	protected function canAdminChangeUserPasswords(): bool {
-		$isEncryptionEnabled = $this->encryptionManager->isEnabled();
-		try {
-			$noUserSpecificEncryptionKeys = !$this->encryptionManager->getEncryptionModule()->needDetailedAccessList();
-			$isEncryptionModuleLoaded = true;
-		} catch (ModuleDoesNotExistsException $e) {
-			$noUserSpecificEncryptionKeys = true;
-			$isEncryptionModuleLoaded = false;
-		}
-		$canChangePassword = ($isEncryptionModuleLoaded && $noUserSpecificEncryptionKeys)
-			|| (!$isEncryptionModuleLoaded && !$isEncryptionEnabled);
-
-		return $canChangePassword;
-	}
-
-	/**
-	 * @NoSubAdminRequired
-	 *
-	 * @param string|null $avatarScope
-	 * @param string|null $displayname
-	 * @param string|null $displaynameScope
-	 * @param string|null $phone
-	 * @param string|null $phoneScope
-	 * @param string|null $email
-	 * @param string|null $emailScope
-	 * @param string|null $website
-	 * @param string|null $websiteScope
-	 * @param string|null $address
-	 * @param string|null $addressScope
-	 * @param string|null $twitter
-	 * @param string|null $twitterScope
-	 * @param string|null $bluesky
-	 * @param string|null $blueskyScope
-	 * @param string|null $fediverse
-	 * @param string|null $fediverseScope
-	 * @param string|null $birthdate
-	 * @param string|null $birthdateScope
-	 *
-	 * @return DataResponse
-	 */
-	#[NoAdminRequired]
-	#[PasswordConfirmationRequired]
-	#[UserRateLimit(limit: 5, period: 60)]
-	public function setUserSettings(?string $avatarScope = null,
-		?string $displayname = null,
-		?string $displaynameScope = null,
-		?string $phone = null,
-		?string $phoneScope = null,
-		?string $email = null,
-		?string $emailScope = null,
-		?string $website = null,
-		?string $websiteScope = null,
-		?string $address = null,
-		?string $addressScope = null,
-		?string $twitter = null,
-		?string $twitterScope = null,
-		?string $bluesky = null,
-		?string $blueskyScope = null,
-		?string $fediverse = null,
-		?string $fediverseScope = null,
-		?string $birthdate = null,
-		?string $birthdateScope = null,
-		?string $pronouns = null,
-		?string $pronounsScope = null,
-	) {
-		$user = $this->userSession->getUser();
-		if (!$user instanceof IUser) {
-			return new DataResponse(
-				[
-					'status' => 'error',
-					'data' => [
-						'message' => $this->l10n->t('Invalid account')
-					]
-				],
-				Http::STATUS_UNAUTHORIZED
-			);
-		}
-
-		$email = !is_null($email) ? strtolower($email) : $email;
-		if (!empty($email) && !$this->mailer->validateMailAddress($email)) {
-			return new DataResponse(
-				[
-					'status' => 'error',
-					'data' => [
-						'message' => $this->l10n->t('Invalid mail address')
-					]
-				],
-				Http::STATUS_UNPROCESSABLE_ENTITY
-			);
-		}
-
-		$userAccount = $this->accountManager->getAccount($user);
-		$oldPhoneValue = $userAccount->getProperty(IAccountManager::PROPERTY_PHONE)->getValue();
-
-		$updatable = [
-			IAccountManager::PROPERTY_AVATAR => ['value' => null, 'scope' => $avatarScope],
-			IAccountManager::PROPERTY_DISPLAYNAME => ['value' => $displayname, 'scope' => $displaynameScope],
-			IAccountManager::PROPERTY_EMAIL => ['value' => $email, 'scope' => $emailScope],
-			IAccountManager::PROPERTY_WEBSITE => ['value' => $website, 'scope' => $websiteScope],
-			IAccountManager::PROPERTY_ADDRESS => ['value' => $address, 'scope' => $addressScope],
-			IAccountManager::PROPERTY_PHONE => ['value' => $phone, 'scope' => $phoneScope],
-			IAccountManager::PROPERTY_TWITTER => ['value' => $twitter, 'scope' => $twitterScope],
-			IAccountManager::PROPERTY_BLUESKY => ['value' => $bluesky, 'scope' => $blueskyScope],
-			IAccountManager::PROPERTY_FEDIVERSE => ['value' => $fediverse, 'scope' => $fediverseScope],
-			IAccountManager::PROPERTY_BIRTHDATE => ['value' => $birthdate, 'scope' => $birthdateScope],
-			IAccountManager::PROPERTY_PRONOUNS => ['value' => $pronouns, 'scope' => $pronounsScope],
-		];
-		$allowUserToChangeDisplayName = $this->config->getSystemValueBool('allow_user_to_change_display_name', true);
-		foreach ($updatable as $property => $data) {
-			if ($allowUserToChangeDisplayName === false
-				&& in_array($property, [IAccountManager::PROPERTY_DISPLAYNAME, IAccountManager::PROPERTY_EMAIL], true)) {
-				continue;
-			}
-			$property = $userAccount->getProperty($property);
-			if ($data['value'] !== null) {
-				$property->setValue($data['value']);
-			}
-			if ($data['scope'] !== null) {
-				$property->setScope($data['scope']);
-			}
-		}
-
-		try {
-			$this->saveUserSettings($userAccount);
-			if ($oldPhoneValue !== $userAccount->getProperty(IAccountManager::PROPERTY_PHONE)->getValue()) {
-				$this->knownUserService->deleteByContactUserId($user->getUID());
-			}
-			return new DataResponse(
-				[
-					'status' => 'success',
-					'data' => [
-						'userId' => $user->getUID(),
-						'avatarScope' => $userAccount->getProperty(IAccountManager::PROPERTY_AVATAR)->getScope(),
-						'displayname' => $userAccount->getProperty(IAccountManager::PROPERTY_DISPLAYNAME)->getValue(),
-						'displaynameScope' => $userAccount->getProperty(IAccountManager::PROPERTY_DISPLAYNAME)->getScope(),
-						'phone' => $userAccount->getProperty(IAccountManager::PROPERTY_PHONE)->getValue(),
-						'phoneScope' => $userAccount->getProperty(IAccountManager::PROPERTY_PHONE)->getScope(),
-						'email' => $userAccount->getProperty(IAccountManager::PROPERTY_EMAIL)->getValue(),
-						'emailScope' => $userAccount->getProperty(IAccountManager::PROPERTY_EMAIL)->getScope(),
-						'website' => $userAccount->getProperty(IAccountManager::PROPERTY_WEBSITE)->getValue(),
-						'websiteScope' => $userAccount->getProperty(IAccountManager::PROPERTY_WEBSITE)->getScope(),
-						'address' => $userAccount->getProperty(IAccountManager::PROPERTY_ADDRESS)->getValue(),
-						'addressScope' => $userAccount->getProperty(IAccountManager::PROPERTY_ADDRESS)->getScope(),
-						'twitter' => $userAccount->getProperty(IAccountManager::PROPERTY_TWITTER)->getValue(),
-						'twitterScope' => $userAccount->getProperty(IAccountManager::PROPERTY_TWITTER)->getScope(),
-						'bluesky' => $userAccount->getProperty(IAccountManager::PROPERTY_BLUESKY)->getValue(),
-						'blueskyScope' => $userAccount->getProperty(IAccountManager::PROPERTY_BLUESKY)->getScope(),
-						'fediverse' => $userAccount->getProperty(IAccountManager::PROPERTY_FEDIVERSE)->getValue(),
-						'fediverseScope' => $userAccount->getProperty(IAccountManager::PROPERTY_FEDIVERSE)->getScope(),
-						'birthdate' => $userAccount->getProperty(IAccountManager::PROPERTY_BIRTHDATE)->getValue(),
-						'birthdateScope' => $userAccount->getProperty(IAccountManager::PROPERTY_BIRTHDATE)->getScope(),
-						'pronouns' => $userAccount->getProperty(IAccountManager::PROPERTY_PRONOUNS)->getValue(),
-						'pronounsScope' => $userAccount->getProperty(IAccountManager::PROPERTY_PRONOUNS)->getScope(),
-						'message' => $this->l10n->t('Settings saved'),
-					],
-				],
-				Http::STATUS_OK
-			);
-		} catch (ForbiddenException|InvalidArgumentException|PropertyDoesNotExistException $e) {
-			return new DataResponse([
-				'status' => 'error',
-				'data' => [
-					'message' => $e->getMessage()
-				],
-			]);
-		}
-	}
-	/**
-	 * update account manager with new user data
-	 *
-	 * @throws ForbiddenException
-	 * @throws InvalidArgumentException
-	 */
-	protected function saveUserSettings(IAccount $userAccount): void {
-		// keep the user back-end up-to-date with the latest display name and email
-		// address
-		$oldDisplayName = $userAccount->getUser()->getDisplayName();
-		if ($oldDisplayName !== $userAccount->getProperty(IAccountManager::PROPERTY_DISPLAYNAME)->getValue()) {
-			$result = $userAccount->getUser()->setDisplayName($userAccount->getProperty(IAccountManager::PROPERTY_DISPLAYNAME)->getValue());
-			if ($result === false) {
-				throw new ForbiddenException($this->l10n->t('Unable to change full name'));
-			}
-		}
-
-		$oldEmailAddress = $userAccount->getUser()->getSystemEMailAddress();
-		$oldEmailAddress = strtolower((string)$oldEmailAddress);
-		if ($oldEmailAddress !== strtolower($userAccount->getProperty(IAccountManager::PROPERTY_EMAIL)->getValue())) {
-			// this is the only permission a backend provides and is also used
-			// for the permission of setting a email address
-			if (!$userAccount->getUser()->canChangeDisplayName()) {
-				throw new ForbiddenException($this->l10n->t('Unable to change email address'));
-			}
-			$userAccount->getUser()->setSystemEMailAddress($userAccount->getProperty(IAccountManager::PROPERTY_EMAIL)->getValue());
-		}
-
-		try {
-			$this->accountManager->updateAccount($userAccount);
-		} catch (InvalidArgumentException $e) {
-			if ($e->getMessage() === IAccountManager::PROPERTY_PHONE) {
-				throw new InvalidArgumentException($this->l10n->t('Unable to set invalid phone number'));
-			}
-			if ($e->getMessage() === IAccountManager::PROPERTY_WEBSITE) {
-				throw new InvalidArgumentException($this->l10n->t('Unable to set invalid website'));
-			}
-			throw new InvalidArgumentException($this->l10n->t('Some account data was invalid'));
-		}
-	}
-
-	/**
-	 * Set the mail address of a user
-	 *
-	 * @NoSubAdminRequired
-	 *
-	 * @param string $account
-	 * @param bool $onlyVerificationCode only return verification code without updating the data
-	 * @return DataResponse
-	 */
-	#[NoAdminRequired]
-	#[PasswordConfirmationRequired]
-	public function getVerificationCode(string $account, bool $onlyVerificationCode): DataResponse {
-		$user = $this->userSession->getUser();
-
-		if ($user === null) {
-			return new DataResponse([], Http::STATUS_BAD_REQUEST);
-		}
-
-		$userAccount = $this->accountManager->getAccount($user);
-		$cloudId = $user->getCloudId();
-		$message = 'Use my Federated Cloud ID to share with me: ' . $cloudId;
-		$signature = $this->signMessage($user, $message);
-
-		$code = $message . ' ' . $signature;
-		$codeMd5 = $message . ' ' . md5($signature);
-
-		switch ($account) {
-			case 'verify-twitter':
-				$msg = $this->l10n->t('In order to verify your Twitter account, post the following tweet on Twitter (please make sure to post it without any line breaks):');
-				$code = $codeMd5;
-				$type = IAccountManager::PROPERTY_TWITTER;
-				break;
-			case 'verify-website':
-				$msg = $this->l10n->t('In order to verify your Website, store the following content in your web-root at \'.well-known/CloudIdVerificationCode.txt\' (please make sure that the complete text is in one line):');
-				$type = IAccountManager::PROPERTY_WEBSITE;
-				break;
-			default:
-				return new DataResponse([], Http::STATUS_BAD_REQUEST);
-		}
-
-		$userProperty = $userAccount->getProperty($type);
-		$userProperty
-			->setVerified(IAccountManager::VERIFICATION_IN_PROGRESS)
-			->setVerificationData($signature);
-
-		if ($onlyVerificationCode === false) {
-			$this->accountManager->updateAccount($userAccount);
-
-			$this->jobList->add(VerifyUserData::class,
-				[
-					'verificationCode' => $code,
-					'data' => $userProperty->getValue(),
-					'type' => $type,
-					'uid' => $user->getUID(),
-					'try' => 0,
-					'lastRun' => $this->getCurrentTime()
-				]
-			);
-		}
-
-		return new DataResponse(['msg' => $msg, 'code' => $code]);
-	}
-
-	/**
-	 * get current timestamp
-	 *
-	 * @return int
-	 */
-	protected function getCurrentTime(): int {
-		return time();
-	}
-
-	/**
-	 * sign message with users private key
-	 *
-	 * @param IUser $user
-	 * @param string $message
-	 *
-	 * @return string base64 encoded signature
-	 */
-	protected function signMessage(IUser $user, string $message): string {
-		$privateKey = $this->keyManager->getKey($user)->getPrivate();
-		openssl_sign(json_encode($message), $signature, $privateKey, OPENSSL_ALGO_SHA512);
-		return base64_encode($signature);
-	}
+    /** Limit for counting users for subadmins, to avoid spending too much time */
+    private const COUNT_LIMIT_FOR_SUBADMINS = 999;
+
+    public const ALLOWED_USER_PREFERENCES = [
+        ConfigLexicon::USER_LIST_SHOW_STORAGE_PATH,
+        ConfigLexicon::USER_LIST_SHOW_USER_BACKEND,
+        ConfigLexicon::USER_LIST_SHOW_FIRST_LOGIN,
+        ConfigLexicon::USER_LIST_SHOW_LAST_LOGIN,
+        ConfigLexicon::USER_LIST_SHOW_NEW_USER_FORM,
+        ConfigLexicon::USER_LIST_SHOW_LANGUAGES,
+    ];
+
+    public function __construct(
+        string $appName,
+        IRequest $request,
+        private UserManager $userManager,
+        private IGroupManager $groupManager,
+        private IUserSession $userSession,
+        private IConfig $config,
+        private IAppConfig $appConfig,
+        private IUserConfig $userConfig,
+        private IL10N $l10n,
+        private IMailer $mailer,
+        private IFactory $l10nFactory,
+        private IAppManager $appManager,
+        private IAccountManager $accountManager,
+        private Manager $keyManager,
+        private IJobList $jobList,
+        private IManager $encryptionManager,
+        private KnownUserService $knownUserService,
+        private IEventDispatcher $dispatcher,
+        private IInitialState $initialState,
+    ) {
+        parent::__construct($appName, $request);
+    }
+
+
+    /**
+     * Display users list template
+     *
+     * @return TemplateResponse
+     */
+    #[NoAdminRequired]
+    #[NoCSRFRequired]
+    public function usersListByGroup(INavigationManager $navigationManager, ISubAdmin $subAdmin): TemplateResponse {
+        return $this->usersList($navigationManager, $subAdmin);
+    }
+
+    /**
+     * Display users list template
+     *
+     * @return TemplateResponse
+     */
+    #[NoAdminRequired]
+    #[NoCSRFRequired]
+    public function usersList(INavigationManager $navigationManager, ISubAdmin $subAdmin): TemplateResponse {
+        $user = $this->userSession->getUser();
+        $uid = $user->getUID();
+        $isAdmin = $this->groupManager->isAdmin($uid);
+        $isDelegatedAdmin = $this->groupManager->isDelegatedAdmin($uid);
+
+        $navigationManager->setActiveEntry('core_users');
+
+        /* SORT OPTION: SORT_USERCOUNT or SORT_GROUPNAME */
+        $sortGroupsBy = MetaData::SORT_USERCOUNT;
+        $isLDAPUsed = false;
+        if ($this->config->getSystemValueBool('sort_groups_by_name', false)) {
+            $sortGroupsBy = MetaData::SORT_GROUPNAME;
+        } else {
+            if ($this->appManager->isEnabledForUser('user_ldap')) {
+                $isLDAPUsed
+                    = $this->groupManager->isBackendUsed('\OCA\User_LDAP\Group_Proxy');
+                if ($isLDAPUsed) {
+                    // LDAP user count can be slow, so we sort by group name here
+                    $sortGroupsBy = MetaData::SORT_GROUPNAME;
+                }
+            }
+        }
+
+        $canChangePassword = $this->canAdminChangeUserPasswords();
+
+        /* GROUPS */
+        $groupsInfo = new MetaData(
+            $uid,
+            $isAdmin,
+            $isDelegatedAdmin,
+            $this->groupManager,
+            $this->userSession
+        );
+
+        $adminGroup = $this->groupManager->get('admin');
+        $adminGroupData = [
+            'id' => $adminGroup->getGID(),
+            'name' => $adminGroup->getDisplayName(),
+            'usercount' => $sortGroupsBy === MetaData::SORT_USERCOUNT ? $adminGroup->count() : 0,
+            'disabled' => $adminGroup->countDisabled(),
+            'canAdd' => $adminGroup->canAddUser(),
+            'canRemove' => $adminGroup->canRemoveUser(),
+        ];
+
+        if (!$isLDAPUsed && $this->appManager->isEnabledForUser('user_ldap')) {
+            $isLDAPUsed = (bool)array_reduce($this->userManager->getBackends(), function ($ldapFound, $backend) {
+                return $ldapFound || $backend instanceof User_Proxy;
+            });
+        }
+
+        $disabledUsers = -1;
+        $userCount = 0;
+
+        if (!$isLDAPUsed) {
+            if ($isAdmin || $isDelegatedAdmin) {
+                $disabledUsers = $this->userManager->countDisabledUsers();
+                $userCount = array_reduce($this->userManager->countUsers(), function ($v, $w) {
+                    return $v + (int)$w;
+                }, 0);
+            } else {
+                // User is subadmin !
