nextcloud / server

build/integration/features/bootstrap/CollaborationContext.php

Indentation +179 added lines, -179 removed lines

@@ -14,75 +14,75 @@ 
 require __DIR__ . '/autoload.php';
 
 class CollaborationContext implements Context {
-	use Provisioning;
-	use AppConfiguration;
-	use WebDav;
-
-	/**
-	 * @Then /^get autocomplete for "([^"]*)"$/
-	 * @param TableNode|null $formData
-	 */
-	public function getAutocompleteForUser(string $search, TableNode $formData): void {
-		$this->getAutocompleteWithType(0, $search, $formData);
-	}
-
-	/**
-	 * @Then /^get email autocomplete for "([^"]*)"$/
-	 * @param TableNode|null $formData
-	 */
-	public function getAutocompleteForEmail(string $search, TableNode $formData): void {
-		$this->getAutocompleteWithType(4, $search, $formData);
-	}
-
-	private function getAutocompleteWithType(int $type, string $search, TableNode $formData): void {
-		$query = $search === 'null' ? null : $search;
-
-		$this->sendRequestForJSON('GET', '/core/autocomplete/get?itemType=files&itemId=123&shareTypes[]=' . $type . '&search=' . $query, [
-			'itemType' => 'files',
-			'itemId' => '123',
-			'search' => $query,
-		]);
-		$this->theHTTPStatusCodeShouldBe(200);
-
-		$data = json_decode($this->response->getBody()->getContents(), true);
-		$suggestions = $data['ocs']['data'];
-
-		Assert::assertCount(count($formData->getHash()), $suggestions, 'Suggestion count does not match');
-		Assert::assertEquals($formData->getHash(), array_map(static function ($suggestion, $expected) {
-			$data = [];
-			if (isset($expected['id'])) {
-				$data['id'] = $suggestion['id'];
-			}
-			if (isset($expected['source'])) {
-				$data['source'] = $suggestion['source'];
-			}
-			if (isset($expected['status'])) {
-				$data['status'] = json_encode($suggestion['status']);
-			}
-			return $data;
-		}, $suggestions, $formData->getHash()));
-	}
-
-	/**
-	 * @Given /^there is a contact in an addressbook$/
-	 */
-	public function thereIsAContactInAnAddressbook() {
-		$this->usingNewDavPath();
-		try {
-			$destination = '/users/admin/myaddressbook';
-			$data = '<x0:mkcol xmlns:x0="DAV:"><x0:set><x0:prop><x0:resourcetype><x0:collection/><x4:addressbook xmlns:x4="urn:ietf:params:xml:ns:carddav"/></x0:resourcetype><x0:displayname>myaddressbook</x0:displayname></x0:prop></x0:set></x0:mkcol>';
-			$this->response = $this->makeDavRequest($this->currentUser, 'MKCOL', $destination, ['Content-Type' => 'application/xml'], $data, 'addressbooks');
-		} catch (\GuzzleHttp\Exception\ServerException $e) {
-			// 5xx responses cause a server exception
-			$this->response = $e->getResponse();
-		} catch (\GuzzleHttp\Exception\ClientException $e) {
-			// 4xx responses cause a client exception
-			$this->response = $e->getResponse();
-		}
-
-		try {
-			$destination = '/users/admin/myaddressbook/contact1.vcf';
-			$data = <<<EOF
+    use Provisioning;
+    use AppConfiguration;
+    use WebDav;
+
+    /**
+     * @Then /^get autocomplete for "([^"]*)"$/
+     * @param TableNode|null $formData
+     */
+    public function getAutocompleteForUser(string $search, TableNode $formData): void {
+        $this->getAutocompleteWithType(0, $search, $formData);
+    }
+
+    /**
+     * @Then /^get email autocomplete for "([^"]*)"$/
+     * @param TableNode|null $formData
+     */
+    public function getAutocompleteForEmail(string $search, TableNode $formData): void {
+        $this->getAutocompleteWithType(4, $search, $formData);
+    }
+
+    private function getAutocompleteWithType(int $type, string $search, TableNode $formData): void {
+        $query = $search === 'null' ? null : $search;
+
+        $this->sendRequestForJSON('GET', '/core/autocomplete/get?itemType=files&itemId=123&shareTypes[]=' . $type . '&search=' . $query, [
+            'itemType' => 'files',
+            'itemId' => '123',
+            'search' => $query,
+        ]);
+        $this->theHTTPStatusCodeShouldBe(200);
+
+        $data = json_decode($this->response->getBody()->getContents(), true);
+        $suggestions = $data['ocs']['data'];
+
+        Assert::assertCount(count($formData->getHash()), $suggestions, 'Suggestion count does not match');
+        Assert::assertEquals($formData->getHash(), array_map(static function ($suggestion, $expected) {
+            $data = [];
+            if (isset($expected['id'])) {
+                $data['id'] = $suggestion['id'];
+            }
+            if (isset($expected['source'])) {
+                $data['source'] = $suggestion['source'];
+            }
+            if (isset($expected['status'])) {
+                $data['status'] = json_encode($suggestion['status']);
+            }
+            return $data;
+        }, $suggestions, $formData->getHash()));
+    }
+
+    /**
+     * @Given /^there is a contact in an addressbook$/
+     */
+    public function thereIsAContactInAnAddressbook() {
+        $this->usingNewDavPath();
+        try {
+            $destination = '/users/admin/myaddressbook';
+            $data = '<x0:mkcol xmlns:x0="DAV:"><x0:set><x0:prop><x0:resourcetype><x0:collection/><x4:addressbook xmlns:x4="urn:ietf:params:xml:ns:carddav"/></x0:resourcetype><x0:displayname>myaddressbook</x0:displayname></x0:prop></x0:set></x0:mkcol>';
+            $this->response = $this->makeDavRequest($this->currentUser, 'MKCOL', $destination, ['Content-Type' => 'application/xml'], $data, 'addressbooks');
+        } catch (\GuzzleHttp\Exception\ServerException $e) {
+            // 5xx responses cause a server exception
+            $this->response = $e->getResponse();
+        } catch (\GuzzleHttp\Exception\ClientException $e) {
+            // 4xx responses cause a client exception
+            $this->response = $e->getResponse();
+        }
+
+        try {
+            $destination = '/users/admin/myaddressbook/contact1.vcf';
+            $data = <<<EOF
 BEGIN:VCARD
 VERSION:4.0
 PRODID:-//Nextcloud Contacts v4.0.2
@@ -93,114 +93,114 @@ 
 REV;VALUE=DATE-AND-OR-TIME:20211130T140111Z
 END:VCARD
 EOF;
-			$this->response = $this->makeDavRequest($this->currentUser, 'PUT', $destination, [], $data, 'addressbooks');
-		} catch (\GuzzleHttp\Exception\ServerException $e) {
-			// 5xx responses cause a server exception
-			$this->response = $e->getResponse();
-		} catch (\GuzzleHttp\Exception\ClientException $e) {
-			// 4xx responses cause a client exception
-			$this->response = $e->getResponse();
-		}
-	}
-
-	protected function resetAppConfigs(): void {
-		$this->deleteServerConfig('core', 'shareapi_allow_share_dialog_user_enumeration');
-		$this->deleteServerConfig('core', 'shareapi_restrict_user_enumeration_to_group');
-		$this->deleteServerConfig('core', 'shareapi_restrict_user_enumeration_to_phone');
-		$this->deleteServerConfig('core', 'shareapi_restrict_user_enumeration_full_match');
-		$this->deleteServerConfig('core', 'shareapi_restrict_user_enumeration_full_match_user_id');
-		$this->deleteServerConfig('core', 'shareapi_restrict_user_enumeration_full_match_email');
-		$this->deleteServerConfig('core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_dn');
-		$this->deleteServerConfig('core', 'shareapi_only_share_with_group_members');
-	}
-
-	/**
-	 * @Given /^user "([^"]*)" has status "([^"]*)"$/
-	 * @param string $user
-	 * @param string $status
-	 */
-	public function assureUserHasStatus($user, $status) {
-		$fullUrl = $this->baseUrl . "v{$this->apiVersion}.php/apps/user_status/api/v1/user_status/status";
-		$client = new Client();
-		$options = [
-			'headers' => [
-				'OCS-APIREQUEST' => 'true',
-			],
-		];
-		if ($user === 'admin') {
-			$options['auth'] = $this->adminUser;
-		} else {
-			$options['auth'] = [$user, $this->regularUser];
-		}
-
-		$options['form_params'] = [
-			'statusType' => $status
-		];
-
-		$this->response = $client->put($fullUrl, $options);
-		$this->theHTTPStatusCodeShouldBe(200);
-
-		$fullUrl = $this->baseUrl . "v{$this->apiVersion}.php/apps/user_status/api/v1/user_status";
-		unset($options['form_params']);
-		$this->response = $client->get($fullUrl, $options);
-		$this->theHTTPStatusCodeShouldBe(200);
-
-		$returnedStatus = json_decode(json_encode(simplexml_load_string($this->response->getBody()->getContents())->data), true)['status'];
-		Assert::assertEquals($status, $returnedStatus);
-	}
-
-	/**
-	 * @param string $user
-	 * @return null|array
-	 */
-	public function getStatusList(string $user): ?array {
-		$fullUrl = $this->baseUrl . "v{$this->apiVersion}.php/apps/user_status/api/v1/statuses";
-		$client = new Client();
-		$options = [
-			'headers' => [
-				'OCS-APIREQUEST' => 'true',
-			],
-		];
-		if ($user === 'admin') {
-			$options['auth'] = $this->adminUser;
-		} else {
-			$options['auth'] = [$user, $this->regularUser];
-		}
-
-		$this->response = $client->get($fullUrl, $options);
-		$this->theHTTPStatusCodeShouldBe(200);
-
-		$contents = $this->response->getBody()->getContents();
-		return json_decode(json_encode(simplexml_load_string($contents)->data), true);
-	}
-
-	/**
-	 * @Given /^user statuses for "([^"]*)" list "([^"]*)" with status "([^"]*)"$/
-	 * @param string $user
-	 * @param string $statusUser
-	 * @param string $status
-	 */
-	public function assertStatusesList(string $user, string $statusUser, string $status): void {
-		$statusList = $this->getStatusList($user);
-		Assert::assertArrayHasKey('element', $statusList, 'Returned status list empty or broken');
-		if (array_key_exists('userId', $statusList['element'])) {
-			// If only one user has a status set, the API returns their status directly
-			Assert::assertArrayHasKey('status', $statusList['element'], 'Returned status list empty or broken');
-			$filteredStatusList = [ $statusList['element']['userId'] => $statusList['element']['status'] ];
-		} else {
-			// If more than one user have their status set, the API returns an array of their statuses
-			$filteredStatusList = array_column($statusList['element'], 'status', 'userId');
-		}
-		Assert::assertArrayHasKey($statusUser, $filteredStatusList, 'User not listed in statuses: ' . $statusUser);
-		Assert::assertEquals($status, $filteredStatusList[$statusUser]);
-	}
-
-	/**
-	 * @Given /^user statuses for "([^"]*)" are empty$/
-	 * @param string $user
-	 */
-	public function assertStatusesEmpty(string $user): void {
-		$statusList = $this->getStatusList($user);
-		Assert::assertEmpty($statusList);
-	}
+            $this->response = $this->makeDavRequest($this->currentUser, 'PUT', $destination, [], $data, 'addressbooks');
+        } catch (\GuzzleHttp\Exception\ServerException $e) {
+            // 5xx responses cause a server exception
+            $this->response = $e->getResponse();
+        } catch (\GuzzleHttp\Exception\ClientException $e) {
+            // 4xx responses cause a client exception
+            $this->response = $e->getResponse();
+        }
+    }
+
+    protected function resetAppConfigs(): void {
+        $this->deleteServerConfig('core', 'shareapi_allow_share_dialog_user_enumeration');
+        $this->deleteServerConfig('core', 'shareapi_restrict_user_enumeration_to_group');
+        $this->deleteServerConfig('core', 'shareapi_restrict_user_enumeration_to_phone');
+        $this->deleteServerConfig('core', 'shareapi_restrict_user_enumeration_full_match');
+        $this->deleteServerConfig('core', 'shareapi_restrict_user_enumeration_full_match_user_id');
+        $this->deleteServerConfig('core', 'shareapi_restrict_user_enumeration_full_match_email');
+        $this->deleteServerConfig('core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_dn');
+        $this->deleteServerConfig('core', 'shareapi_only_share_with_group_members');
+    }
+
+    /**
+     * @Given /^user "([^"]*)" has status "([^"]*)"$/
+     * @param string $user
+     * @param string $status
+     */
+    public function assureUserHasStatus($user, $status) {
+        $fullUrl = $this->baseUrl . "v{$this->apiVersion}.php/apps/user_status/api/v1/user_status/status";
+        $client = new Client();
+        $options = [
+            'headers' => [
+                'OCS-APIREQUEST' => 'true',
+            ],
+        ];
+        if ($user === 'admin') {
+            $options['auth'] = $this->adminUser;
+        } else {
+            $options['auth'] = [$user, $this->regularUser];
+        }
+
+        $options['form_params'] = [
+            'statusType' => $status
+        ];
+
+        $this->response = $client->put($fullUrl, $options);
+        $this->theHTTPStatusCodeShouldBe(200);
+
+        $fullUrl = $this->baseUrl . "v{$this->apiVersion}.php/apps/user_status/api/v1/user_status";
+        unset($options['form_params']);
+        $this->response = $client->get($fullUrl, $options);
+        $this->theHTTPStatusCodeShouldBe(200);
+
+        $returnedStatus = json_decode(json_encode(simplexml_load_string($this->response->getBody()->getContents())->data), true)['status'];
+        Assert::assertEquals($status, $returnedStatus);
+    }
+
+    /**
+     * @param string $user
+     * @return null|array
+     */
+    public function getStatusList(string $user): ?array {
+        $fullUrl = $this->baseUrl . "v{$this->apiVersion}.php/apps/user_status/api/v1/statuses";
+        $client = new Client();
+        $options = [
+            'headers' => [
+                'OCS-APIREQUEST' => 'true',
+            ],
+        ];
+        if ($user === 'admin') {
+            $options['auth'] = $this->adminUser;
+        } else {