+                [$userCount,$disabledUsers] = $this->userManager->countUsersAndDisabledUsersOfGroups($groupsInfo->getGroups(), self::COUNT_LIMIT_FOR_SUBADMINS);
+            }
+
+            if ($disabledUsers > 0) {
+                $userCount -= $disabledUsers;
+            }
+        }
+
+        $recentUsersGroup = [
+            'id' => '__nc_internal_recent',
+            'name' => $this->l10n->t('Recently active'),
+            'usercount' => $this->userManager->countSeenUsers(),
+        ];
+
+        $disabledUsersGroup = [
+            'id' => 'disabled',
+            'name' => $this->l10n->t('Disabled accounts'),
+            'usercount' => $disabledUsers
+        ];
+
+        if (!$isAdmin && !$isDelegatedAdmin) {
+            $subAdminGroups = array_map(
+                fn (IGroup $group) => ['id' => $group->getGID(), 'name' => $group->getDisplayName()],
+                $subAdmin->getSubAdminsGroups($user),
+            );
+            $subAdminGroups = array_values($subAdminGroups);
+        }
+
+        /* QUOTAS PRESETS */
+        $quotaPreset = $this->parseQuotaPreset($this->appConfig->getValueString('files', 'quota_preset', '1 GB, 5 GB, 10 GB'));
+        $allowUnlimitedQuota = $this->appConfig->getValueBool('files', 'allow_unlimited_quota', true);
+        if (!$allowUnlimitedQuota && count($quotaPreset) > 0) {
+            $defaultQuota = $this->appConfig->getValueString('files', 'default_quota', $quotaPreset[0]);
+        } else {
+            $defaultQuota = $this->appConfig->getValueString('files', 'default_quota', 'none');
+        }
+
+        $event = new BeforeTemplateRenderedEvent();
+        $this->dispatcher->dispatch('OC\Settings\Users::loadAdditionalScripts', $event);
+        $this->dispatcher->dispatchTyped($event);
+
+        /* LANGUAGES */
+        $languages = $this->l10nFactory->getLanguages();
+
+        /** Using LDAP or admins (system config) can enfore sorting by group name, in this case the frontend setting is overwritten */
+        $forceSortGroupByName = $sortGroupsBy === MetaData::SORT_GROUPNAME;
+
+        /* FINAL DATA */
+        $serverData = [];
+        // groups
+        $serverData['systemGroups'] = [$adminGroupData, $recentUsersGroup, $disabledUsersGroup];
+        $serverData['subAdminGroups'] = $subAdminGroups ?? [];
+        // Various data
+        $serverData['isAdmin'] = $isAdmin;
+        $serverData['isDelegatedAdmin'] = $isDelegatedAdmin;
+        $serverData['sortGroups'] = $forceSortGroupByName
+            ? MetaData::SORT_GROUPNAME
+            : (int)$this->appConfig->getValueString('core', 'group.sortBy', (string)MetaData::SORT_USERCOUNT);
+        $serverData['forceSortGroupByName'] = $forceSortGroupByName;
+        $serverData['quotaPreset'] = $quotaPreset;
+        $serverData['allowUnlimitedQuota'] = $allowUnlimitedQuota;
+        $serverData['userCount'] = $userCount;
+        $serverData['languages'] = $languages;
+        $serverData['defaultLanguage'] = $this->config->getSystemValue('default_language', 'en');
+        $serverData['forceLanguage'] = $this->config->getSystemValue('force_language', false);
+        // Settings
+        $serverData['defaultQuota'] = $defaultQuota;
+        $serverData['canChangePassword'] = $canChangePassword;
+        $serverData['newUserGenerateUserID'] = $this->appConfig->getValueBool('core', 'newUser.generateUserID', false);
+        $serverData['newUserRequireEmail'] = $this->appConfig->getValueBool('core', 'newUser.requireEmail', false);
+        $serverData['newUserSendEmail'] = $this->appConfig->getValueBool('core', 'newUser.sendEmail', true);
+        $serverData['showConfig'] = [];
+        foreach (self::ALLOWED_USER_PREFERENCES as $key) {
+            $serverData['showConfig'][$key] = $this->userConfig->getValueBool($uid, $this->appName, $key, false);
+        }
+
+        $this->initialState->provideInitialState('usersSettings', $serverData);
+
+        Util::addStyle('settings', 'settings');
+        Util::addScript('settings', 'vue-settings-apps-users-management');
+
+        return new TemplateResponse('settings', 'settings/empty', ['pageTitle' => $this->l10n->t('Settings')]);
+    }
+
+    /**
+     * @param string $key
+     * @param string $value
+     *
+     * @return JSONResponse
+     */
+    #[AuthorizedAdminSetting(settings:Users::class)]
+    public function setPreference(string $key, string $value): JSONResponse {
+        switch ($key) {
+            case 'newUser.sendEmail':
+                $this->appConfig->setValueBool('core', $key, $value === 'yes');
+                break;
+            case 'group.sortBy':
+                $this->appConfig->setValueString('core', $key, $value);
+                break;
+            default:
+                if (in_array($key, self::ALLOWED_USER_PREFERENCES, true)) {
+                    $this->userConfig->setValueBool($this->userSession->getUser()->getUID(), $this->appName, $key, $value === 'true');
+                } else {
+                    return new JSONResponse([], Http::STATUS_FORBIDDEN);
+                }
+                break;
+        }
+
+        return new JSONResponse([]);
+    }
+
+    /**
+     * Parse the app value for quota_present
+     *
+     * @param string $quotaPreset
+     * @return array
+     */
+    protected function parseQuotaPreset(string $quotaPreset): array {
+        // 1 GB, 5 GB, 10 GB => [1 GB, 5 GB, 10 GB]
+        $presets = array_filter(array_map('trim', explode(',', $quotaPreset)));
+        // Drop default and none, Make array indexes numerically
+        return array_values(array_diff($presets, ['default', 'none']));
+    }
+
+    /**
+     * check if the admin can change the users password
+     *
+     * The admin can change the passwords if:
+     *
+     *   - no encryption module is loaded and encryption is disabled
+     *   - encryption module is loaded but it doesn't require per user keys
+     *
+     * The admin can not change the passwords if:
+     *
+     *   - an encryption module is loaded and it uses per-user keys
+     *   - encryption is enabled but no encryption modules are loaded
+     *
+     * @return bool
+     */
+    protected function canAdminChangeUserPasswords(): bool {
+        $isEncryptionEnabled = $this->encryptionManager->isEnabled();
+        try {
+            $noUserSpecificEncryptionKeys = !$this->encryptionManager->getEncryptionModule()->needDetailedAccessList();
+            $isEncryptionModuleLoaded = true;
+        } catch (ModuleDoesNotExistsException $e) {
+            $noUserSpecificEncryptionKeys = true;
+            $isEncryptionModuleLoaded = false;
+        }
+        $canChangePassword = ($isEncryptionModuleLoaded && $noUserSpecificEncryptionKeys)
+            || (!$isEncryptionModuleLoaded && !$isEncryptionEnabled);
+
+        return $canChangePassword;
+    }
+
+    /**
+     * @NoSubAdminRequired
+     *
+     * @param string|null $avatarScope
+     * @param string|null $displayname
+     * @param string|null $displaynameScope
+     * @param string|null $phone
+     * @param string|null $phoneScope
+     * @param string|null $email
+     * @param string|null $emailScope
+     * @param string|null $website
+     * @param string|null $websiteScope
+     * @param string|null $address
+     * @param string|null $addressScope
+     * @param string|null $twitter
+     * @param string|null $twitterScope
+     * @param string|null $bluesky
+     * @param string|null $blueskyScope
+     * @param string|null $fediverse
+     * @param string|null $fediverseScope
+     * @param string|null $birthdate
+     * @param string|null $birthdateScope
+     *
+     * @return DataResponse
+     */
+    #[NoAdminRequired]
+    #[PasswordConfirmationRequired]
+    #[UserRateLimit(limit: 5, period: 60)]
+    public function setUserSettings(?string $avatarScope = null,
+        ?string $displayname = null,
+        ?string $displaynameScope = null,
+        ?string $phone = null,
+        ?string $phoneScope = null,
+        ?string $email = null,
+        ?string $emailScope = null,
+        ?string $website = null,
+        ?string $websiteScope = null,
+        ?string $address = null,
+        ?string $addressScope = null,
+        ?string $twitter = null,
+        ?string $twitterScope = null,
+        ?string $bluesky = null,
+        ?string $blueskyScope = null,
+        ?string $fediverse = null,
+        ?string $fediverseScope = null,
+        ?string $birthdate = null,
+        ?string $birthdateScope = null,
+        ?string $pronouns = null,
+        ?string $pronounsScope = null,
+    ) {
+        $user = $this->userSession->getUser();
+        if (!$user instanceof IUser) {
+            return new DataResponse(
+                [
+                    'status' => 'error',
+                    'data' => [
+                        'message' => $this->l10n->t('Invalid account')
+                    ]
+                ],
+                Http::STATUS_UNAUTHORIZED
+            );
+        }
+
+        $email = !is_null($email) ? strtolower($email) : $email;
+        if (!empty($email) && !$this->mailer->validateMailAddress($email)) {
+            return new DataResponse(
+                [
+                    'status' => 'error',
+                    'data' => [
+                        'message' => $this->l10n->t('Invalid mail address')
+                    ]
+                ],
+                Http::STATUS_UNPROCESSABLE_ENTITY
+            );
+        }
+
+        $userAccount = $this->accountManager->getAccount($user);
+        $oldPhoneValue = $userAccount->getProperty(IAccountManager::PROPERTY_PHONE)->getValue();
+
+        $updatable = [
+            IAccountManager::PROPERTY_AVATAR => ['value' => null, 'scope' => $avatarScope],
+            IAccountManager::PROPERTY_DISPLAYNAME => ['value' => $displayname, 'scope' => $displaynameScope],
+            IAccountManager::PROPERTY_EMAIL => ['value' => $email, 'scope' => $emailScope],
+            IAccountManager::PROPERTY_WEBSITE => ['value' => $website, 'scope' => $websiteScope],
+            IAccountManager::PROPERTY_ADDRESS => ['value' => $address, 'scope' => $addressScope],
+            IAccountManager::PROPERTY_PHONE => ['value' => $phone, 'scope' => $phoneScope],
+            IAccountManager::PROPERTY_TWITTER => ['value' => $twitter, 'scope' => $twitterScope],
+            IAccountManager::PROPERTY_BLUESKY => ['value' => $bluesky, 'scope' => $blueskyScope],
+            IAccountManager::PROPERTY_FEDIVERSE => ['value' => $fediverse, 'scope' => $fediverseScope],
+            IAccountManager::PROPERTY_BIRTHDATE => ['value' => $birthdate, 'scope' => $birthdateScope],
+            IAccountManager::PROPERTY_PRONOUNS => ['value' => $pronouns, 'scope' => $pronounsScope],
+        ];
+        $allowUserToChangeDisplayName = $this->config->getSystemValueBool('allow_user_to_change_display_name', true);
+        foreach ($updatable as $property => $data) {
+            if ($allowUserToChangeDisplayName === false
+                && in_array($property, [IAccountManager::PROPERTY_DISPLAYNAME, IAccountManager::PROPERTY_EMAIL], true)) {
+                continue;
+            }
+            $property = $userAccount->getProperty($property);
+            if ($data['value'] !== null) {
+                $property->setValue($data['value']);
+            }
+            if ($data['scope'] !== null) {
+                $property->setScope($data['scope']);
+            }
+        }
+
+        try {
+            $this->saveUserSettings($userAccount);
+            if ($oldPhoneValue !== $userAccount->getProperty(IAccountManager::PROPERTY_PHONE)->getValue()) {
+                $this->knownUserService->deleteByContactUserId($user->getUID());
+            }
+            return new DataResponse(
+                [
+                    'status' => 'success',
+                    'data' => [
+                        'userId' => $user->getUID(),
+                        'avatarScope' => $userAccount->getProperty(IAccountManager::PROPERTY_AVATAR)->getScope(),
+                        'displayname' => $userAccount->getProperty(IAccountManager::PROPERTY_DISPLAYNAME)->getValue(),
+                        'displaynameScope' => $userAccount->getProperty(IAccountManager::PROPERTY_DISPLAYNAME)->getScope(),
+                        'phone' => $userAccount->getProperty(IAccountManager::PROPERTY_PHONE)->getValue(),
+                        'phoneScope' => $userAccount->getProperty(IAccountManager::PROPERTY_PHONE)->getScope(),
+                        'email' => $userAccount->getProperty(IAccountManager::PROPERTY_EMAIL)->getValue(),
+                        'emailScope' => $userAccount->getProperty(IAccountManager::PROPERTY_EMAIL)->getScope(),
+                        'website' => $userAccount->getProperty(IAccountManager::PROPERTY_WEBSITE)->getValue(),
+                        'websiteScope' => $userAccount->getProperty(IAccountManager::PROPERTY_WEBSITE)->getScope(),
+                        'address' => $userAccount->getProperty(IAccountManager::PROPERTY_ADDRESS)->getValue(),
+                        'addressScope' => $userAccount->getProperty(IAccountManager::PROPERTY_ADDRESS)->getScope(),
+                        'twitter' => $userAccount->getProperty(IAccountManager::PROPERTY_TWITTER)->getValue(),
+                        'twitterScope' => $userAccount->getProperty(IAccountManager::PROPERTY_TWITTER)->getScope(),
+                        'bluesky' => $userAccount->getProperty(IAccountManager::PROPERTY_BLUESKY)->getValue(),
+                        'blueskyScope' => $userAccount->getProperty(IAccountManager::PROPERTY_BLUESKY)->getScope(),
+                        'fediverse' => $userAccount->getProperty(IAccountManager::PROPERTY_FEDIVERSE)->getValue(),
+                        'fediverseScope' => $userAccount->getProperty(IAccountManager::PROPERTY_FEDIVERSE)->getScope(),
+                        'birthdate' => $userAccount->getProperty(IAccountManager::PROPERTY_BIRTHDATE)->getValue(),
+                        'birthdateScope' => $userAccount->getProperty(IAccountManager::PROPERTY_BIRTHDATE)->getScope(),
+                        'pronouns' => $userAccount->getProperty(IAccountManager::PROPERTY_PRONOUNS)->getValue(),
+                        'pronounsScope' => $userAccount->getProperty(IAccountManager::PROPERTY_PRONOUNS)->getScope(),
+                        'message' => $this->l10n->t('Settings saved'),
+                    ],
+                ],
+                Http::STATUS_OK
+            );
+        } catch (ForbiddenException|InvalidArgumentException|PropertyDoesNotExistException $e) {
+            return new DataResponse([
+                'status' => 'error',
+                'data' => [
+                    'message' => $e->getMessage()
+                ],