+            $options['auth'] = [$user, $this->regularUser];
+        }
+
+        $this->response = $client->get($fullUrl, $options);
+        $this->theHTTPStatusCodeShouldBe(200);
+
+        $contents = $this->response->getBody()->getContents();
+        return json_decode(json_encode(simplexml_load_string($contents)->data), true);
+    }
+
+    /**
+     * @Given /^user statuses for "([^"]*)" list "([^"]*)" with status "([^"]*)"$/
+     * @param string $user
+     * @param string $statusUser
+     * @param string $status
+     */
+    public function assertStatusesList(string $user, string $statusUser, string $status): void {
+        $statusList = $this->getStatusList($user);
+        Assert::assertArrayHasKey('element', $statusList, 'Returned status list empty or broken');
+        if (array_key_exists('userId', $statusList['element'])) {
+            // If only one user has a status set, the API returns their status directly
+            Assert::assertArrayHasKey('status', $statusList['element'], 'Returned status list empty or broken');
+            $filteredStatusList = [ $statusList['element']['userId'] => $statusList['element']['status'] ];
+        } else {
+            // If more than one user have their status set, the API returns an array of their statuses
+            $filteredStatusList = array_column($statusList['element'], 'status', 'userId');
+        }
+        Assert::assertArrayHasKey($statusUser, $filteredStatusList, 'User not listed in statuses: ' . $statusUser);
+        Assert::assertEquals($status, $filteredStatusList[$statusUser]);
+    }
+
+    /**
+     * @Given /^user statuses for "([^"]*)" are empty$/
+     * @param string $user
+     */
+    public function assertStatusesEmpty(string $user): void {
+        $statusList = $this->getStatusList($user);
+        Assert::assertEmpty($statusList);
+    }
 }

lib/private/Collaboration/Collaborators/UserPlugin.php

Indentation +255 added lines, -255 removed lines

@@ -19,259 +19,259 @@
 use OCP\UserStatus\IManager as IUserStatusManager;
 
 class UserPlugin implements ISearchPlugin {
-	protected bool $shareWithGroupOnly;
-
-	protected bool $shareeEnumeration;
-
-	protected bool $shareeEnumerationInGroupOnly;
-
-	protected bool $shareeEnumerationPhone;
-
-	protected bool $shareeEnumerationFullMatch;
-
-	protected bool $shareeEnumerationFullMatchUserId;
-
-	protected bool $shareeEnumerationFullMatchEmail;
-
-	protected bool $shareeEnumerationFullMatchIgnoreSecondDisplayName;
-
-	public function __construct(
-		private IConfig $config,
-		private IUserManager $userManager,
-		private IGroupManager $groupManager,
-		private IUserSession $userSession,
-		private KnownUserService $knownUserService,
-		private IUserStatusManager $userStatusManager,
-		private mixed $shareWithGroupOnlyExcludeGroupsList = [],
-	) {
-		$this->shareWithGroupOnly = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members', 'no') === 'yes';
-		$this->shareeEnumeration = $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') === 'yes';
-		$this->shareeEnumerationInGroupOnly = $this->shareeEnumeration && $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no') === 'yes';
-		$this->shareeEnumerationPhone = $this->shareeEnumeration && $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_phone', 'no') === 'yes';
-		$this->shareeEnumerationFullMatch = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match', 'yes') === 'yes';
-		$this->shareeEnumerationFullMatchUserId = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_user_id', 'yes') === 'yes';
-		$this->shareeEnumerationFullMatchEmail = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_email', 'yes') === 'yes';
-		$this->shareeEnumerationFullMatchIgnoreSecondDisplayName = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_dn', 'no') === 'yes';
-
-		if ($this->shareWithGroupOnly) {
-			$this->shareWithGroupOnlyExcludeGroupsList = json_decode($this->config->getAppValue('core', 'shareapi_only_share_with_group_members_exclude_group_list', ''), true) ?? [];
-		}
-	}
-
-	public function search($search, $limit, $offset, ISearchResult $searchResult): bool {
-		$result = ['wide' => [], 'exact' => []];
-		$users = [];
-		$hasMoreResults = false;
-
-		/** @var IUser */
-		$currentUser = $this->userSession->getUser();
-		$currentUserId = $currentUser->getUID();
-		$currentUserGroups = $this->groupManager->getUserGroupIds($currentUser);
-
-		// ShareWithGroupOnly filtering
-		$currentUserGroups = array_diff($currentUserGroups, $this->shareWithGroupOnlyExcludeGroupsList);
-
-		if ($this->shareWithGroupOnly || $this->shareeEnumerationInGroupOnly) {
-			// Search in all the groups this user is part of
-			foreach ($currentUserGroups as $userGroupId) {
-				$usersInGroup = $this->groupManager->displayNamesInGroup($userGroupId, $search, $limit, $offset);
-				foreach ($usersInGroup as $userId => $displayName) {
-					$userId = (string)$userId;
-					$user = $this->userManager->get($userId);
-					if (!$user?->isEnabled()) {
-						// Ignore disabled users
-						continue;
-					}
-					$users[$userId] = $user;
-				}
-				if (count($usersInGroup) >= $limit) {
-					$hasMoreResults = true;
-				}
-			}
-		}
-
-		// not limited to group only sharing
-		if (!$this->shareWithGroupOnly) {
-			if (!$this->shareeEnumerationPhone && !$this->shareeEnumerationInGroupOnly) {
-				// no restrictions, add everything
-				$usersTmp = $this->userManager->searchDisplayName($search, $limit, $offset);
-				foreach ($usersTmp as $user) {
-					if ($user->isEnabled()) { // Don't keep deactivated users
-						$users[$user->getUID()] = $user;
-					}
-				}
-			} else {
-				// make sure to add phonebook matches if configured
-				if ($this->shareeEnumerationPhone) {
-					$usersTmp = $this->userManager->searchKnownUsersByDisplayName($currentUserId, $search, $limit, $offset);
-					foreach ($usersTmp as $user) {
-						if ($user->isEnabled()) { // Don't keep deactivated users
-							$users[$user->getUID()] = $user;
-						}
-					}
-				}
-
-				// additionally we need to add full matches
-				if ($this->shareeEnumerationFullMatch) {
-					$usersTmp = $this->userManager->searchDisplayName($search, $limit, $offset);
-					foreach ($usersTmp as $user) {
-						if ($user->isEnabled() && mb_strtolower($user->getDisplayName()) === mb_strtolower($search)) {
-							$users[$user->getUID()] = $user;
-						}
-					}
-				}
-			}
-
-			uasort($users, function (IUser $a, IUser $b) {
-				return strcasecmp($a->getDisplayName(), $b->getDisplayName());
-			});
-		}
-
-		$this->takeOutCurrentUser($users);
-
-		if (!$this->shareeEnumeration || count($users) < $limit) {
-			$hasMoreResults = true;
-		}
-
-		$foundUserById = false;
-		$lowerSearch = strtolower($search);