+            ]);
+        }
+    }
+    /**
+     * update account manager with new user data
+     *
+     * @throws ForbiddenException
+     * @throws InvalidArgumentException
+     */
+    protected function saveUserSettings(IAccount $userAccount): void {
+        // keep the user back-end up-to-date with the latest display name and email
+        // address
+        $oldDisplayName = $userAccount->getUser()->getDisplayName();
+        if ($oldDisplayName !== $userAccount->getProperty(IAccountManager::PROPERTY_DISPLAYNAME)->getValue()) {
+            $result = $userAccount->getUser()->setDisplayName($userAccount->getProperty(IAccountManager::PROPERTY_DISPLAYNAME)->getValue());
+            if ($result === false) {
+                throw new ForbiddenException($this->l10n->t('Unable to change full name'));
+            }
+        }
+
+        $oldEmailAddress = $userAccount->getUser()->getSystemEMailAddress();
+        $oldEmailAddress = strtolower((string)$oldEmailAddress);
+        if ($oldEmailAddress !== strtolower($userAccount->getProperty(IAccountManager::PROPERTY_EMAIL)->getValue())) {
+            // this is the only permission a backend provides and is also used
+            // for the permission of setting a email address
+            if (!$userAccount->getUser()->canChangeDisplayName()) {
+                throw new ForbiddenException($this->l10n->t('Unable to change email address'));
+            }
+            $userAccount->getUser()->setSystemEMailAddress($userAccount->getProperty(IAccountManager::PROPERTY_EMAIL)->getValue());
+        }
+
+        try {
+            $this->accountManager->updateAccount($userAccount);
+        } catch (InvalidArgumentException $e) {
+            if ($e->getMessage() === IAccountManager::PROPERTY_PHONE) {
+                throw new InvalidArgumentException($this->l10n->t('Unable to set invalid phone number'));
+            }
+            if ($e->getMessage() === IAccountManager::PROPERTY_WEBSITE) {
+                throw new InvalidArgumentException($this->l10n->t('Unable to set invalid website'));
+            }
+            throw new InvalidArgumentException($this->l10n->t('Some account data was invalid'));
+        }
+    }
+
+    /**
+     * Set the mail address of a user
+     *
+     * @NoSubAdminRequired
+     *
+     * @param string $account
+     * @param bool $onlyVerificationCode only return verification code without updating the data
+     * @return DataResponse
+     */
+    #[NoAdminRequired]
+    #[PasswordConfirmationRequired]
+    public function getVerificationCode(string $account, bool $onlyVerificationCode): DataResponse {
+        $user = $this->userSession->getUser();
+
+        if ($user === null) {
+            return new DataResponse([], Http::STATUS_BAD_REQUEST);
+        }
+
+        $userAccount = $this->accountManager->getAccount($user);
+        $cloudId = $user->getCloudId();
+        $message = 'Use my Federated Cloud ID to share with me: ' . $cloudId;
+        $signature = $this->signMessage($user, $message);
+
+        $code = $message . ' ' . $signature;
+        $codeMd5 = $message . ' ' . md5($signature);
+
+        switch ($account) {
+            case 'verify-twitter':
+                $msg = $this->l10n->t('In order to verify your Twitter account, post the following tweet on Twitter (please make sure to post it without any line breaks):');
+                $code = $codeMd5;
+                $type = IAccountManager::PROPERTY_TWITTER;
+                break;
+            case 'verify-website':
+                $msg = $this->l10n->t('In order to verify your Website, store the following content in your web-root at \'.well-known/CloudIdVerificationCode.txt\' (please make sure that the complete text is in one line):');
+                $type = IAccountManager::PROPERTY_WEBSITE;
+                break;
+            default:
+                return new DataResponse([], Http::STATUS_BAD_REQUEST);
+        }
+
+        $userProperty = $userAccount->getProperty($type);
+        $userProperty
+            ->setVerified(IAccountManager::VERIFICATION_IN_PROGRESS)
+            ->setVerificationData($signature);
+
+        if ($onlyVerificationCode === false) {
+            $this->accountManager->updateAccount($userAccount);
+
+            $this->jobList->add(VerifyUserData::class,
+                [
+                    'verificationCode' => $code,
+                    'data' => $userProperty->getValue(),
+                    'type' => $type,
+                    'uid' => $user->getUID(),
+                    'try' => 0,
+                    'lastRun' => $this->getCurrentTime()
+                ]
+            );
+        }
+
+        return new DataResponse(['msg' => $msg, 'code' => $code]);
+    }
+
+    /**
+     * get current timestamp
+     *
+     * @return int
+     */
+    protected function getCurrentTime(): int {
+        return time();
+    }
+
+    /**
+     * sign message with users private key
+     *
+     * @param IUser $user
+     * @param string $message
+     *
+     * @return string base64 encoded signature
+     */
+    protected function signMessage(IUser $user, string $message): string {
+        $privateKey = $this->keyManager->getKey($user)->getPrivate();
+        openssl_sign(json_encode($message), $signature, $privateKey, OPENSSL_ALGO_SHA512);
+        return base64_encode($signature);
+    }
 }

Spacing +10 added lines, -10 removed lines

@@ -160,7 +160,7 @@ 
 		];
 
 		if (!$isLDAPUsed && $this->appManager->isEnabledForUser('user_ldap')) {
-			$isLDAPUsed = (bool)array_reduce($this->userManager->getBackends(), function ($ldapFound, $backend) {
+			$isLDAPUsed = (bool) array_reduce($this->userManager->getBackends(), function($ldapFound, $backend) {
 				return $ldapFound || $backend instanceof User_Proxy;
 			});
 		}
@@ -171,12 +171,12 @@ 
 		if (!$isLDAPUsed) {
 			if ($isAdmin || $isDelegatedAdmin) {
 				$disabledUsers = $this->userManager->countDisabledUsers();
-				$userCount = array_reduce($this->userManager->countUsers(), function ($v, $w) {
-					return $v + (int)$w;
+				$userCount = array_reduce($this->userManager->countUsers(), function($v, $w) {
+					return $v + (int) $w;
 				}, 0);
 			} else {
 				// User is subadmin !
-				[$userCount,$disabledUsers] = $this->userManager->countUsersAndDisabledUsersOfGroups($groupsInfo->getGroups(), self::COUNT_LIMIT_FOR_SUBADMINS);
+				[$userCount, $disabledUsers] = $this->userManager->countUsersAndDisabledUsersOfGroups($groupsInfo->getGroups(), self::COUNT_LIMIT_FOR_SUBADMINS);
 			}
 
 			if ($disabledUsers > 0) {
@@ -233,7 +233,7 @@ 
 		$serverData['isDelegatedAdmin'] = $isDelegatedAdmin;
 		$serverData['sortGroups'] = $forceSortGroupByName
 			? MetaData::SORT_GROUPNAME
-			: (int)$this->appConfig->getValueString('core', 'group.sortBy', (string)MetaData::SORT_USERCOUNT);
+			: (int) $this->appConfig->getValueString('core', 'group.sortBy', (string) MetaData::SORT_USERCOUNT);
 		$serverData['forceSortGroupByName'] = $forceSortGroupByName;
 		$serverData['quotaPreset'] = $quotaPreset;
 		$serverData['allowUnlimitedQuota'] = $allowUnlimitedQuota;
@@ -473,7 +473,7 @@ 
 				],
 				Http::STATUS_OK
 			);
-		} catch (ForbiddenException|InvalidArgumentException|PropertyDoesNotExistException $e) {
+		} catch (ForbiddenException | InvalidArgumentException | PropertyDoesNotExistException $e) {
 			return new DataResponse([
 				'status' => 'error',
 				'data' => [
@@ -500,7 +500,7 @@ 
 		}
 
 		$oldEmailAddress = $userAccount->getUser()->getSystemEMailAddress();
-		$oldEmailAddress = strtolower((string)$oldEmailAddress);
+		$oldEmailAddress = strtolower((string) $oldEmailAddress);
 		if ($oldEmailAddress !== strtolower($userAccount->getProperty(IAccountManager::PROPERTY_EMAIL)->getValue())) {
 			// this is the only permission a backend provides and is also used
 			// for the permission of setting a email address
@@ -543,11 +543,11 @@ 
 
 		$userAccount = $this->accountManager->getAccount($user);
 		$cloudId = $user->getCloudId();
-		$message = 'Use my Federated Cloud ID to share with me: ' . $cloudId;
+		$message = 'Use my Federated Cloud ID to share with me: '.$cloudId;
 		$signature = $this->signMessage($user, $message);
 
-		$code = $message . ' ' . $signature;
-		$codeMd5 = $message . ' ' . md5($signature);
+		$code = $message.' '.$signature;
+		$codeMd5 = $message.' '.md5($signature);
 
 		switch ($account) {
 			case 'verify-twitter':

apps/settings/tests/Controller/UsersControllerTest.php

Indentation +1011 added lines, -1011 removed lines

@@ -44,1015 +44,1015 @@
  */
 #[\PHPUnit\Framework\Attributes\Group('DB')]
 class UsersControllerTest extends \Test\TestCase {
-	private IGroupManager&MockObject $groupManager;
-	private UserManager&MockObject $userManager;
-	private IUserSession&MockObject $userSession;
-	private IConfig&MockObject $config;
-	private IAppConfig&MockObject $appConfig;
-	private IUserConfig&MockObject $userConfig;
-	private IMailer&MockObject $mailer;
-	private IFactory&MockObject $l10nFactory;
-	private IAppManager&MockObject $appManager;
-	private IL10N&MockObject $l;
-	private AccountManager&MockObject $accountManager;
-	private IJobList&MockObject $jobList;
-	private \OC\Security\IdentityProof\Manager&MockObject $securityManager;
-	private IManager&MockObject $encryptionManager;
-	private KnownUserService&MockObject $knownUserService;
-	private IEncryptionModule&MockObject $encryptionModule;
-	private IEventDispatcher&MockObject $dispatcher;
-	private IInitialState&MockObject $initialState;
-
-	protected function setUp(): void {
-		parent::setUp();
-
-		$this->userManager = $this->createMock(UserManager::class);
-		$this->groupManager = $this->createMock(Manager::class);
-		$this->userSession = $this->createMock(IUserSession::class);
-		$this->config = $this->createMock(IConfig::class);
-		$this->appConfig = $this->createMock(IAppConfig::class);
-		$this->userConfig = $this->createMock(IUserConfig::class);
-		$this->l = $this->createMock(IL10N::class);
-		$this->mailer = $this->createMock(IMailer::class);
-		$this->l10nFactory = $this->createMock(IFactory::class);
-		$this->appManager = $this->createMock(IAppManager::class);
-		$this->accountManager = $this->createMock(AccountManager::class);
-		$this->securityManager = $this->createMock(\OC\Security\IdentityProof\Manager::class);
-		$this->jobList = $this->createMock(IJobList::class);
-		$this->encryptionManager = $this->createMock(IManager::class);
-		$this->knownUserService = $this->createMock(KnownUserService::class);
-		$this->dispatcher = $this->createMock(IEventDispatcher::class);
-		$this->initialState = $this->createMock(IInitialState::class);
-
-		$this->l->method('t')
-			->willReturnCallback(function ($text, $parameters = []) {
-				return vsprintf($text, $parameters);
-			});
-
-		$this->encryptionModule = $this->createMock(IEncryptionModule::class);
-		$this->encryptionManager->expects($this->any())->method('getEncryptionModules')
-			->willReturn(['encryptionModule' => ['callback' => function () {
-				return $this->encryptionModule;
-			}]]);
-	}
-
-	/**
-	 * @param bool $isAdmin
-	 * @return UsersController|MockObject
-	 */
-	protected function getController(bool $isAdmin = false, array $mockedMethods = []) {
-		$this->groupManager->expects($this->any())
-			->method('isAdmin')
-			->willReturn($isAdmin);
-
-		if (empty($mockedMethods)) {
-			return new UsersController(
-				'settings',
-				$this->createMock(IRequest::class),
-				$this->userManager,
-				$this->groupManager,
-				$this->userSession,
-				$this->config,
-				$this->appConfig,
-				$this->userConfig,
-				$this->l,
-				$this->mailer,
-				$this->l10nFactory,
-				$this->appManager,
-				$this->accountManager,
-				$this->securityManager,
-				$this->jobList,
-				$this->encryptionManager,
-				$this->knownUserService,
-				$this->dispatcher,
-				$this->initialState,
-			);
-		} else {
-			return $this->getMockBuilder(UsersController::class)
-				->setConstructorArgs(
-					[
-						'settings',
-						$this->createMock(IRequest::class),
-						$this->userManager,
-						$this->groupManager,
-						$this->userSession,
-						$this->config,
-						$this->appConfig,
-						$this->userConfig,
-						$this->l,
-						$this->mailer,
-						$this->l10nFactory,
-						$this->appManager,
-						$this->accountManager,
-						$this->securityManager,
-						$this->jobList,
-						$this->encryptionManager,
-						$this->knownUserService,
-						$this->dispatcher,
-						$this->initialState,
-					]
-				)
-				->onlyMethods($mockedMethods)
-				->getMock();
-		}
-	}
-
-	protected function buildPropertyMock(string $name, string $value, string $scope, string $verified = IAccountManager::VERIFIED): MockObject {
-		$property = $this->createMock(IAccountProperty::class);
-		$property->expects($this->any())
-			->method('getName')
-			->willReturn($name);
-		$property->expects($this->any())
-			->method('getValue')
-			->willReturn($value);
-		$property->expects($this->any())
-			->method('getScope')
-			->willReturn($scope);
-		$property->expects($this->any())
-			->method('getVerified')
-			->willReturn($verified);
-
-		return $property;
-	}
-
-	protected function getDefaultAccountMock(): MockObject {
-		$propertyMocks = [
-			IAccountManager::PROPERTY_DISPLAYNAME => $this->buildPropertyMock(
-				IAccountManager::PROPERTY_DISPLAYNAME,
-				'Default display name',
-				IAccountManager::SCOPE_FEDERATED,
-			),
-			IAccountManager::PROPERTY_ADDRESS => $this->buildPropertyMock(
-				IAccountManager::PROPERTY_ADDRESS,
-				'Default address',
-				IAccountManager::SCOPE_LOCAL,
-			),
-			IAccountManager::PROPERTY_WEBSITE => $this->buildPropertyMock(
-				IAccountManager::PROPERTY_WEBSITE,
-				'Default website',
-				IAccountManager::SCOPE_LOCAL,
-			),
-			IAccountManager::PROPERTY_EMAIL => $this->buildPropertyMock(
-				IAccountManager::PROPERTY_EMAIL,
-				'Default email',
-				IAccountManager::SCOPE_FEDERATED,
-			),
-			IAccountManager::PROPERTY_AVATAR => $this->buildPropertyMock(
-				IAccountManager::PROPERTY_AVATAR,
-				'',
-				IAccountManager::SCOPE_FEDERATED,
-			),
-			IAccountManager::PROPERTY_PHONE => $this->buildPropertyMock(
-				IAccountManager::PROPERTY_PHONE,
-				'Default phone',
-				IAccountManager::SCOPE_LOCAL,
-			),
-			IAccountManager::PROPERTY_TWITTER => $this->buildPropertyMock(
-				IAccountManager::PROPERTY_TWITTER,
-				'Default twitter',
-				IAccountManager::SCOPE_LOCAL,
-			),
-			IAccountManager::PROPERTY_BLUESKY => $this->buildPropertyMock(
-				IAccountManager::PROPERTY_BLUESKY,
-				'Default bluesky',
-				IAccountManager::SCOPE_LOCAL,
-			),
-			IAccountManager::PROPERTY_FEDIVERSE => $this->buildPropertyMock(
-				IAccountManager::PROPERTY_FEDIVERSE,
-				'Default fediverse',
-				IAccountManager::SCOPE_LOCAL,
-			),