-		$userStatuses = $this->userStatusManager->getUserStatuses(array_keys($users));
-		foreach ($users as $uid => $user) {
-			$userDisplayName = $user->getDisplayName();
-			$userEmail = $user->getSystemEMailAddress();
-			$uid = (string)$uid;
-
-			$status = [];
-			if (array_key_exists($uid, $userStatuses)) {
-				$userStatus = $userStatuses[$uid];
-				$status = [
-					'status' => $userStatus->getStatus(),
-					'message' => $userStatus->getMessage(),
-					'icon' => $userStatus->getIcon(),
-					'clearAt' => $userStatus->getClearAt()
-						? (int)$userStatus->getClearAt()->format('U')
-						: null,
-				];
-			}
-
-
-			if (
-				$this->shareeEnumerationFullMatch
-				&& $lowerSearch !== ''
-				&& (
-					strtolower($uid) === $lowerSearch
-					|| strtolower($userDisplayName) === $lowerSearch
-					|| ($this->shareeEnumerationFullMatchIgnoreSecondDisplayName && trim(strtolower(preg_replace('/ \(.*\)$/', '', $userDisplayName))) === $lowerSearch)
-					|| ($this->shareeEnumerationFullMatchEmail && strtolower($userEmail ?? '') === $lowerSearch)
-				)
-			) {
-				if (strtolower($uid) === $lowerSearch) {
-					$foundUserById = true;
-				}
-				$result['exact'][] = [
-					'label' => $userDisplayName,
-					'subline' => $status['message'] ?? '',
-					'icon' => 'icon-user',
-					'value' => [
-						'shareType' => IShare::TYPE_USER,
-						'shareWith' => $uid,
-					],
-					'shareWithDisplayNameUnique' => !empty($userEmail) ? $userEmail : $uid,
-					'status' => $status,
-				];
-			} else {
-				$addToWideResults = false;
-				if ($this->shareeEnumeration
-					&& !($this->shareeEnumerationInGroupOnly || $this->shareeEnumerationPhone)) {
-					$addToWideResults = true;
-				}
-
-				if ($this->shareeEnumerationPhone && $this->knownUserService->isKnownToUser($currentUserId, $user->getUID())) {
-					$addToWideResults = true;
-				}
-
-				if (!$addToWideResults && $this->shareeEnumerationInGroupOnly) {
-					$commonGroups = array_intersect($currentUserGroups, $this->groupManager->getUserGroupIds($user));
-					if (!empty($commonGroups)) {
-						$addToWideResults = true;
-					}
-				}
-
-				if ($addToWideResults) {
-					$result['wide'][] = [
-						'label' => $userDisplayName,
-						'subline' => $status['message'] ?? '',
-						'icon' => 'icon-user',
-						'value' => [
-							'shareType' => IShare::TYPE_USER,
-							'shareWith' => $uid,
-						],
-						'shareWithDisplayNameUnique' => !empty($userEmail) ? $userEmail : $uid,
-						'status' => $status,
-					];
-				}
-			}
-		}
-
-		if ($this->shareeEnumerationFullMatch && $this->shareeEnumerationFullMatchUserId && $offset === 0 && !$foundUserById) {
-			// On page one we try if the search result has a direct hit on the
-			// user id and if so, we add that to the exact match list
-			$user = $this->userManager->get($search);
-			if ($user instanceof IUser) {
-				$addUser = true;
-
-				if ($this->shareWithGroupOnly) {
-					// Only add, if we have a common group
-					$commonGroups = array_intersect($currentUserGroups, $this->groupManager->getUserGroupIds($user));
-					$addUser = !empty($commonGroups);
-				}
-
-				if ($addUser) {
-					$status = [];
-					$uid = $user->getUID();
-					$userEmail = $user->getSystemEMailAddress();
-					if (array_key_exists($user->getUID(), $userStatuses)) {
-						$userStatus = $userStatuses[$user->getUID()];
-						$status = [
-							'status' => $userStatus->getStatus(),
-							'message' => $userStatus->getMessage(),
-							'icon' => $userStatus->getIcon(),
-							'clearAt' => $userStatus->getClearAt()
-								? (int)$userStatus->getClearAt()->format('U')
-								: null,
-						];
-					}
-
-					$result['exact'][] = [
-						'label' => $user->getDisplayName(),
-						'icon' => 'icon-user',
-						'subline' => $status['message'] ?? '',
-						'value' => [
-							'shareType' => IShare::TYPE_USER,
-							'shareWith' => $user->getUID(),
-						],
-						'shareWithDisplayNameUnique' => $userEmail !== null && $userEmail !== '' ? $userEmail : $uid,
-						'status' => $status,
-					];
-				}
-			}
-		}
-
-		$type = new SearchResultType('users');
-		$searchResult->addResultSet($type, $result['wide'], $result['exact']);
-		if (count($result['exact'])) {
-			$searchResult->markExactIdMatch($type);
-		}
-
-		return $hasMoreResults;
-	}
-
-	public function takeOutCurrentUser(array &$users): void {
-		$currentUser = $this->userSession->getUser();
-		if (!is_null($currentUser)) {
-			if (isset($users[$currentUser->getUID()])) {
-				unset($users[$currentUser->getUID()]);
-			}
-		}
-	}
+    protected bool $shareWithGroupOnly;
+
+    protected bool $shareeEnumeration;
+
+    protected bool $shareeEnumerationInGroupOnly;
+
+    protected bool $shareeEnumerationPhone;
+
+    protected bool $shareeEnumerationFullMatch;
+
+    protected bool $shareeEnumerationFullMatchUserId;
+
+    protected bool $shareeEnumerationFullMatchEmail;
+
+    protected bool $shareeEnumerationFullMatchIgnoreSecondDisplayName;
+
+    public function __construct(
+        private IConfig $config,
+        private IUserManager $userManager,
+        private IGroupManager $groupManager,
+        private IUserSession $userSession,
+        private KnownUserService $knownUserService,
+        private IUserStatusManager $userStatusManager,
+        private mixed $shareWithGroupOnlyExcludeGroupsList = [],
+    ) {
+        $this->shareWithGroupOnly = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members', 'no') === 'yes';
+        $this->shareeEnumeration = $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') === 'yes';
+        $this->shareeEnumerationInGroupOnly = $this->shareeEnumeration && $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no') === 'yes';
+        $this->shareeEnumerationPhone = $this->shareeEnumeration && $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_phone', 'no') === 'yes';
+        $this->shareeEnumerationFullMatch = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match', 'yes') === 'yes';
+        $this->shareeEnumerationFullMatchUserId = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_user_id', 'yes') === 'yes';
+        $this->shareeEnumerationFullMatchEmail = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_email', 'yes') === 'yes';
+        $this->shareeEnumerationFullMatchIgnoreSecondDisplayName = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_dn', 'no') === 'yes';
+
+        if ($this->shareWithGroupOnly) {
+            $this->shareWithGroupOnlyExcludeGroupsList = json_decode($this->config->getAppValue('core', 'shareapi_only_share_with_group_members_exclude_group_list', ''), true) ?? [];
+        }
+    }
+
+    public function search($search, $limit, $offset, ISearchResult $searchResult): bool {