-			IAccountManager::PROPERTY_BIRTHDATE => $this->buildPropertyMock(
-				IAccountManager::PROPERTY_BIRTHDATE,
-				'Default birthdate',
-				IAccountManager::SCOPE_LOCAL,
-			),
-			IAccountManager::PROPERTY_PRONOUNS => $this->buildPropertyMock(
-				IAccountManager::PROPERTY_PRONOUNS,
-				'Default pronouns',
-				IAccountManager::SCOPE_LOCAL,
-			),
-		];
-
-		$account = $this->createMock(IAccount::class);
-		$account->expects($this->any())
-			->method('getProperty')
-			->willReturnCallback(function (string $propertyName) use ($propertyMocks) {
-				if (isset($propertyMocks[$propertyName])) {
-					return $propertyMocks[$propertyName];
-				}
-				throw new PropertyDoesNotExistException($propertyName);
-			});
-		$account->expects($this->any())
-			->method('getProperties')
-			->willReturn($propertyMocks);
-
-		return $account;
-	}
-
-	#[\PHPUnit\Framework\Attributes\DataProvider('dataTestSetUserSettings')]
-	public function testSetUserSettings(string $email, bool $validEmail, int $expectedStatus): void {
-		$controller = $this->getController(false, ['saveUserSettings']);
-		$user = $this->createMock(IUser::class);
-		$user->method('getUID')->willReturn('johndoe');
-
-		$this->userSession->method('getUser')->willReturn($user);
-
-		if (!empty($email) && $validEmail) {
-			$this->mailer->expects($this->once())->method('validateMailAddress')
-				->willReturn($validEmail);
-		}
-
-		$saveData = (!empty($email) && $validEmail) || empty($email);
-
-		if ($saveData) {
-			$this->accountManager->expects($this->once())
-				->method('getAccount')
-				->with($user)
-				->willReturn($this->getDefaultAccountMock());
-
-			$controller->expects($this->once())
-				->method('saveUserSettings');
-		} else {
-			$controller->expects($this->never())->method('saveUserSettings');
-		}
-
-		$result = $controller->setUserSettings(
-			AccountManager::SCOPE_FEDERATED,
-			'displayName',
-			AccountManager::SCOPE_FEDERATED,
-			'47658468',
-			AccountManager::SCOPE_FEDERATED,
-			$email,
-			AccountManager::SCOPE_FEDERATED,
-			'nextcloud.com',
-			AccountManager::SCOPE_FEDERATED,
-			'street and city',
-			AccountManager::SCOPE_FEDERATED,
-			'@nextclouders',
-			AccountManager::SCOPE_FEDERATED,
-			'@nextclouders',
-			AccountManager::SCOPE_FEDERATED,
-			'2020-01-01',
-			AccountManager::SCOPE_FEDERATED,
-			'they/them',
-			AccountManager::SCOPE_FEDERATED,
-		);
-
-		$this->assertSame($expectedStatus, $result->getStatus());
-	}
-
-	public static function dataTestSetUserSettings(): array {
-		return [
-			['', true, Http::STATUS_OK],
-			['', false, Http::STATUS_OK],
-			['example.com', false, Http::STATUS_UNPROCESSABLE_ENTITY],
-			['john@example.com', true, Http::STATUS_OK],
-		];
-	}
-
-	public function testSetUserSettingsWhenUserDisplayNameChangeNotAllowed(): void {
-		$controller = $this->getController(false, ['saveUserSettings']);
-
-		$avatarScope = IAccountManager::SCOPE_PUBLISHED;
-		$displayName = 'Display name';
-		$displayNameScope = IAccountManager::SCOPE_PUBLISHED;
-		$phone = '47658468';
-		$phoneScope = IAccountManager::SCOPE_PUBLISHED;
-		$email = 'john@example.com';
-		$emailScope = IAccountManager::SCOPE_PUBLISHED;
-		$website = 'nextcloud.com';
-		$websiteScope = IAccountManager::SCOPE_PUBLISHED;
-		$address = 'street and city';
-		$addressScope = IAccountManager::SCOPE_PUBLISHED;
-		$twitter = '@nextclouders';
-		$twitterScope = IAccountManager::SCOPE_PUBLISHED;
-		$fediverse = '@nextclouders@floss.social';
-		$fediverseScope = IAccountManager::SCOPE_PUBLISHED;
-		$birtdate = '2020-01-01';
-		$birthdateScope = IAccountManager::SCOPE_PUBLISHED;
-		$pronouns = 'she/her';
-		$pronounsScope = IAccountManager::SCOPE_PUBLISHED;
-
-		$user = $this->createMock(IUser::class);
-		$user->method('getUID')->willReturn('johndoe');
-
-		$this->userSession->method('getUser')->willReturn($user);
-
-		/** @var MockObject|IAccount $userAccount */
-		$userAccount = $this->getDefaultAccountMock();
-		$this->accountManager->expects($this->once())
-			->method('getAccount')
-			->with($user)
-			->willReturn($userAccount);
-
-		/** @var MockObject|IAccountProperty $avatarProperty */
-		$avatarProperty = $userAccount->getProperty(IAccountManager::PROPERTY_AVATAR);
-		$avatarProperty->expects($this->atLeastOnce())
-			->method('setScope')
-			->with($avatarScope)
-			->willReturnSelf();
-
-		/** @var MockObject|IAccountProperty $avatarProperty */
-		$avatarProperty = $userAccount->getProperty(IAccountManager::PROPERTY_ADDRESS);
-		$avatarProperty->expects($this->atLeastOnce())
-			->method('setScope')
-			->with($addressScope)
-			->willReturnSelf();
-		$avatarProperty->expects($this->atLeastOnce())
-			->method('setValue')
-			->with($address)
-			->willReturnSelf();
-
-		/** @var MockObject|IAccountProperty $emailProperty */
-		$emailProperty = $userAccount->getProperty(IAccountManager::PROPERTY_EMAIL);
-		$emailProperty->expects($this->never())
-			->method('setValue');
-		$emailProperty->expects($this->never())
-			->method('setScope');
-
-		/** @var MockObject|IAccountProperty $emailProperty */
-		$emailProperty = $userAccount->getProperty(IAccountManager::PROPERTY_DISPLAYNAME);
-		$emailProperty->expects($this->never())
-			->method('setValue');
-		$emailProperty->expects($this->never())
-			->method('setScope');
-
-		$this->config->expects($this->once())
-			->method('getSystemValueBool')
-			->with('allow_user_to_change_display_name')
-			->willReturn(false);
-
-		$this->appManager->expects($this->any())
-			->method('isEnabledForUser')
-			->with('federatedfilesharing')
-			->willReturn(true);
-
-		$this->mailer->expects($this->once())->method('validateMailAddress')
-			->willReturn(true);
-
-		$controller->expects($this->once())
-			->method('saveUserSettings');
-
-		$controller->setUserSettings(
-			$avatarScope,
-			$displayName,
-			$displayNameScope,
-			$phone,
-			$phoneScope,
-			$email,
-			$emailScope,
-			$website,
-			$websiteScope,
-			$address,
-			$addressScope,
-			$twitter,
-			$twitterScope,
-			$fediverse,
-			$fediverseScope,
-			$birtdate,
-			$birthdateScope,
-			$pronouns,
-			$pronounsScope,
-		);
-	}
-
-	public function testSetUserSettingsWhenFederatedFilesharingNotEnabled(): void {
-		$controller = $this->getController(false, ['saveUserSettings']);
-		$user = $this->createMock(IUser::class);
-		$user->method('getUID')->willReturn('johndoe');
-
-		$this->userSession->method('getUser')->willReturn($user);
-
-		$defaultProperties = []; //$this->getDefaultAccountMock();
-
-		$userAccount = $this->getDefaultAccountMock();
-		$this->accountManager->expects($this->once())
-			->method('getAccount')
-			->with($user)
-			->willReturn($userAccount);
-
-		$this->appManager->expects($this->any())
-			->method('isEnabledForUser')
-			->with('federatedfilesharing')
-			->willReturn(false);
-
-		$avatarScope = IAccountManager::SCOPE_PUBLISHED;
-		$displayName = 'Display name';
-		$displayNameScope = IAccountManager::SCOPE_PUBLISHED;
-		$phone = '47658468';
-		$phoneScope = IAccountManager::SCOPE_PUBLISHED;
-		$email = 'john@example.com';
-		$emailScope = IAccountManager::SCOPE_PUBLISHED;
-		$website = 'nextcloud.com';
-		$websiteScope = IAccountManager::SCOPE_PUBLISHED;
-		$address = 'street and city';
-		$addressScope = IAccountManager::SCOPE_PUBLISHED;
-		$twitter = '@nextclouders';
-		$twitterScope = IAccountManager::SCOPE_PUBLISHED;
-		$bluesky = 'nextclouders.net';
-		$blueskyScope = IAccountManager::SCOPE_PUBLISHED;
-		$fediverse = '@nextclouders@floss.social';
-		$fediverseScope = IAccountManager::SCOPE_PUBLISHED;
-		$birthdate = '2020-01-01';
-		$birthdateScope = IAccountManager::SCOPE_PUBLISHED;
-		$pronouns = 'she/her';
-		$pronounsScope = IAccountManager::SCOPE_PUBLISHED;
-
-		// All settings are changed (in the past phone, website, address and
-		// twitter were not changed).
-		$expectedProperties = $defaultProperties;
-		$expectedProperties[IAccountManager::PROPERTY_AVATAR]['scope'] = $avatarScope;
-		$expectedProperties[IAccountManager::PROPERTY_DISPLAYNAME]['value'] = $displayName;
-		$expectedProperties[IAccountManager::PROPERTY_DISPLAYNAME]['scope'] = $displayNameScope;
-		$expectedProperties[IAccountManager::PROPERTY_EMAIL]['value'] = $email;
-		$expectedProperties[IAccountManager::PROPERTY_EMAIL]['scope'] = $emailScope;
-		$expectedProperties[IAccountManager::PROPERTY_PHONE]['value'] = $phone;
-		$expectedProperties[IAccountManager::PROPERTY_PHONE]['scope'] = $phoneScope;
-		$expectedProperties[IAccountManager::PROPERTY_WEBSITE]['value'] = $website;
-		$expectedProperties[IAccountManager::PROPERTY_WEBSITE]['scope'] = $websiteScope;
-		$expectedProperties[IAccountManager::PROPERTY_ADDRESS]['value'] = $address;
-		$expectedProperties[IAccountManager::PROPERTY_ADDRESS]['scope'] = $addressScope;
-		$expectedProperties[IAccountManager::PROPERTY_TWITTER]['value'] = $twitter;
-		$expectedProperties[IAccountManager::PROPERTY_TWITTER]['scope'] = $twitterScope;
-		$expectedProperties[IAccountManager::PROPERTY_BLUESKY]['value'] = $bluesky;
-		$expectedProperties[IAccountManager::PROPERTY_BLUESKY]['scope'] = $blueskyScope;
-		$expectedProperties[IAccountManager::PROPERTY_FEDIVERSE]['value'] = $fediverse;
-		$expectedProperties[IAccountManager::PROPERTY_FEDIVERSE]['scope'] = $fediverseScope;
-		$expectedProperties[IAccountManager::PROPERTY_BIRTHDATE]['value'] = $birthdate;
-		$expectedProperties[IAccountManager::PROPERTY_BIRTHDATE]['scope'] = $birthdateScope;
-		$expectedProperties[IAccountManager::PROPERTY_PRONOUNS]['value'] = $pronouns;
-		$expectedProperties[IAccountManager::PROPERTY_PRONOUNS]['scope'] = $pronounsScope;
-
-		$this->mailer->expects($this->once())->method('validateMailAddress')
-			->willReturn(true);
-
-		$controller->expects($this->once())
-			->method('saveUserSettings')
-			->with($userAccount);
-
-		$controller->setUserSettings(
-			$avatarScope,
-			$displayName,
-			$displayNameScope,
-			$phone,
-			$phoneScope,
-			$email,
-			$emailScope,
-			$website,
-			$websiteScope,
-			$address,
-			$addressScope,
-			$twitter,
-			$twitterScope,
-			$bluesky,
-			$blueskyScope,
-			$fediverse,
-			$fediverseScope,
-			$birthdate,
-			$birthdateScope,
-			$pronouns,
-			$pronounsScope,
-		);
-	}
-
-	#[\PHPUnit\Framework\Attributes\DataProvider('dataTestSetUserSettingsSubset')]
-	public function testSetUserSettingsSubset(string $property, string $propertyValue): void {
-		$controller = $this->getController(false, ['saveUserSettings']);
-		$user = $this->createMock(IUser::class);
-		$user->method('getUID')->willReturn('johndoe');
-
-		$this->userSession->method('getUser')->willReturn($user);
-
-		/** @var IAccount&MockObject $userAccount */
-		$userAccount = $this->getDefaultAccountMock();
-
-		$this->accountManager->expects($this->once())
-			->method('getAccount')
-			->with($user)
-			->willReturn($userAccount);
-
-		$avatarScope = ($property === 'avatarScope') ? $propertyValue : null;
-		$displayName = ($property === 'displayName') ? $propertyValue : null;
-		$displayNameScope = ($property === 'displayNameScope') ? $propertyValue : null;
-		$phone = ($property === 'phone') ? $propertyValue : null;
-		$phoneScope = ($property === 'phoneScope') ? $propertyValue : null;
-		$email = ($property === 'email') ? $propertyValue : null;
-		$emailScope = ($property === 'emailScope') ? $propertyValue : null;
-		$website = ($property === 'website') ? $propertyValue : null;
-		$websiteScope = ($property === 'websiteScope') ? $propertyValue : null;
-		$address = ($property === 'address') ? $propertyValue : null;
-		$addressScope = ($property === 'addressScope') ? $propertyValue : null;
-		$twitter = ($property === 'twitter') ? $propertyValue : null;
-		$twitterScope = ($property === 'twitterScope') ? $propertyValue : null;
-		$bluesky = ($property === 'bluesky') ? $propertyValue : null;
-		$blueskyScope = ($property === 'blueskyScope') ? $propertyValue : null;
-		$fediverse = ($property === 'fediverse') ? $propertyValue : null;
-		$fediverseScope = ($property === 'fediverseScope') ? $propertyValue : null;
-		$birthdate = ($property === 'birthdate') ? $propertyValue : null;
-		$birthdateScope = ($property === 'birthdateScope') ? $propertyValue : null;
-		$pronouns = ($property === 'pronouns') ? $propertyValue : null;
-		$pronounsScope = ($property === 'pronounsScope') ? $propertyValue : null;
-
-		/** @var IAccountProperty[]&MockObject[] $expectedProperties */
-		$expectedProperties = $userAccount->getProperties();
-		$isScope = strrpos($property, 'Scope') === strlen($property) - strlen('5');
-		switch ($property) {
-			case 'avatarScope':
-				$propertyId = IAccountManager::PROPERTY_AVATAR;
-				break;
-			case 'displayName':
-			case 'displayNameScope':
-				$propertyId = IAccountManager::PROPERTY_DISPLAYNAME;
-				break;
-			case 'phone':
-			case 'phoneScope':
-				$propertyId = IAccountManager::PROPERTY_PHONE;
-				break;
-			case 'email':
-			case 'emailScope':
-				$propertyId = IAccountManager::PROPERTY_EMAIL;
-				break;
-			case 'website':
-			case 'websiteScope':
-				$propertyId = IAccountManager::PROPERTY_WEBSITE;
-				break;
-			case 'address':
-			case 'addressScope':
-				$propertyId = IAccountManager::PROPERTY_ADDRESS;
-				break;
-			case 'twitter':
-			case 'twitterScope':
-				$propertyId = IAccountManager::PROPERTY_TWITTER;
-				break;
-			case 'bluesky':
-			case 'blueskyScope':
-				$propertyId = IAccountManager::PROPERTY_BLUESKY;
-				break;
-			case 'fediverse':
-			case 'fediverseScope':
-				$propertyId = IAccountManager::PROPERTY_FEDIVERSE;
-				break;
-			case 'birthdate':
-			case 'birthdateScope':
-				$propertyId = IAccountManager::PROPERTY_BIRTHDATE;
-				break;
-			case 'pronouns':
-			case 'pronounsScope':
-				$propertyId = IAccountManager::PROPERTY_PRONOUNS;
-				break;
-			default:
-				$propertyId = '404';
-		}
-		$expectedProperties[$propertyId]->expects($this->any())
-			->method($isScope ? 'getScope' : 'getValue')
-			->willReturn($propertyValue);
-
-		if (!empty($email)) {
-			$this->mailer->expects($this->once())->method('validateMailAddress')
-				->willReturn(true);
-		}
-
-		$controller->expects($this->once())
-			->method('saveUserSettings')
-			->with($userAccount);
-
-		$controller->setUserSettings(
-			$avatarScope,
-			$displayName,
-			$displayNameScope,
-			$phone,
-			$phoneScope,
-			$email,
-			$emailScope,
-			$website,
-			$websiteScope,
-			$address,
-			$addressScope,
-			$twitter,
-			$twitterScope,
-			$bluesky,
-			$blueskyScope,
-			$fediverse,
-			$fediverseScope,
-			$birthdate,
-			$birthdateScope,
-			$pronouns,
-			$pronounsScope,
-		);
-	}
-
-	public static function dataTestSetUserSettingsSubset(): array {
-		return [
-			['avatarScope', IAccountManager::SCOPE_PUBLISHED],
-			['displayName', 'Display name'],
-			['displayNameScope', IAccountManager::SCOPE_PUBLISHED],
-			['phone', '47658468'],
-			['phoneScope', IAccountManager::SCOPE_PUBLISHED],
-			['email', 'john@example.com'],
-			['emailScope', IAccountManager::SCOPE_PUBLISHED],
-			['website', 'nextcloud.com'],
-			['websiteScope', IAccountManager::SCOPE_PUBLISHED],
-			['address', 'street and city'],
-			['addressScope', IAccountManager::SCOPE_PUBLISHED],
-			['twitter', '@nextclouders'],
-			['twitterScope', IAccountManager::SCOPE_PUBLISHED],
-			['bluesky', 'nextclouders.net'],
-			['blueskyScope', IAccountManager::SCOPE_PUBLISHED],
-			['fediverse', '@nextclouders@floss.social'],
-			['fediverseScope', IAccountManager::SCOPE_PUBLISHED],
-			['birthdate', '2020-01-01'],
-			['birthdateScope', IAccountManager::SCOPE_PUBLISHED],
-			['pronouns', 'he/him'],
-			['pronounsScope', IAccountManager::SCOPE_PUBLISHED],
-		];
-	}
-
-	#[\PHPUnit\Framework\Attributes\DataProvider('dataTestSaveUserSettings')]
-	public function testSaveUserSettings(array $data, ?string $oldEmailAddress, ?string $oldDisplayName): void {
-		$controller = $this->getController();
-		$user = $this->createMock(IUser::class);
-
-		$user->method('getDisplayName')->willReturn($oldDisplayName);
-		$user->method('getSystemEMailAddress')->willReturn($oldEmailAddress);
-		$user->method('canChangeDisplayName')->willReturn(true);
-
-		if (strtolower($data[IAccountManager::PROPERTY_EMAIL]['value']) === strtolower($oldEmailAddress ?? '')) {
-			$user->expects($this->never())->method('setSystemEMailAddress');
-		} else {
-			$user->expects($this->once())->method('setSystemEMailAddress')
-				->with($data[IAccountManager::PROPERTY_EMAIL]['value']);
-		}
-
-		if ($data[IAccountManager::PROPERTY_DISPLAYNAME]['value'] === $oldDisplayName ?? '') {
-			$user->expects($this->never())->method('setDisplayName');
-		} else {
-			$user->expects($this->once())->method('setDisplayName')
-				->with($data[IAccountManager::PROPERTY_DISPLAYNAME]['value'])
-				->willReturn(true);
-		}
-
-		$properties = [];
-		foreach ($data as $propertyName => $propertyData) {
-			$properties[$propertyName] = $this->createMock(IAccountProperty::class);
-			$properties[$propertyName]->expects($this->any())
-				->method('getValue')
-				->willReturn($propertyData['value']);
-		}
-
-		$account = $this->createMock(IAccount::class);
-		$account->expects($this->any())
-			->method('getUser')
-			->willReturn($user);
-		$account->expects($this->any())
-			->method('getProperty')
-			->willReturnCallback(function (string $propertyName) use ($properties) {
-				return $properties[$propertyName];
-			});
-
-		$this->accountManager->expects($this->any())
-			->method('getAccount')
-			->willReturn($account);
-
-		$this->accountManager->expects($this->once())
-			->method('updateAccount')
-			->with($account);
-
-		$this->invokePrivate($controller, 'saveUserSettings', [$account]);
-	}
-
-	public static function dataTestSaveUserSettings(): array {
-		return [
-			[
-				[
-					IAccountManager::PROPERTY_EMAIL => ['value' => 'john@example.com'],
-					IAccountManager::PROPERTY_DISPLAYNAME => ['value' => 'john doe'],
-				],
-				'john@example.com',
-				'john doe'
-			],
-			[
-				[
-					IAccountManager::PROPERTY_EMAIL => ['value' => 'john@example.com'],
-					IAccountManager::PROPERTY_DISPLAYNAME => ['value' => 'john doe'],
-				],
-				'johnNew@example.com',
-				'john New doe'
-			],
-			[
-				[
-					IAccountManager::PROPERTY_EMAIL => ['value' => 'john@example.com'],
-					IAccountManager::PROPERTY_DISPLAYNAME => ['value' => 'john doe'],
-				],
-				'johnNew@example.com',
-				'john doe'
-			],
-			[
-				[
-					IAccountManager::PROPERTY_EMAIL => ['value' => 'john@example.com'],
-					IAccountManager::PROPERTY_DISPLAYNAME => ['value' => 'john doe'],
-				],
-				'john@example.com',
-				'john New doe'
-			],
-			[
-				[
-					IAccountManager::PROPERTY_EMAIL => ['value' => ''],
-					IAccountManager::PROPERTY_DISPLAYNAME => ['value' => 'john doe'],
-				],
-				null,
-				'john New doe'
-			],
-			[
-				[
-					IAccountManager::PROPERTY_EMAIL => ['value' => 'john@example.com'],
-					IAccountManager::PROPERTY_DISPLAYNAME => ['value' => 'john doe'],
-				],
-				'john@example.com',
-				null
-			],
-			[
-				[
-					IAccountManager::PROPERTY_EMAIL => ['value' => 'john@example.com'],
-					IAccountManager::PROPERTY_DISPLAYNAME => ['value' => 'john doe'],
-				],
-				'JOHN@example.com',
-				null
-			],
-
-		];
-	}
-
-	#[\PHPUnit\Framework\Attributes\DataProvider('dataTestSaveUserSettingsException')]
-	public function testSaveUserSettingsException(
-		array $data,
-		string $oldEmailAddress,
-		string $oldDisplayName,
-		bool $setDisplayNameResult,
-		bool $canChangeEmail,
-	): void {
-		$this->expectException(ForbiddenException::class);
-
-		$controller = $this->getController();
-		$user = $this->createMock(IUser::class);
-
-		$user->method('getDisplayName')->willReturn($oldDisplayName);
-		$user->method('getEMailAddress')->willReturn($oldEmailAddress);
-
-		/** @var MockObject|IAccount $userAccount */
-		$userAccount = $this->createMock(IAccount::class);
-		$userAccount->expects($this->any())
-			->method('getUser')
-			->willReturn($user);
-		$propertyMocks = [];
-		foreach ($data as $propertyName => $propertyData) {
-			/** @var MockObject|IAccountProperty $property */
-			$propertyMocks[$propertyName] = $this->buildPropertyMock($propertyName, $propertyData['value'], '');
-		}
-		$userAccount->expects($this->any())
-			->method('getProperty')
-			->willReturnCallback(function (string $propertyName) use ($propertyMocks) {
-				return $propertyMocks[$propertyName];
-			});
-
-		if ($data[IAccountManager::PROPERTY_EMAIL]['value'] !== $oldEmailAddress) {
-			$user->method('canChangeDisplayName')
-				->willReturn($canChangeEmail);
-		}
-
-		if ($data[IAccountManager::PROPERTY_DISPLAYNAME]['value'] !== $oldDisplayName) {
-			$user->method('setDisplayName')
-				->with($data[IAccountManager::PROPERTY_DISPLAYNAME]['value'])
-				->willReturn($setDisplayNameResult);
-		}
-
-		$this->invokePrivate($controller, 'saveUserSettings', [$userAccount]);
-	}
-
-
-	public static function dataTestSaveUserSettingsException(): array {
-		return [
-			[
-				[
-					IAccountManager::PROPERTY_EMAIL => ['value' => 'john@example.com'],
-					IAccountManager::PROPERTY_DISPLAYNAME => ['value' => 'john doe'],
-				],
-				'johnNew@example.com',
-				'john New doe',
-				true,
-				false
-			],
-			[
-				[
-					IAccountManager::PROPERTY_EMAIL => ['value' => 'john@example.com'],
-					IAccountManager::PROPERTY_DISPLAYNAME => ['value' => 'john doe'],
-				],
-				'johnNew@example.com',
-				'john New doe',
-				false,
-				true
-			],
-			[
-				[
-					IAccountManager::PROPERTY_EMAIL => ['value' => 'john@example.com'],
-					IAccountManager::PROPERTY_DISPLAYNAME => ['value' => 'john doe'],
-				],
-				'johnNew@example.com',
-				'john New doe',
-				false,
-				false
-			],
-
-		];
-	}
-
-	#[\PHPUnit\Framework\Attributes\DataProvider('dataTestGetVerificationCode')]
-	public function testGetVerificationCode(string $account, string $type, array $dataBefore, array $expectedData, bool $onlyVerificationCode): void {
-		$message = 'Use my Federated Cloud ID to share with me: user@nextcloud.com';
-		$signature = 'theSignature';
-
-		$code = $message . ' ' . $signature;
-		if ($type === IAccountManager::PROPERTY_TWITTER || $type === IAccountManager::PROPERTY_FEDIVERSE) {
-			$code = $message . ' ' . md5($signature);
-		}
-
-		$controller = $this->getController(false, ['signMessage', 'getCurrentTime']);
-
-		$user = $this->createMock(IUser::class);
-
-		$property = $this->buildPropertyMock($type, $dataBefore[$type]['value'], '', IAccountManager::NOT_VERIFIED);
-		$property->expects($this->atLeastOnce())
-			->method('setVerified')
-			->with(IAccountManager::VERIFICATION_IN_PROGRESS)
-			->willReturnSelf();
-		$property->expects($this->atLeastOnce())
-			->method('setVerificationData')
-			->with($signature)
-			->willReturnSelf();
-
-		$userAccount = $this->createMock(IAccount::class);
-		$userAccount->expects($this->any())
-			->method('getUser')
-			->willReturn($user);
-		$userAccount->expects($this->any())
-			->method('getProperty')
-			->willReturn($property);
-
-		$this->userSession->expects($this->once())->method('getUser')->willReturn($user);
-		$this->accountManager->expects($this->once())->method('getAccount')->with($user)->willReturn($userAccount);
-		$user->expects($this->any())->method('getCloudId')->willReturn('user@nextcloud.com');
-		$user->expects($this->any())->method('getUID')->willReturn('uid');
-		$controller->expects($this->once())->method('signMessage')->with($user, $message)->willReturn($signature);
-		$controller->expects($this->any())->method('getCurrentTime')->willReturn(1234567);
-
-		if ($onlyVerificationCode === false) {
-			$this->accountManager->expects($this->once())->method('updateAccount')->with($userAccount)->willReturnArgument(1);
-			$this->jobList->expects($this->once())->method('add')
-				->with('OCA\Settings\BackgroundJobs\VerifyUserData',
-					[
-						'verificationCode' => $code,
-						'data' => $dataBefore[$type]['value'],
-						'type' => $type,
-						'uid' => 'uid',
-						'try' => 0,
-						'lastRun' => 1234567
-					]);
-		}
-
-		$result = $controller->getVerificationCode($account, $onlyVerificationCode);
-
-		$data = $result->getData();
-		$this->assertSame(Http::STATUS_OK, $result->getStatus());
-		$this->assertSame($code, $data['code']);
-	}
-
-	public static function dataTestGetVerificationCode(): array {
-		$accountDataBefore = [
-			IAccountManager::PROPERTY_WEBSITE => ['value' => 'https://nextcloud.com', 'verified' => IAccountManager::NOT_VERIFIED],
-			IAccountManager::PROPERTY_TWITTER => ['value' => '@nextclouders', 'verified' => IAccountManager::NOT_VERIFIED, 'signature' => 'theSignature'],
-		];
-
-		$accountDataAfterWebsite = [
-			IAccountManager::PROPERTY_WEBSITE => ['value' => 'https://nextcloud.com', 'verified' => IAccountManager::VERIFICATION_IN_PROGRESS, 'signature' => 'theSignature'],
-			IAccountManager::PROPERTY_TWITTER => ['value' => '@nextclouders', 'verified' => IAccountManager::NOT_VERIFIED, 'signature' => 'theSignature'],
-		];
-
-		$accountDataAfterTwitter = [
-			IAccountManager::PROPERTY_WEBSITE => ['value' => 'https://nextcloud.com', 'verified' => IAccountManager::NOT_VERIFIED],
-			IAccountManager::PROPERTY_TWITTER => ['value' => '@nextclouders', 'verified' => IAccountManager::VERIFICATION_IN_PROGRESS, 'signature' => 'theSignature'],
-		];
-
-		return [
-			['verify-twitter', IAccountManager::PROPERTY_TWITTER, $accountDataBefore, $accountDataAfterTwitter, false],
-			['verify-website', IAccountManager::PROPERTY_WEBSITE, $accountDataBefore, $accountDataAfterWebsite, false],
-			['verify-twitter', IAccountManager::PROPERTY_TWITTER, $accountDataBefore, $accountDataAfterTwitter, true],
-			['verify-website', IAccountManager::PROPERTY_WEBSITE, $accountDataBefore, $accountDataAfterWebsite, true],
-		];
-	}
-
-	/**
-	 * test get verification code in case no valid user was given
-	 */
-	public function testGetVerificationCodeInvalidUser(): void {
-		$controller = $this->getController();
-		$this->userSession->expects($this->once())->method('getUser')->willReturn(null);
-		$result = $controller->getVerificationCode('account', false);
-
-		$this->assertSame(Http::STATUS_BAD_REQUEST, $result->getStatus());
-	}
-
-	#[\PHPUnit\Framework\Attributes\DataProvider('dataTestCanAdminChangeUserPasswords')]
-	public function testCanAdminChangeUserPasswords(
-		bool $encryptionEnabled,
-		bool $encryptionModuleLoaded,
-		bool $masterKeyEnabled,
-		bool $expected,
-	): void {
-		$controller = $this->getController();
-
-		$this->encryptionManager->expects($this->any())
-			->method('isEnabled')
-			->willReturn($encryptionEnabled);
-		$this->encryptionManager->expects($this->any())
-			->method('getEncryptionModule')
-			->willReturnCallback(function () use ($encryptionModuleLoaded) {
-				if ($encryptionModuleLoaded) {
-					return $this->encryptionModule;
-				} else {
-					throw new ModuleDoesNotExistsException();
-				}
-			});
-		$this->encryptionModule->expects($this->any())
-			->method('needDetailedAccessList')
-			->willReturn(!$masterKeyEnabled);
-
-		$result = $this->invokePrivate($controller, 'canAdminChangeUserPasswords', []);
-		$this->assertSame($expected, $result);
-	}
-
-	public static function dataTestCanAdminChangeUserPasswords(): array {
-		return [
-			// encryptionEnabled, encryptionModuleLoaded, masterKeyEnabled, expectedResult
-			[true, true, true, true],
-			[false, true, true, true],
-			[true, false, true, false],
-			[false, false, true, true],
-			[true, true, false, false],
-			[false, true, false, false],
-			[true, false, false, false],
-			[false, false, false, true],
-		];
-	}
-	#[\PHPUnit\Framework\Attributes\DataProvider('dataSetPreference')]
-	public function testSetPreference(string $key, string $value, bool $isUserValue, bool $isAppValue, int $expectedStatus): void {
-		$controller = $this->getController(false, []);
-		$user = $this->createMock(IUser::class);
-		$user->method('getUID')->willReturn('testUser');
-		$this->userSession->method('getUser')->willReturn($user);
-
-		if ($isAppValue) {
-			if ($value === 'true' || $value === 'false' || $value === 'yes' || $value === 'no') {
-				$this->appConfig->expects($this->once())
-					->method('setValueBool')
-					->with('core', $key, $value === 'yes' || $value === 'true');
-			} else {
-				$this->appConfig->expects($this->once())
-					->method('setValueString')
-					->with('core', $key, $value);
-			}
-			$this->userConfig->expects($this->never())
-				->method('setValueBool');
-		} elseif ($isUserValue) {
-			$this->userConfig->expects($this->once())
-				->method('setValueBool')
-				->with('testUser', 'settings', $key, $value === 'true');
-			$this->appConfig->expects($this->never())
-				->method('setValueString');
-			$this->appConfig->expects($this->never())
-				->method('setValueBool');
-		} else {
-			$this->appConfig->expects($this->never())->method('setValueString');
-			$this->appConfig->expects($this->never())->method('setValueBool');
-			$this->userConfig->expects($this->never())->method('setValueString');
-			$this->userConfig->expects($this->never())->method('setValueBool');
-		}
-
-		$response = $controller->setPreference($key, $value);
-		$this->assertEquals($expectedStatus, $response->getStatus());
-	}
-
-	public static function dataSetPreference(): array {
-		return [
-			['newUser.sendEmail', 'yes', false, true, Http::STATUS_OK],
-			['newUser.sendEmail', 'no', false, true, Http::STATUS_OK],
-			['group.sortBy', '1', false, true, Http::STATUS_OK],
-			[ConfigLexicon::USER_LIST_SHOW_STORAGE_PATH, 'true', true, false, Http::STATUS_OK],