+        $result = ['wide' => [], 'exact' => []];
+        $users = [];
+        $hasMoreResults = false;
+
+        /** @var IUser */
+        $currentUser = $this->userSession->getUser();
+        $currentUserId = $currentUser->getUID();
+        $currentUserGroups = $this->groupManager->getUserGroupIds($currentUser);
+
+        // ShareWithGroupOnly filtering
+        $currentUserGroups = array_diff($currentUserGroups, $this->shareWithGroupOnlyExcludeGroupsList);
+
+        if ($this->shareWithGroupOnly || $this->shareeEnumerationInGroupOnly) {
+            // Search in all the groups this user is part of
+            foreach ($currentUserGroups as $userGroupId) {
+                $usersInGroup = $this->groupManager->displayNamesInGroup($userGroupId, $search, $limit, $offset);
+                foreach ($usersInGroup as $userId => $displayName) {
+                    $userId = (string)$userId;
+                    $user = $this->userManager->get($userId);
+                    if (!$user?->isEnabled()) {
+                        // Ignore disabled users
+                        continue;
+                    }
+                    $users[$userId] = $user;
+                }
+                if (count($usersInGroup) >= $limit) {
+                    $hasMoreResults = true;
+                }
+            }
+        }
+
+        // not limited to group only sharing
+        if (!$this->shareWithGroupOnly) {
+            if (!$this->shareeEnumerationPhone && !$this->shareeEnumerationInGroupOnly) {
+                // no restrictions, add everything
+                $usersTmp = $this->userManager->searchDisplayName($search, $limit, $offset);
+                foreach ($usersTmp as $user) {
+                    if ($user->isEnabled()) { // Don't keep deactivated users
+                        $users[$user->getUID()] = $user;
+                    }
+                }
+            } else {
+                // make sure to add phonebook matches if configured
+                if ($this->shareeEnumerationPhone) {
+                    $usersTmp = $this->userManager->searchKnownUsersByDisplayName($currentUserId, $search, $limit, $offset);
+                    foreach ($usersTmp as $user) {
+                        if ($user->isEnabled()) { // Don't keep deactivated users
+                            $users[$user->getUID()] = $user;
+                        }
+                    }
+                }
+
+                // additionally we need to add full matches
+                if ($this->shareeEnumerationFullMatch) {
+                    $usersTmp = $this->userManager->searchDisplayName($search, $limit, $offset);
+                    foreach ($usersTmp as $user) {
+                        if ($user->isEnabled() && mb_strtolower($user->getDisplayName()) === mb_strtolower($search)) {
+                            $users[$user->getUID()] = $user;
+                        }
+                    }
+                }
+            }
+
+            uasort($users, function (IUser $a, IUser $b) {
+                return strcasecmp($a->getDisplayName(), $b->getDisplayName());
+            });
+        }
+
+        $this->takeOutCurrentUser($users);
+
+        if (!$this->shareeEnumeration || count($users) < $limit) {
+            $hasMoreResults = true;
+        }
+
+        $foundUserById = false;
+        $lowerSearch = strtolower($search);
+        $userStatuses = $this->userStatusManager->getUserStatuses(array_keys($users));
+        foreach ($users as $uid => $user) {
+            $userDisplayName = $user->getDisplayName();
+            $userEmail = $user->getSystemEMailAddress();
+            $uid = (string)$uid;
+
+            $status = [];
+            if (array_key_exists($uid, $userStatuses)) {
+                $userStatus = $userStatuses[$uid];
+                $status = [
+                    'status' => $userStatus->getStatus(),
+                    'message' => $userStatus->getMessage(),
+                    'icon' => $userStatus->getIcon(),
+                    'clearAt' => $userStatus->getClearAt()
+                        ? (int)$userStatus->getClearAt()->format('U')
+                        : null,
+                ];
+            }
+
+
+            if (
+                $this->shareeEnumerationFullMatch
+                && $lowerSearch !== ''
+                && (
+                    strtolower($uid) === $lowerSearch
+                    || strtolower($userDisplayName) === $lowerSearch
+                    || ($this->shareeEnumerationFullMatchIgnoreSecondDisplayName && trim(strtolower(preg_replace('/ \(.*\)$/', '', $userDisplayName))) === $lowerSearch)
+                    || ($this->shareeEnumerationFullMatchEmail && strtolower($userEmail ?? '') === $lowerSearch)
+                )
+            ) {
+                if (strtolower($uid) === $lowerSearch) {
+                    $foundUserById = true;
+                }
+                $result['exact'][] = [
+                    'label' => $userDisplayName,
+                    'subline' => $status['message'] ?? '',
+                    'icon' => 'icon-user',
+                    'value' => [
+                        'shareType' => IShare::TYPE_USER,
+                        'shareWith' => $uid,
+                    ],
+                    'shareWithDisplayNameUnique' => !empty($userEmail) ? $userEmail : $uid,
+                    'status' => $status,
+                ];
+            } else {
+                $addToWideResults = false;
+                if ($this->shareeEnumeration
+                    && !($this->shareeEnumerationInGroupOnly || $this->shareeEnumerationPhone)) {
+                    $addToWideResults = true;
+                }
+
+                if ($this->shareeEnumerationPhone && $this->knownUserService->isKnownToUser($currentUserId, $user->getUID())) {
+                    $addToWideResults = true;
+                }
+
+                if (!$addToWideResults && $this->shareeEnumerationInGroupOnly) {
+                    $commonGroups = array_intersect($currentUserGroups, $this->groupManager->getUserGroupIds($user));
+                    if (!empty($commonGroups)) {
+                        $addToWideResults = true;
+                    }
+                }
+
+                if ($addToWideResults) {
+                    $result['wide'][] = [
+                        'label' => $userDisplayName,
+                        'subline' => $status['message'] ?? '',
+                        'icon' => 'icon-user',
+                        'value' => [
+                            'shareType' => IShare::TYPE_USER,
+                            'shareWith' => $uid,
+                        ],