-			[ConfigLexicon::USER_LIST_SHOW_USER_BACKEND, 'false', true, false, Http::STATUS_OK],
-			[ConfigLexicon::USER_LIST_SHOW_FIRST_LOGIN, 'true', true, false, Http::STATUS_OK],
-			[ConfigLexicon::USER_LIST_SHOW_LAST_LOGIN, 'true', true, false, Http::STATUS_OK],
-			[ConfigLexicon::USER_LIST_SHOW_NEW_USER_FORM, 'true', true, false, Http::STATUS_OK],
-			[ConfigLexicon::USER_LIST_SHOW_LANGUAGES, 'true', true, false, Http::STATUS_OK],
-			['invalidKey', 'value', false, false, Http::STATUS_FORBIDDEN],
-		];
-	}
+    private IGroupManager&MockObject $groupManager;
+    private UserManager&MockObject $userManager;
+    private IUserSession&MockObject $userSession;
+    private IConfig&MockObject $config;
+    private IAppConfig&MockObject $appConfig;
+    private IUserConfig&MockObject $userConfig;
+    private IMailer&MockObject $mailer;
+    private IFactory&MockObject $l10nFactory;
+    private IAppManager&MockObject $appManager;
+    private IL10N&MockObject $l;
+    private AccountManager&MockObject $accountManager;
+    private IJobList&MockObject $jobList;
+    private \OC\Security\IdentityProof\Manager&MockObject $securityManager;
+    private IManager&MockObject $encryptionManager;
+    private KnownUserService&MockObject $knownUserService;
+    private IEncryptionModule&MockObject $encryptionModule;
+    private IEventDispatcher&MockObject $dispatcher;
+    private IInitialState&MockObject $initialState;
+
+    protected function setUp(): void {
+        parent::setUp();
+
+        $this->userManager = $this->createMock(UserManager::class);
+        $this->groupManager = $this->createMock(Manager::class);
+        $this->userSession = $this->createMock(IUserSession::class);
+        $this->config = $this->createMock(IConfig::class);
+        $this->appConfig = $this->createMock(IAppConfig::class);
+        $this->userConfig = $this->createMock(IUserConfig::class);
+        $this->l = $this->createMock(IL10N::class);
+        $this->mailer = $this->createMock(IMailer::class);
+        $this->l10nFactory = $this->createMock(IFactory::class);
+        $this->appManager = $this->createMock(IAppManager::class);
+        $this->accountManager = $this->createMock(AccountManager::class);
+        $this->securityManager = $this->createMock(\OC\Security\IdentityProof\Manager::class);
+        $this->jobList = $this->createMock(IJobList::class);
+        $this->encryptionManager = $this->createMock(IManager::class);
+        $this->knownUserService = $this->createMock(KnownUserService::class);
+        $this->dispatcher = $this->createMock(IEventDispatcher::class);
+        $this->initialState = $this->createMock(IInitialState::class);
+
+        $this->l->method('t')
+            ->willReturnCallback(function ($text, $parameters = []) {
+                return vsprintf($text, $parameters);
+            });
+
+        $this->encryptionModule = $this->createMock(IEncryptionModule::class);
+        $this->encryptionManager->expects($this->any())->method('getEncryptionModules')
+            ->willReturn(['encryptionModule' => ['callback' => function () {
+                return $this->encryptionModule;
+            }]]);
+    }
+
+    /**
+     * @param bool $isAdmin
+     * @return UsersController|MockObject
+     */
+    protected function getController(bool $isAdmin = false, array $mockedMethods = []) {
+        $this->groupManager->expects($this->any())
+            ->method('isAdmin')
+            ->willReturn($isAdmin);
+
+        if (empty($mockedMethods)) {
+            return new UsersController(
+                'settings',
+                $this->createMock(IRequest::class),
+                $this->userManager,
+                $this->groupManager,
+                $this->userSession,
+                $this->config,
+                $this->appConfig,
+                $this->userConfig,
+                $this->l,
+                $this->mailer,
+                $this->l10nFactory,
+                $this->appManager,
+                $this->accountManager,
+                $this->securityManager,
+                $this->jobList,
+                $this->encryptionManager,
+                $this->knownUserService,
+                $this->dispatcher,
+                $this->initialState,
+            );
+        } else {
+            return $this->getMockBuilder(UsersController::class)
+                ->setConstructorArgs(
+                    [
+                        'settings',
+                        $this->createMock(IRequest::class),
+                        $this->userManager,
+                        $this->groupManager,
+                        $this->userSession,
+                        $this->config,
+                        $this->appConfig,
+                        $this->userConfig,
+                        $this->l,
+                        $this->mailer,
+                        $this->l10nFactory,
+                        $this->appManager,
+                        $this->accountManager,
+                        $this->securityManager,
+                        $this->jobList,
+                        $this->encryptionManager,
+                        $this->knownUserService,
+                        $this->dispatcher,
+                        $this->initialState,
+                    ]
+                )
+                ->onlyMethods($mockedMethods)
+                ->getMock();
+        }
+    }
+
+    protected function buildPropertyMock(string $name, string $value, string $scope, string $verified = IAccountManager::VERIFIED): MockObject {
+        $property = $this->createMock(IAccountProperty::class);
+        $property->expects($this->any())
+            ->method('getName')
+            ->willReturn($name);
+        $property->expects($this->any())
+            ->method('getValue')
+            ->willReturn($value);
+        $property->expects($this->any())
+            ->method('getScope')
+            ->willReturn($scope);
+        $property->expects($this->any())
+            ->method('getVerified')
+            ->willReturn($verified);
+
+        return $property;
+    }
+
+    protected function getDefaultAccountMock(): MockObject {
+        $propertyMocks = [
+            IAccountManager::PROPERTY_DISPLAYNAME => $this->buildPropertyMock(
+                IAccountManager::PROPERTY_DISPLAYNAME,
+                'Default display name',
+                IAccountManager::SCOPE_FEDERATED,
+            ),
+            IAccountManager::PROPERTY_ADDRESS => $this->buildPropertyMock(
+                IAccountManager::PROPERTY_ADDRESS,
+                'Default address',
+                IAccountManager::SCOPE_LOCAL,
+            ),
+            IAccountManager::PROPERTY_WEBSITE => $this->buildPropertyMock(
+                IAccountManager::PROPERTY_WEBSITE,
+                'Default website',
+                IAccountManager::SCOPE_LOCAL,
+            ),
+            IAccountManager::PROPERTY_EMAIL => $this->buildPropertyMock(
+                IAccountManager::PROPERTY_EMAIL,
+                'Default email',
+                IAccountManager::SCOPE_FEDERATED,
+            ),
+            IAccountManager::PROPERTY_AVATAR => $this->buildPropertyMock(
+                IAccountManager::PROPERTY_AVATAR,
+                '',
+                IAccountManager::SCOPE_FEDERATED,
+            ),
+            IAccountManager::PROPERTY_PHONE => $this->buildPropertyMock(
+                IAccountManager::PROPERTY_PHONE,
+                'Default phone',
+                IAccountManager::SCOPE_LOCAL,
+            ),
+            IAccountManager::PROPERTY_TWITTER => $this->buildPropertyMock(
+                IAccountManager::PROPERTY_TWITTER,
+                'Default twitter',
+                IAccountManager::SCOPE_LOCAL,
+            ),
+            IAccountManager::PROPERTY_BLUESKY => $this->buildPropertyMock(
+                IAccountManager::PROPERTY_BLUESKY,
+                'Default bluesky',
+                IAccountManager::SCOPE_LOCAL,
+            ),
+            IAccountManager::PROPERTY_FEDIVERSE => $this->buildPropertyMock(
+                IAccountManager::PROPERTY_FEDIVERSE,
+                'Default fediverse',
+                IAccountManager::SCOPE_LOCAL,
+            ),
+            IAccountManager::PROPERTY_BIRTHDATE => $this->buildPropertyMock(
+                IAccountManager::PROPERTY_BIRTHDATE,
+                'Default birthdate',
+                IAccountManager::SCOPE_LOCAL,
+            ),
+            IAccountManager::PROPERTY_PRONOUNS => $this->buildPropertyMock(
+                IAccountManager::PROPERTY_PRONOUNS,
+                'Default pronouns',
+                IAccountManager::SCOPE_LOCAL,
+            ),
+        ];
+
+        $account = $this->createMock(IAccount::class);
+        $account->expects($this->any())
+            ->method('getProperty')
+            ->willReturnCallback(function (string $propertyName) use ($propertyMocks) {
+                if (isset($propertyMocks[$propertyName])) {
+                    return $propertyMocks[$propertyName];
+                }
+                throw new PropertyDoesNotExistException($propertyName);
+            });
+        $account->expects($this->any())
+            ->method('getProperties')
+            ->willReturn($propertyMocks);
+
+        return $account;
+    }
+
+    #[\PHPUnit\Framework\Attributes\DataProvider('dataTestSetUserSettings')]
+    public function testSetUserSettings(string $email, bool $validEmail, int $expectedStatus): void {
+        $controller = $this->getController(false, ['saveUserSettings']);
+        $user = $this->createMock(IUser::class);
+        $user->method('getUID')->willReturn('johndoe');
+
+        $this->userSession->method('getUser')->willReturn($user);
+
+        if (!empty($email) && $validEmail) {
+            $this->mailer->expects($this->once())->method('validateMailAddress')
+                ->willReturn($validEmail);
+        }
+
+        $saveData = (!empty($email) && $validEmail) || empty($email);
+
+        if ($saveData) {
+            $this->accountManager->expects($this->once())
+                ->method('getAccount')
+                ->with($user)
+                ->willReturn($this->getDefaultAccountMock());
+
+            $controller->expects($this->once())
+                ->method('saveUserSettings');
+        } else {
+            $controller->expects($this->never())->method('saveUserSettings');
+        }
+
+        $result = $controller->setUserSettings(
+            AccountManager::SCOPE_FEDERATED,
+            'displayName',
+            AccountManager::SCOPE_FEDERATED,
+            '47658468',
+            AccountManager::SCOPE_FEDERATED,
+            $email,
+            AccountManager::SCOPE_FEDERATED,
+            'nextcloud.com',
+            AccountManager::SCOPE_FEDERATED,
+            'street and city',
+            AccountManager::SCOPE_FEDERATED,
+            '@nextclouders',
+            AccountManager::SCOPE_FEDERATED,
+            '@nextclouders',
+            AccountManager::SCOPE_FEDERATED,
+            '2020-01-01',
+            AccountManager::SCOPE_FEDERATED,
+            'they/them',
+            AccountManager::SCOPE_FEDERATED,
+        );
+
+        $this->assertSame($expectedStatus, $result->getStatus());
+    }
+
+    public static function dataTestSetUserSettings(): array {
+        return [
+            ['', true, Http::STATUS_OK],
+            ['', false, Http::STATUS_OK],
+            ['example.com', false, Http::STATUS_UNPROCESSABLE_ENTITY],
+            ['john@example.com', true, Http::STATUS_OK],
+        ];
+    }
+
+    public function testSetUserSettingsWhenUserDisplayNameChangeNotAllowed(): void {
+        $controller = $this->getController(false, ['saveUserSettings']);
+
+        $avatarScope = IAccountManager::SCOPE_PUBLISHED;
+        $displayName = 'Display name';
+        $displayNameScope = IAccountManager::SCOPE_PUBLISHED;
+        $phone = '47658468';
+        $phoneScope = IAccountManager::SCOPE_PUBLISHED;
+        $email = 'john@example.com';
+        $emailScope = IAccountManager::SCOPE_PUBLISHED;
+        $website = 'nextcloud.com';
+        $websiteScope = IAccountManager::SCOPE_PUBLISHED;
+        $address = 'street and city';
+        $addressScope = IAccountManager::SCOPE_PUBLISHED;
+        $twitter = '@nextclouders';
+        $twitterScope = IAccountManager::SCOPE_PUBLISHED;
+        $fediverse = '@nextclouders@floss.social';
+        $fediverseScope = IAccountManager::SCOPE_PUBLISHED;
+        $birtdate = '2020-01-01';
+        $birthdateScope = IAccountManager::SCOPE_PUBLISHED;
+        $pronouns = 'she/her';
+        $pronounsScope = IAccountManager::SCOPE_PUBLISHED;
+
+        $user = $this->createMock(IUser::class);
+        $user->method('getUID')->willReturn('johndoe');
+
+        $this->userSession->method('getUser')->willReturn($user);
+
+        /** @var MockObject|IAccount $userAccount */
+        $userAccount = $this->getDefaultAccountMock();
+        $this->accountManager->expects($this->once())
+            ->method('getAccount')
+            ->with($user)
+            ->willReturn($userAccount);
+
+        /** @var MockObject|IAccountProperty $avatarProperty */
+        $avatarProperty = $userAccount->getProperty(IAccountManager::PROPERTY_AVATAR);
+        $avatarProperty->expects($this->atLeastOnce())
+            ->method('setScope')
+            ->with($avatarScope)
+            ->willReturnSelf();
+
+        /** @var MockObject|IAccountProperty $avatarProperty */
+        $avatarProperty = $userAccount->getProperty(IAccountManager::PROPERTY_ADDRESS);
+        $avatarProperty->expects($this->atLeastOnce())
+            ->method('setScope')
+            ->with($addressScope)
+            ->willReturnSelf();
+        $avatarProperty->expects($this->atLeastOnce())
+            ->method('setValue')
+            ->with($address)
+            ->willReturnSelf();
+
+        /** @var MockObject|IAccountProperty $emailProperty */
+        $emailProperty = $userAccount->getProperty(IAccountManager::PROPERTY_EMAIL);
+        $emailProperty->expects($this->never())
+            ->method('setValue');
+        $emailProperty->expects($this->never())
+            ->method('setScope');
+
+        /** @var MockObject|IAccountProperty $emailProperty */
+        $emailProperty = $userAccount->getProperty(IAccountManager::PROPERTY_DISPLAYNAME);
+        $emailProperty->expects($this->never())
+            ->method('setValue');
+        $emailProperty->expects($this->never())
+            ->method('setScope');
+
+        $this->config->expects($this->once())
+            ->method('getSystemValueBool')
+            ->with('allow_user_to_change_display_name')
+            ->willReturn(false);
+
+        $this->appManager->expects($this->any())
+            ->method('isEnabledForUser')
+            ->with('federatedfilesharing')
+            ->willReturn(true);
+
+        $this->mailer->expects($this->once())->method('validateMailAddress')
+            ->willReturn(true);
+
+        $controller->expects($this->once())
+            ->method('saveUserSettings');
+
+        $controller->setUserSettings(
+            $avatarScope,
+            $displayName,
+            $displayNameScope,
+            $phone,
+            $phoneScope,
+            $email,
+            $emailScope,
+            $website,
+            $websiteScope,
+            $address,
+            $addressScope,
+            $twitter,
+            $twitterScope,
+            $fediverse,
+            $fediverseScope,
+            $birtdate,
+            $birthdateScope,
+            $pronouns,
+            $pronounsScope,
+        );
+    }
+
+    public function testSetUserSettingsWhenFederatedFilesharingNotEnabled(): void {
+        $controller = $this->getController(false, ['saveUserSettings']);
+        $user = $this->createMock(IUser::class);
+        $user->method('getUID')->willReturn('johndoe');
+
+        $this->userSession->method('getUser')->willReturn($user);
+
+        $defaultProperties = []; //$this->getDefaultAccountMock();
+
+        $userAccount = $this->getDefaultAccountMock();
+        $this->accountManager->expects($this->once())
+            ->method('getAccount')
+            ->with($user)
+            ->willReturn($userAccount);
+
+        $this->appManager->expects($this->any())
+            ->method('isEnabledForUser')
+            ->with('federatedfilesharing')
+            ->willReturn(false);
+
+        $avatarScope = IAccountManager::SCOPE_PUBLISHED;
+        $displayName = 'Display name';
+        $displayNameScope = IAccountManager::SCOPE_PUBLISHED;
+        $phone = '47658468';
+        $phoneScope = IAccountManager::SCOPE_PUBLISHED;
+        $email = 'john@example.com';
+        $emailScope = IAccountManager::SCOPE_PUBLISHED;
+        $website = 'nextcloud.com';
+        $websiteScope = IAccountManager::SCOPE_PUBLISHED;
+        $address = 'street and city';
+        $addressScope = IAccountManager::SCOPE_PUBLISHED;
+        $twitter = '@nextclouders';
+        $twitterScope = IAccountManager::SCOPE_PUBLISHED;
+        $bluesky = 'nextclouders.net';
+        $blueskyScope = IAccountManager::SCOPE_PUBLISHED;
+        $fediverse = '@nextclouders@floss.social';
+        $fediverseScope = IAccountManager::SCOPE_PUBLISHED;
+        $birthdate = '2020-01-01';
+        $birthdateScope = IAccountManager::SCOPE_PUBLISHED;
+        $pronouns = 'she/her';
+        $pronounsScope = IAccountManager::SCOPE_PUBLISHED;
+
+        // All settings are changed (in the past phone, website, address and
+        // twitter were not changed).
+        $expectedProperties = $defaultProperties;
+        $expectedProperties[IAccountManager::PROPERTY_AVATAR]['scope'] = $avatarScope;
+        $expectedProperties[IAccountManager::PROPERTY_DISPLAYNAME]['value'] = $displayName;
+        $expectedProperties[IAccountManager::PROPERTY_DISPLAYNAME]['scope'] = $displayNameScope;
+        $expectedProperties[IAccountManager::PROPERTY_EMAIL]['value'] = $email;
+        $expectedProperties[IAccountManager::PROPERTY_EMAIL]['scope'] = $emailScope;
+        $expectedProperties[IAccountManager::PROPERTY_PHONE]['value'] = $phone;
+        $expectedProperties[IAccountManager::PROPERTY_PHONE]['scope'] = $phoneScope;
+        $expectedProperties[IAccountManager::PROPERTY_WEBSITE]['value'] = $website;
+        $expectedProperties[IAccountManager::PROPERTY_WEBSITE]['scope'] = $websiteScope;
+        $expectedProperties[IAccountManager::PROPERTY_ADDRESS]['value'] = $address;
+        $expectedProperties[IAccountManager::PROPERTY_ADDRESS]['scope'] = $addressScope;
+        $expectedProperties[IAccountManager::PROPERTY_TWITTER]['value'] = $twitter;
+        $expectedProperties[IAccountManager::PROPERTY_TWITTER]['scope'] = $twitterScope;
+        $expectedProperties[IAccountManager::PROPERTY_BLUESKY]['value'] = $bluesky;
+        $expectedProperties[IAccountManager::PROPERTY_BLUESKY]['scope'] = $blueskyScope;
+        $expectedProperties[IAccountManager::PROPERTY_FEDIVERSE]['value'] = $fediverse;
+        $expectedProperties[IAccountManager::PROPERTY_FEDIVERSE]['scope'] = $fediverseScope;
+        $expectedProperties[IAccountManager::PROPERTY_BIRTHDATE]['value'] = $birthdate;
+        $expectedProperties[IAccountManager::PROPERTY_BIRTHDATE]['scope'] = $birthdateScope;
+        $expectedProperties[IAccountManager::PROPERTY_PRONOUNS]['value'] = $pronouns;
+        $expectedProperties[IAccountManager::PROPERTY_PRONOUNS]['scope'] = $pronounsScope;
+
+        $this->mailer->expects($this->once())->method('validateMailAddress')
+            ->willReturn(true);
+
+        $controller->expects($this->once())
+            ->method('saveUserSettings')
+            ->with($userAccount);
+
+        $controller->setUserSettings(
+            $avatarScope,
+            $displayName,
+            $displayNameScope,
+            $phone,
+            $phoneScope,
+            $email,
+            $emailScope,
+            $website,
+            $websiteScope,
+            $address,
+            $addressScope,
+            $twitter,
+            $twitterScope,
+            $bluesky,
+            $blueskyScope,
+            $fediverse,
+            $fediverseScope,
+            $birthdate,
+            $birthdateScope,
+            $pronouns,
+            $pronounsScope,
+        );
+    }
+
+    #[\PHPUnit\Framework\Attributes\DataProvider('dataTestSetUserSettingsSubset')]
+    public function testSetUserSettingsSubset(string $property, string $propertyValue): void {
+        $controller = $this->getController(false, ['saveUserSettings']);
+        $user = $this->createMock(IUser::class);
+        $user->method('getUID')->willReturn('johndoe');
+
+        $this->userSession->method('getUser')->willReturn($user);
+
+        /** @var IAccount&MockObject $userAccount */
+        $userAccount = $this->getDefaultAccountMock();
+
+        $this->accountManager->expects($this->once())
+            ->method('getAccount')
+            ->with($user)
+            ->willReturn($userAccount);
+
+        $avatarScope = ($property === 'avatarScope') ? $propertyValue : null;
+        $displayName = ($property === 'displayName') ? $propertyValue : null;
+        $displayNameScope = ($property === 'displayNameScope') ? $propertyValue : null;
+        $phone = ($property === 'phone') ? $propertyValue : null;
+        $phoneScope = ($property === 'phoneScope') ? $propertyValue : null;
+        $email = ($property === 'email') ? $propertyValue : null;
+        $emailScope = ($property === 'emailScope') ? $propertyValue : null;
+        $website = ($property === 'website') ? $propertyValue : null;
+        $websiteScope = ($property === 'websiteScope') ? $propertyValue : null;
+        $address = ($property === 'address') ? $propertyValue : null;
+        $addressScope = ($property === 'addressScope') ? $propertyValue : null;
+        $twitter = ($property === 'twitter') ? $propertyValue : null;
+        $twitterScope = ($property === 'twitterScope') ? $propertyValue : null;
+        $bluesky = ($property === 'bluesky') ? $propertyValue : null;
+        $blueskyScope = ($property === 'blueskyScope') ? $propertyValue : null;
+        $fediverse = ($property === 'fediverse') ? $propertyValue : null;
+        $fediverseScope = ($property === 'fediverseScope') ? $propertyValue : null;
+        $birthdate = ($property === 'birthdate') ? $propertyValue : null;
+        $birthdateScope = ($property === 'birthdateScope') ? $propertyValue : null;
+        $pronouns = ($property === 'pronouns') ? $propertyValue : null;
+        $pronounsScope = ($property === 'pronounsScope') ? $propertyValue : null;
+
+        /** @var IAccountProperty[]&MockObject[] $expectedProperties */
+        $expectedProperties = $userAccount->getProperties();
+        $isScope = strrpos($property, 'Scope') === strlen($property) - strlen('5');
+        switch ($property) {
+            case 'avatarScope':
+                $propertyId = IAccountManager::PROPERTY_AVATAR;
+                break;
+            case 'displayName':
+            case 'displayNameScope':
+                $propertyId = IAccountManager::PROPERTY_DISPLAYNAME;
+                break;
+            case 'phone':
+            case 'phoneScope':
+                $propertyId = IAccountManager::PROPERTY_PHONE;
+                break;
+            case 'email':
+            case 'emailScope':
+                $propertyId = IAccountManager::PROPERTY_EMAIL;
+                break;
+            case 'website':
+            case 'websiteScope':
+                $propertyId = IAccountManager::PROPERTY_WEBSITE;
+                break;
+            case 'address':
+            case 'addressScope':
+                $propertyId = IAccountManager::PROPERTY_ADDRESS;
+                break;
+            case 'twitter':
+            case 'twitterScope':
+                $propertyId = IAccountManager::PROPERTY_TWITTER;
+                break;
+            case 'bluesky':
+            case 'blueskyScope':
+                $propertyId = IAccountManager::PROPERTY_BLUESKY;
+                break;
+            case 'fediverse':
+            case 'fediverseScope':
+                $propertyId = IAccountManager::PROPERTY_FEDIVERSE;
+                break;
+            case 'birthdate':
+            case 'birthdateScope':
+                $propertyId = IAccountManager::PROPERTY_BIRTHDATE;
+                break;
+            case 'pronouns':
+            case 'pronounsScope':
+                $propertyId = IAccountManager::PROPERTY_PRONOUNS;
+                break;
+            default:
+                $propertyId = '404';
+        }
+        $expectedProperties[$propertyId]->expects($this->any())
+            ->method($isScope ? 'getScope' : 'getValue')
+            ->willReturn($propertyValue);
+
+        if (!empty($email)) {
+            $this->mailer->expects($this->once())->method('validateMailAddress')
+                ->willReturn(true);
+        }
+
+        $controller->expects($this->once())
+            ->method('saveUserSettings')
+            ->with($userAccount);
+
+        $controller->setUserSettings(
+            $avatarScope,
+            $displayName,
+            $displayNameScope,
+            $phone,
+            $phoneScope,
+            $email,
+            $emailScope,
+            $website,
+            $websiteScope,
+            $address,
+            $addressScope,
+            $twitter,
+            $twitterScope,
+            $bluesky,
+            $blueskyScope,
+            $fediverse,
+            $fediverseScope,
+            $birthdate,
+            $birthdateScope,
+            $pronouns,
+            $pronounsScope,
+        );
+    }
+
+    public static function dataTestSetUserSettingsSubset(): array {
+        return [
+            ['avatarScope', IAccountManager::SCOPE_PUBLISHED],
+            ['displayName', 'Display name'],
+            ['displayNameScope', IAccountManager::SCOPE_PUBLISHED],
+            ['phone', '47658468'],
+            ['phoneScope', IAccountManager::SCOPE_PUBLISHED],
+            ['email', 'john@example.com'],
+            ['emailScope', IAccountManager::SCOPE_PUBLISHED],
+            ['website', 'nextcloud.com'],
+            ['websiteScope', IAccountManager::SCOPE_PUBLISHED],
+            ['address', 'street and city'],
+            ['addressScope', IAccountManager::SCOPE_PUBLISHED],
+            ['twitter', '@nextclouders'],
+            ['twitterScope', IAccountManager::SCOPE_PUBLISHED],
+            ['bluesky', 'nextclouders.net'],
+            ['blueskyScope', IAccountManager::SCOPE_PUBLISHED],
+            ['fediverse', '@nextclouders@floss.social'],
+            ['fediverseScope', IAccountManager::SCOPE_PUBLISHED],
+            ['birthdate', '2020-01-01'],
+            ['birthdateScope', IAccountManager::SCOPE_PUBLISHED],
+            ['pronouns', 'he/him'],
+            ['pronounsScope', IAccountManager::SCOPE_PUBLISHED],
+        ];
+    }
+
+    #[\PHPUnit\Framework\Attributes\DataProvider('dataTestSaveUserSettings')]
+    public function testSaveUserSettings(array $data, ?string $oldEmailAddress, ?string $oldDisplayName): void {
+        $controller = $this->getController();
+        $user = $this->createMock(IUser::class);
+
+        $user->method('getDisplayName')->willReturn($oldDisplayName);
+        $user->method('getSystemEMailAddress')->willReturn($oldEmailAddress);
+        $user->method('canChangeDisplayName')->willReturn(true);
+
+        if (strtolower($data[IAccountManager::PROPERTY_EMAIL]['value']) === strtolower($oldEmailAddress ?? '')) {
+            $user->expects($this->never())->method('setSystemEMailAddress');
+        } else {
+            $user->expects($this->once())->method('setSystemEMailAddress')
+                ->with($data[IAccountManager::PROPERTY_EMAIL]['value']);
+        }
+
+        if ($data[IAccountManager::PROPERTY_DISPLAYNAME]['value'] === $oldDisplayName ?? '') {
+            $user->expects($this->never())->method('setDisplayName');
+        } else {
+            $user->expects($this->once())->method('setDisplayName')
+                ->with($data[IAccountManager::PROPERTY_DISPLAYNAME]['value'])
+                ->willReturn(true);
+        }
+
+        $properties = [];
+        foreach ($data as $propertyName => $propertyData) {
+            $properties[$propertyName] = $this->createMock(IAccountProperty::class);
+            $properties[$propertyName]->expects($this->any())
+                ->method('getValue')
+                ->willReturn($propertyData['value']);
+        }
+
+        $account = $this->createMock(IAccount::class);
+        $account->expects($this->any())
+            ->method('getUser')
+            ->willReturn($user);
+        $account->expects($this->any())
+            ->method('getProperty')
+            ->willReturnCallback(function (string $propertyName) use ($properties) {
+                return $properties[$propertyName];
+            });
+
+        $this->accountManager->expects($this->any())
+            ->method('getAccount')
+            ->willReturn($account);
+
+        $this->accountManager->expects($this->once())
+            ->method('updateAccount')
+            ->with($account);
+
+        $this->invokePrivate($controller, 'saveUserSettings', [$account]);
+    }
+
+    public static function dataTestSaveUserSettings(): array {
+        return [
+            [
+                [
+                    IAccountManager::PROPERTY_EMAIL => ['value' => 'john@example.com'],
+                    IAccountManager::PROPERTY_DISPLAYNAME => ['value' => 'john doe'],