+                        'shareWithDisplayNameUnique' => !empty($userEmail) ? $userEmail : $uid,
+                        'status' => $status,
+                    ];
+                }
+            }
+        }
+
+        if ($this->shareeEnumerationFullMatch && $this->shareeEnumerationFullMatchUserId && $offset === 0 && !$foundUserById) {
+            // On page one we try if the search result has a direct hit on the
+            // user id and if so, we add that to the exact match list
+            $user = $this->userManager->get($search);
+            if ($user instanceof IUser) {
+                $addUser = true;
+
+                if ($this->shareWithGroupOnly) {
+                    // Only add, if we have a common group
+                    $commonGroups = array_intersect($currentUserGroups, $this->groupManager->getUserGroupIds($user));
+                    $addUser = !empty($commonGroups);
+                }
+
+                if ($addUser) {
+                    $status = [];
+                    $uid = $user->getUID();
+                    $userEmail = $user->getSystemEMailAddress();
+                    if (array_key_exists($user->getUID(), $userStatuses)) {
+                        $userStatus = $userStatuses[$user->getUID()];
+                        $status = [
+                            'status' => $userStatus->getStatus(),
+                            'message' => $userStatus->getMessage(),
+                            'icon' => $userStatus->getIcon(),
+                            'clearAt' => $userStatus->getClearAt()
+                                ? (int)$userStatus->getClearAt()->format('U')
+                                : null,
+                        ];
+                    }
+
+                    $result['exact'][] = [
+                        'label' => $user->getDisplayName(),
+                        'icon' => 'icon-user',
+                        'subline' => $status['message'] ?? '',
+                        'value' => [
+                            'shareType' => IShare::TYPE_USER,
+                            'shareWith' => $user->getUID(),
+                        ],
+                        'shareWithDisplayNameUnique' => $userEmail !== null && $userEmail !== '' ? $userEmail : $uid,
+                        'status' => $status,
+                    ];
+                }
+            }
+        }
+
+        $type = new SearchResultType('users');
+        $searchResult->addResultSet($type, $result['wide'], $result['exact']);
+        if (count($result['exact'])) {
+            $searchResult->markExactIdMatch($type);
+        }
+
+        return $hasMoreResults;
+    }
+
+    public function takeOutCurrentUser(array &$users): void {
+        $currentUser = $this->userSession->getUser();
+        if (!is_null($currentUser)) {
+            if (isset($users[$currentUser->getUID()])) {
+                unset($users[$currentUser->getUID()]);
+            }
+        }
+    }
 }

lib/private/Share20/Manager.php

Indentation +1970 added lines, -1970 removed lines

@@ -63,1991 +63,1991 @@
  */
 class Manager implements IManager {
 
-	private ?IL10N $l;
-	private LegacyHooks $legacyHooks;
-
-	public function __construct(
-		private LoggerInterface $logger,
-		private IConfig $config,
-		private ISecureRandom $secureRandom,
-		private IHasher $hasher,
-		private IMountManager $mountManager,
-		private IGroupManager $groupManager,
-		private IFactory $l10nFactory,
-		private IProviderFactory $factory,
-		private IUserManager $userManager,
-		private IRootFolder $rootFolder,
-		private IMailer $mailer,
-		private IURLGenerator $urlGenerator,
-		private \OC_Defaults $defaults,
-		private IEventDispatcher $dispatcher,
-		private IUserSession $userSession,
-		private KnownUserService $knownUserService,
-		private ShareDisableChecker $shareDisableChecker,
-		private IDateTimeZone $dateTimeZone,
-		private IAppConfig $appConfig,
-	) {
-		$this->l = $this->l10nFactory->get('lib');
-		// The constructor of LegacyHooks registers the listeners of share events
-		// do not remove if those are not properly migrated
-		$this->legacyHooks = new LegacyHooks($this->dispatcher);
-	}
-
-	/**
-	 * Convert from a full share id to a tuple (providerId, shareId)
-	 *
-	 * @param string $id
-	 * @return string[]
-	 */
-	private function splitFullId($id) {
-		return explode(':', $id, 2);
-	}
-
-	/**
-	 * Verify if a password meets all requirements
-	 *
-	 * @param string $password
-	 * @throws HintException
-	 */
-	protected function verifyPassword($password) {
-		if ($password === null) {
-			// No password is set, check if this is allowed.
-			if ($this->shareApiLinkEnforcePassword()) {
-				throw new \InvalidArgumentException($this->l->t('Passwords are enforced for link and mail shares'));
-			}
-
-			return;
-		}
-
-		// Let others verify the password
-		try {
-			$event = new ValidatePasswordPolicyEvent($password, PasswordContext::SHARING);
-			$this->dispatcher->dispatchTyped($event);
-		} catch (HintException $e) {
-			/* Wrap in a 400 bad request error */
-			throw new HintException($e->getMessage(), $e->getHint(), 400, $e);
-		}
-	}
-
-	/**
-	 * Check for generic requirements before creating a share
-	 *
-	 * @param IShare $share
-	 * @throws \InvalidArgumentException
-	 * @throws GenericShareException
-	 *
-	 * @suppress PhanUndeclaredClassMethod
-	 */
-	protected function generalCreateChecks(IShare $share, bool $isUpdate = false) {
-		if ($share->getShareType() === IShare::TYPE_USER) {
-			// We expect a valid user as sharedWith for user shares
-			if (!$this->userManager->userExists($share->getSharedWith())) {
-				throw new \InvalidArgumentException($this->l->t('Share recipient is not a valid user'));
-			}
-		} elseif ($share->getShareType() === IShare::TYPE_GROUP) {
-			// We expect a valid group as sharedWith for group shares
-			if (!$this->groupManager->groupExists($share->getSharedWith())) {
-				throw new \InvalidArgumentException($this->l->t('Share recipient is not a valid group'));
-			}
-		} elseif ($share->getShareType() === IShare::TYPE_LINK) {
-			// No check for TYPE_EMAIL here as we have a recipient for them
-			if ($share->getSharedWith() !== null) {
-				throw new \InvalidArgumentException($this->l->t('Share recipient should be empty'));
-			}
-		} elseif ($share->getShareType() === IShare::TYPE_EMAIL) {
-			if ($share->getSharedWith() === null) {
-				throw new \InvalidArgumentException($this->l->t('Share recipient should not be empty'));
-			}
-		} elseif ($share->getShareType() === IShare::TYPE_REMOTE) {
-			if ($share->getSharedWith() === null) {
-				throw new \InvalidArgumentException($this->l->t('Share recipient should not be empty'));
-			}
-		} elseif ($share->getShareType() === IShare::TYPE_REMOTE_GROUP) {