+                ],
+                'john@example.com',
+                'john doe'
+            ],
+            [
+                [
+                    IAccountManager::PROPERTY_EMAIL => ['value' => 'john@example.com'],
+                    IAccountManager::PROPERTY_DISPLAYNAME => ['value' => 'john doe'],
+                ],
+                'johnNew@example.com',
+                'john New doe'
+            ],
+            [
+                [
+                    IAccountManager::PROPERTY_EMAIL => ['value' => 'john@example.com'],
+                    IAccountManager::PROPERTY_DISPLAYNAME => ['value' => 'john doe'],
+                ],
+                'johnNew@example.com',
+                'john doe'
+            ],
+            [
+                [
+                    IAccountManager::PROPERTY_EMAIL => ['value' => 'john@example.com'],
+                    IAccountManager::PROPERTY_DISPLAYNAME => ['value' => 'john doe'],
+                ],
+                'john@example.com',
+                'john New doe'
+            ],
+            [
+                [
+                    IAccountManager::PROPERTY_EMAIL => ['value' => ''],
+                    IAccountManager::PROPERTY_DISPLAYNAME => ['value' => 'john doe'],
+                ],
+                null,
+                'john New doe'
+            ],
+            [
+                [
+                    IAccountManager::PROPERTY_EMAIL => ['value' => 'john@example.com'],
+                    IAccountManager::PROPERTY_DISPLAYNAME => ['value' => 'john doe'],
+                ],
+                'john@example.com',
+                null
+            ],
+            [
+                [
+                    IAccountManager::PROPERTY_EMAIL => ['value' => 'john@example.com'],
+                    IAccountManager::PROPERTY_DISPLAYNAME => ['value' => 'john doe'],
+                ],
+                'JOHN@example.com',
+                null
+            ],
+
+        ];
+    }
+
+    #[\PHPUnit\Framework\Attributes\DataProvider('dataTestSaveUserSettingsException')]
+    public function testSaveUserSettingsException(
+        array $data,
+        string $oldEmailAddress,
+        string $oldDisplayName,
+        bool $setDisplayNameResult,
+        bool $canChangeEmail,
+    ): void {
+        $this->expectException(ForbiddenException::class);
+
+        $controller = $this->getController();
+        $user = $this->createMock(IUser::class);
+
+        $user->method('getDisplayName')->willReturn($oldDisplayName);
+        $user->method('getEMailAddress')->willReturn($oldEmailAddress);
+
+        /** @var MockObject|IAccount $userAccount */
+        $userAccount = $this->createMock(IAccount::class);
+        $userAccount->expects($this->any())
+            ->method('getUser')
+            ->willReturn($user);
+        $propertyMocks = [];
+        foreach ($data as $propertyName => $propertyData) {
+            /** @var MockObject|IAccountProperty $property */
+            $propertyMocks[$propertyName] = $this->buildPropertyMock($propertyName, $propertyData['value'], '');
+        }
+        $userAccount->expects($this->any())
+            ->method('getProperty')
+            ->willReturnCallback(function (string $propertyName) use ($propertyMocks) {
+                return $propertyMocks[$propertyName];
+            });
+
+        if ($data[IAccountManager::PROPERTY_EMAIL]['value'] !== $oldEmailAddress) {
+            $user->method('canChangeDisplayName')
+                ->willReturn($canChangeEmail);
+        }
+
+        if ($data[IAccountManager::PROPERTY_DISPLAYNAME]['value'] !== $oldDisplayName) {
+            $user->method('setDisplayName')
+                ->with($data[IAccountManager::PROPERTY_DISPLAYNAME]['value'])
+                ->willReturn($setDisplayNameResult);
+        }
+
+        $this->invokePrivate($controller, 'saveUserSettings', [$userAccount]);
+    }
+
+
+    public static function dataTestSaveUserSettingsException(): array {
+        return [
+            [
+                [
+                    IAccountManager::PROPERTY_EMAIL => ['value' => 'john@example.com'],
+                    IAccountManager::PROPERTY_DISPLAYNAME => ['value' => 'john doe'],
+                ],
+                'johnNew@example.com',
+                'john New doe',
+                true,
+                false
+            ],
+            [
+                [
+                    IAccountManager::PROPERTY_EMAIL => ['value' => 'john@example.com'],
+                    IAccountManager::PROPERTY_DISPLAYNAME => ['value' => 'john doe'],
+                ],
+                'johnNew@example.com',
+                'john New doe',
+                false,
+                true
+            ],
+            [
+                [
+                    IAccountManager::PROPERTY_EMAIL => ['value' => 'john@example.com'],
+                    IAccountManager::PROPERTY_DISPLAYNAME => ['value' => 'john doe'],
+                ],
+                'johnNew@example.com',
+                'john New doe',
+                false,
+                false
+            ],
+
+        ];
+    }
+
+    #[\PHPUnit\Framework\Attributes\DataProvider('dataTestGetVerificationCode')]
+    public function testGetVerificationCode(string $account, string $type, array $dataBefore, array $expectedData, bool $onlyVerificationCode): void {
+        $message = 'Use my Federated Cloud ID to share with me: user@nextcloud.com';
+        $signature = 'theSignature';
+
+        $code = $message . ' ' . $signature;
+        if ($type === IAccountManager::PROPERTY_TWITTER || $type === IAccountManager::PROPERTY_FEDIVERSE) {
+            $code = $message . ' ' . md5($signature);
+        }
+
+        $controller = $this->getController(false, ['signMessage', 'getCurrentTime']);
+
+        $user = $this->createMock(IUser::class);
+
+        $property = $this->buildPropertyMock($type, $dataBefore[$type]['value'], '', IAccountManager::NOT_VERIFIED);
+        $property->expects($this->atLeastOnce())
+            ->method('setVerified')
+            ->with(IAccountManager::VERIFICATION_IN_PROGRESS)
+            ->willReturnSelf();
+        $property->expects($this->atLeastOnce())
+            ->method('setVerificationData')
+            ->with($signature)
+            ->willReturnSelf();
+
+        $userAccount = $this->createMock(IAccount::class);
+        $userAccount->expects($this->any())
+            ->method('getUser')
+            ->willReturn($user);
+        $userAccount->expects($this->any())
+            ->method('getProperty')
+            ->willReturn($property);
+
+        $this->userSession->expects($this->once())->method('getUser')->willReturn($user);
+        $this->accountManager->expects($this->once())->method('getAccount')->with($user)->willReturn($userAccount);
+        $user->expects($this->any())->method('getCloudId')->willReturn('user@nextcloud.com');
+        $user->expects($this->any())->method('getUID')->willReturn('uid');
+        $controller->expects($this->once())->method('signMessage')->with($user, $message)->willReturn($signature);
+        $controller->expects($this->any())->method('getCurrentTime')->willReturn(1234567);
+
+        if ($onlyVerificationCode === false) {
+            $this->accountManager->expects($this->once())->method('updateAccount')->with($userAccount)->willReturnArgument(1);
+            $this->jobList->expects($this->once())->method('add')
+                ->with('OCA\Settings\BackgroundJobs\VerifyUserData',
+                    [
+                        'verificationCode' => $code,
+                        'data' => $dataBefore[$type]['value'],
+                        'type' => $type,
+                        'uid' => 'uid',
+                        'try' => 0,
+                        'lastRun' => 1234567
+                    ]);
+        }
+
+        $result = $controller->getVerificationCode($account, $onlyVerificationCode);
+
+        $data = $result->getData();
+        $this->assertSame(Http::STATUS_OK, $result->getStatus());
+        $this->assertSame($code, $data['code']);
+    }
+
+    public static function dataTestGetVerificationCode(): array {
+        $accountDataBefore = [
+            IAccountManager::PROPERTY_WEBSITE => ['value' => 'https://nextcloud.com', 'verified' => IAccountManager::NOT_VERIFIED],
+            IAccountManager::PROPERTY_TWITTER => ['value' => '@nextclouders', 'verified' => IAccountManager::NOT_VERIFIED, 'signature' => 'theSignature'],
+        ];
+
+        $accountDataAfterWebsite = [
+            IAccountManager::PROPERTY_WEBSITE => ['value' => 'https://nextcloud.com', 'verified' => IAccountManager::VERIFICATION_IN_PROGRESS, 'signature' => 'theSignature'],
+            IAccountManager::PROPERTY_TWITTER => ['value' => '@nextclouders', 'verified' => IAccountManager::NOT_VERIFIED, 'signature' => 'theSignature'],
+        ];
+
+        $accountDataAfterTwitter = [
+            IAccountManager::PROPERTY_WEBSITE => ['value' => 'https://nextcloud.com', 'verified' => IAccountManager::NOT_VERIFIED],
+            IAccountManager::PROPERTY_TWITTER => ['value' => '@nextclouders', 'verified' => IAccountManager::VERIFICATION_IN_PROGRESS, 'signature' => 'theSignature'],
+        ];
+
+        return [
+            ['verify-twitter', IAccountManager::PROPERTY_TWITTER, $accountDataBefore, $accountDataAfterTwitter, false],
+            ['verify-website', IAccountManager::PROPERTY_WEBSITE, $accountDataBefore, $accountDataAfterWebsite, false],
+            ['verify-twitter', IAccountManager::PROPERTY_TWITTER, $accountDataBefore, $accountDataAfterTwitter, true],
+            ['verify-website', IAccountManager::PROPERTY_WEBSITE, $accountDataBefore, $accountDataAfterWebsite, true],
+        ];
+    }
+
+    /**
+     * test get verification code in case no valid user was given
+     */
+    public function testGetVerificationCodeInvalidUser(): void {
+        $controller = $this->getController();
+        $this->userSession->expects($this->once())->method('getUser')->willReturn(null);
+        $result = $controller->getVerificationCode('account', false);
+
+        $this->assertSame(Http::STATUS_BAD_REQUEST, $result->getStatus());
+    }
+
+    #[\PHPUnit\Framework\Attributes\DataProvider('dataTestCanAdminChangeUserPasswords')]
+    public function testCanAdminChangeUserPasswords(
+        bool $encryptionEnabled,
+        bool $encryptionModuleLoaded,
+        bool $masterKeyEnabled,
+        bool $expected,
+    ): void {
+        $controller = $this->getController();
+
+        $this->encryptionManager->expects($this->any())
+            ->method('isEnabled')
+            ->willReturn($encryptionEnabled);
+        $this->encryptionManager->expects($this->any())
+            ->method('getEncryptionModule')
+            ->willReturnCallback(function () use ($encryptionModuleLoaded) {
+                if ($encryptionModuleLoaded) {
+                    return $this->encryptionModule;
+                } else {
+                    throw new ModuleDoesNotExistsException();
+                }
+            });
+        $this->encryptionModule->expects($this->any())
+            ->method('needDetailedAccessList')
+            ->willReturn(!$masterKeyEnabled);
+
+        $result = $this->invokePrivate($controller, 'canAdminChangeUserPasswords', []);
+        $this->assertSame($expected, $result);
+    }
+
+    public static function dataTestCanAdminChangeUserPasswords(): array {
+        return [
+            // encryptionEnabled, encryptionModuleLoaded, masterKeyEnabled, expectedResult
+            [true, true, true, true],
+            [false, true, true, true],
+            [true, false, true, false],
+            [false, false, true, true],
+            [true, true, false, false],
+            [false, true, false, false],
+            [true, false, false, false],
+            [false, false, false, true],
+        ];
+    }
+    #[\PHPUnit\Framework\Attributes\DataProvider('dataSetPreference')]
+    public function testSetPreference(string $key, string $value, bool $isUserValue, bool $isAppValue, int $expectedStatus): void {
+        $controller = $this->getController(false, []);
+        $user = $this->createMock(IUser::class);
+        $user->method('getUID')->willReturn('testUser');
+        $this->userSession->method('getUser')->willReturn($user);
+
+        if ($isAppValue) {
+            if ($value === 'true' || $value === 'false' || $value === 'yes' || $value === 'no') {
+                $this->appConfig->expects($this->once())
+                    ->method('setValueBool')
+                    ->with('core', $key, $value === 'yes' || $value === 'true');
+            } else {
+                $this->appConfig->expects($this->once())
+                    ->method('setValueString')
+                    ->with('core', $key, $value);
+            }
+            $this->userConfig->expects($this->never())
+                ->method('setValueBool');
+        } elseif ($isUserValue) {
+            $this->userConfig->expects($this->once())
+                ->method('setValueBool')
+                ->with('testUser', 'settings', $key, $value === 'true');
+            $this->appConfig->expects($this->never())
+                ->method('setValueString');
+            $this->appConfig->expects($this->never())
+                ->method('setValueBool');
+        } else {
+            $this->appConfig->expects($this->never())->method('setValueString');
+            $this->appConfig->expects($this->never())->method('setValueBool');
+            $this->userConfig->expects($this->never())->method('setValueString');
+            $this->userConfig->expects($this->never())->method('setValueBool');
+        }
+
+        $response = $controller->setPreference($key, $value);
+        $this->assertEquals($expectedStatus, $response->getStatus());
+    }
+
+    public static function dataSetPreference(): array {
+        return [
+            ['newUser.sendEmail', 'yes', false, true, Http::STATUS_OK],
+            ['newUser.sendEmail', 'no', false, true, Http::STATUS_OK],
+            ['group.sortBy', '1', false, true, Http::STATUS_OK],
+            [ConfigLexicon::USER_LIST_SHOW_STORAGE_PATH, 'true', true, false, Http::STATUS_OK],
+            [ConfigLexicon::USER_LIST_SHOW_USER_BACKEND, 'false', true, false, Http::STATUS_OK],
+            [ConfigLexicon::USER_LIST_SHOW_FIRST_LOGIN, 'true', true, false, Http::STATUS_OK],
+            [ConfigLexicon::USER_LIST_SHOW_LAST_LOGIN, 'true', true, false, Http::STATUS_OK],
+            [ConfigLexicon::USER_LIST_SHOW_NEW_USER_FORM, 'true', true, false, Http::STATUS_OK],
+            [ConfigLexicon::USER_LIST_SHOW_LANGUAGES, 'true', true, false, Http::STATUS_OK],
+            ['invalidKey', 'value', false, false, Http::STATUS_FORBIDDEN],
+        ];
+    }
 }