-			if ($share->getSharedWith() === null) {
-				throw new \InvalidArgumentException($this->l->t('Share recipient should not be empty'));
-			}
-		} elseif ($share->getShareType() === IShare::TYPE_CIRCLE) {
-			$circle = \OCA\Circles\Api\v1\Circles::detailsCircle($share->getSharedWith());
-			if ($circle === null) {
-				throw new \InvalidArgumentException($this->l->t('Share recipient is not a valid circle'));
-			}
-		} elseif ($share->getShareType() === IShare::TYPE_ROOM) {
-		} elseif ($share->getShareType() === IShare::TYPE_DECK) {
-		} elseif ($share->getShareType() === IShare::TYPE_SCIENCEMESH) {
-		} else {
-			// We cannot handle other types yet
-			throw new \InvalidArgumentException($this->l->t('Unknown share type'));
-		}
-
-		// Verify the initiator of the share is set
-		if ($share->getSharedBy() === null) {
-			throw new \InvalidArgumentException($this->l->t('Share initiator must be set'));
-		}
-
-		// Cannot share with yourself
-		if ($share->getShareType() === IShare::TYPE_USER
-			&& $share->getSharedWith() === $share->getSharedBy()) {
-			throw new \InvalidArgumentException($this->l->t('Cannot share with yourself'));
-		}
-
-		// The path should be set
-		if ($share->getNode() === null) {
-			throw new \InvalidArgumentException($this->l->t('Shared path must be set'));
-		}
-
-		// And it should be a file or a folder
-		if (!($share->getNode() instanceof \OCP\Files\File)
-			&& !($share->getNode() instanceof \OCP\Files\Folder)) {
-			throw new \InvalidArgumentException($this->l->t('Shared path must be either a file or a folder'));
-		}
-
-		// And you cannot share your rootfolder
-		if ($this->userManager->userExists($share->getSharedBy())) {
-			$userFolder = $this->rootFolder->getUserFolder($share->getSharedBy());
-		} else {
-			$userFolder = $this->rootFolder->getUserFolder($share->getShareOwner());
-		}
-		if ($userFolder->getId() === $share->getNode()->getId()) {
-			throw new \InvalidArgumentException($this->l->t('You cannot share your root folder'));
-		}
-
-		// Check if we actually have share permissions
-		if (!$share->getNode()->isShareable()) {
-			throw new GenericShareException($this->l->t('You are not allowed to share %s', [$share->getNode()->getName()]), code: 404);
-		}
-
-		// Permissions should be set
-		if ($share->getPermissions() === null) {
-			throw new \InvalidArgumentException($this->l->t('Valid permissions are required for sharing'));
-		}
-
-		// Permissions must be valid
-		if ($share->getPermissions() < 0 || $share->getPermissions() > \OCP\Constants::PERMISSION_ALL) {
-			throw new \InvalidArgumentException($this->l->t('Valid permissions are required for sharing'));
-		}
-
-		// Single file shares should never have delete or create permissions
-		if (($share->getNode() instanceof File)
-			&& (($share->getPermissions() & (\OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_DELETE)) !== 0)) {
-			throw new \InvalidArgumentException($this->l->t('File shares cannot have create or delete permissions'));
-		}
-
-		$permissions = 0;
-		$nodesForUser = $userFolder->getById($share->getNodeId());
-		foreach ($nodesForUser as $node) {
-			if ($node->getInternalPath() === '' && !$node->getMountPoint() instanceof MoveableMount) {
-				// for the root of non-movable mount, the permissions we see if limited by the mount itself,
-				// so we instead use the "raw" permissions from the storage
-				$permissions |= $node->getStorage()->getPermissions('');
-			} else {
-				$permissions |= $node->getPermissions();
-			}
-		}
-
-		// Check that we do not share with more permissions than we have
-		if ($share->getPermissions() & ~$permissions) {
-			$path = $userFolder->getRelativePath($share->getNode()->getPath());
-			throw new GenericShareException($this->l->t('Cannot increase permissions of %s', [$path]), code: 404);
-		}
-
-		// Check that read permissions are always set
-		// Link shares are allowed to have no read permissions to allow upload to hidden folders
-		$noReadPermissionRequired = $share->getShareType() === IShare::TYPE_LINK
-			|| $share->getShareType() === IShare::TYPE_EMAIL;
-		if (!$noReadPermissionRequired
-			&& ($share->getPermissions() & \OCP\Constants::PERMISSION_READ) === 0) {
-			throw new \InvalidArgumentException($this->l->t('Shares need at least read permissions'));
-		}
-
-		if ($share->getNode() instanceof \OCP\Files\File) {
-			if ($share->getPermissions() & \OCP\Constants::PERMISSION_DELETE) {
-				throw new GenericShareException($this->l->t('Files cannot be shared with delete permissions'));
-			}
-			if ($share->getPermissions() & \OCP\Constants::PERMISSION_CREATE) {
-				throw new GenericShareException($this->l->t('Files cannot be shared with create permissions'));
-			}
-		}
-	}
-
-	/**
-	 * Validate if the expiration date fits the system settings
-	 *
-	 * @param IShare $share The share to validate the expiration date of
-	 * @return IShare The modified share object
-	 * @throws GenericShareException
-	 * @throws \InvalidArgumentException
-	 * @throws \Exception
-	 */
-	protected function validateExpirationDateInternal(IShare $share) {
-		$isRemote = $share->getShareType() === IShare::TYPE_REMOTE || $share->getShareType() === IShare::TYPE_REMOTE_GROUP;
-
-		$expirationDate = $share->getExpirationDate();
-
-		if ($isRemote) {
-			$defaultExpireDate = $this->shareApiRemoteDefaultExpireDate();
-			$defaultExpireDays = $this->shareApiRemoteDefaultExpireDays();
-			$configProp = 'remote_defaultExpDays';
-			$isEnforced = $this->shareApiRemoteDefaultExpireDateEnforced();
-		} else {
-			$defaultExpireDate = $this->shareApiInternalDefaultExpireDate();
-			$defaultExpireDays = $this->shareApiInternalDefaultExpireDays();
-			$configProp = 'internal_defaultExpDays';
-			$isEnforced = $this->shareApiInternalDefaultExpireDateEnforced();
-		}
-
-		// If $expirationDate is falsy, noExpirationDate is true and expiration not enforced
-		// Then skip expiration date validation as null is accepted
-		if (!$share->getNoExpirationDate() || $isEnforced) {
-			if ($expirationDate !== null) {
-				$expirationDate->setTimezone($this->dateTimeZone->getTimeZone());
-				$expirationDate->setTime(0, 0, 0);
-
-				$date = new \DateTime('now', $this->dateTimeZone->getTimeZone());
-				$date->setTime(0, 0, 0);
-				if ($date >= $expirationDate) {
-					throw new GenericShareException($this->l->t('Expiration date is in the past'), code: 404);
-				}
-			}
-
-			// If expiredate is empty set a default one if there is a default
-			$fullId = null;
-			try {
-				$fullId = $share->getFullId();
-			} catch (\UnexpectedValueException $e) {
-				// This is a new share
-			}
-
-			if ($fullId === null && $expirationDate === null && $defaultExpireDate) {
-				$expirationDate = new \DateTime('now', $this->dateTimeZone->getTimeZone());
-				$expirationDate->setTime(0, 0, 0);
-				$days = (int)$this->config->getAppValue('core', $configProp, (string)$defaultExpireDays);
-				if ($days > $defaultExpireDays) {
-					$days = $defaultExpireDays;
-				}
-				$expirationDate->add(new \DateInterval('P' . $days . 'D'));
-			}
-
-			// If we enforce the expiration date check that is does not exceed
-			if ($isEnforced) {
-				if (empty($expirationDate)) {
-					throw new \InvalidArgumentException($this->l->t('Expiration date is enforced'));
-				}
-
-				$date = new \DateTime('now', $this->dateTimeZone->getTimeZone());
-				$date->setTime(0, 0, 0);
-				$date->add(new \DateInterval('P' . $defaultExpireDays . 'D'));
-				if ($date < $expirationDate) {
-					throw new GenericShareException($this->l->n('Cannot set expiration date more than %n day in the future', 'Cannot set expiration date more than %n days in the future', $defaultExpireDays), code: 404);
-				}
-			}
-		}
-
-		$accepted = true;
-		$message = '';
-		\OCP\Util::emitHook('\OC\Share', 'verifyExpirationDate', [
-			'expirationDate' => &$expirationDate,
-			'accepted' => &$accepted,
-			'message' => &$message,
-			'passwordSet' => $share->getPassword() !== null,
-		]);
-
-		if (!$accepted) {
-			throw new \Exception($message);
-		}
-
-		$share->setExpirationDate($expirationDate);
-
-		return $share;
-	}
-
-	/**
-	 * Validate if the expiration date fits the system settings
-	 *
-	 * @param IShare $share The share to validate the expiration date of
-	 * @return IShare The modified share object
-	 * @throws GenericShareException
-	 * @throws \InvalidArgumentException
-	 * @throws \Exception
-	 */
-	protected function validateExpirationDateLink(IShare $share) {
-		$expirationDate = $share->getExpirationDate();
-		$isEnforced = $this->shareApiLinkDefaultExpireDateEnforced();
-
-		// If $expirationDate is falsy, noExpirationDate is true and expiration not enforced
-		// Then skip expiration date validation as null is accepted
-		if (!($share->getNoExpirationDate() && !$isEnforced)) {
-			if ($expirationDate !== null) {
-				$expirationDate->setTimezone($this->dateTimeZone->getTimeZone());
-				$expirationDate->setTime(0, 0, 0);
-
-				$date = new \DateTime('now', $this->dateTimeZone->getTimeZone());
-				$date->setTime(0, 0, 0);
-				if ($date >= $expirationDate) {
-					throw new GenericShareException($this->l->t('Expiration date is in the past'), code: 404);
-				}
-			}
-
-			// If expiredate is empty set a default one if there is a default
-			$fullId = null;
-			try {
-				$fullId = $share->getFullId();
-			} catch (\UnexpectedValueException $e) {
-				// This is a new share
-			}
-
-			if ($fullId === null && $expirationDate === null && $this->shareApiLinkDefaultExpireDate()) {
-				$expirationDate = new \DateTime('now', $this->dateTimeZone->getTimeZone());
-				$expirationDate->setTime(0, 0, 0);
-
-				$days = (int)$this->config->getAppValue('core', 'link_defaultExpDays', (string)$this->shareApiLinkDefaultExpireDays());
-				if ($days > $this->shareApiLinkDefaultExpireDays()) {
-					$days = $this->shareApiLinkDefaultExpireDays();
-				}
-				$expirationDate->add(new \DateInterval('P' . $days . 'D'));
-			}
-
-			// If we enforce the expiration date check that is does not exceed
-			if ($isEnforced) {
-				if (empty($expirationDate)) {
-					throw new \InvalidArgumentException($this->l->t('Expiration date is enforced'));
-				}
-
-				$date = new \DateTime('now', $this->dateTimeZone->getTimeZone());
-				$date->setTime(0, 0, 0);
-				$date->add(new \DateInterval('P' . $this->shareApiLinkDefaultExpireDays() . 'D'));
-				if ($date < $expirationDate) {
-					throw new GenericShareException(
-						$this->l->n('Cannot set expiration date more than %n day in the future', 'Cannot set expiration date more than %n days in the future', $this->shareApiLinkDefaultExpireDays()),
-						code: 404,
-					);
-				}
-			}
-
-		}
-
-		$accepted = true;
-		$message = '';
-		\OCP\Util::emitHook('\OC\Share', 'verifyExpirationDate', [
-			'expirationDate' => &$expirationDate,
-			'accepted' => &$accepted,
-			'message' => &$message,
-			'passwordSet' => $share->getPassword() !== null,
-		]);
-
-		if (!$accepted) {
-			throw new \Exception($message);
-		}
-
-		$share->setExpirationDate($expirationDate);
-
-		return $share;
-	}
-
-	/**
-	 * Check for pre share requirements for user shares
-	 *
-	 * @param IShare $share
-	 * @throws \Exception
-	 */
-	protected function userCreateChecks(IShare $share) {
-		// Check if we can share with group members only
-		if ($this->shareWithGroupMembersOnly()) {
-			$sharedBy = $this->userManager->get($share->getSharedBy());
-			$sharedWith = $this->userManager->get($share->getSharedWith());
-			// Verify we can share with this user
-			$groups = array_intersect(
-				$this->groupManager->getUserGroupIds($sharedBy),
-				$this->groupManager->getUserGroupIds($sharedWith)
-			);
-
-			// optional excluded groups
-			$excludedGroups = $this->shareWithGroupMembersOnlyExcludeGroupsList();
-			$groups = array_diff($groups, $excludedGroups);
-
-			if (empty($groups)) {
-				throw new \Exception($this->l->t('Sharing is only allowed with group members'));
-			}
-		}
-
-		/*
+    private ?IL10N $l;
+    private LegacyHooks $legacyHooks;
+
+    public function __construct(
+        private LoggerInterface $logger,
+        private IConfig $config,
+        private ISecureRandom $secureRandom,
+        private IHasher $hasher,
+        private IMountManager $mountManager,
+        private IGroupManager $groupManager,
+        private IFactory $l10nFactory,
+        private IProviderFactory $factory,
+        private IUserManager $userManager,
+        private IRootFolder $rootFolder,
+        private IMailer $mailer,
+        private IURLGenerator $urlGenerator,
+        private \OC_Defaults $defaults,
+        private IEventDispatcher $dispatcher,
+        private IUserSession $userSession,
+        private KnownUserService $knownUserService,
+        private ShareDisableChecker $shareDisableChecker,
+        private IDateTimeZone $dateTimeZone,
+        private IAppConfig $appConfig,
+    ) {
+        $this->l = $this->l10nFactory->get('lib');
+        // The constructor of LegacyHooks registers the listeners of share events
+        // do not remove if those are not properly migrated
+        $this->legacyHooks = new LegacyHooks($this->dispatcher);
+    }
+
+    /**
+     * Convert from a full share id to a tuple (providerId, shareId)
+     *
+     * @param string $id
+     * @return string[]
+     */
+    private function splitFullId($id) {
+        return explode(':', $id, 2);
+    }
+
+    /**
+     * Verify if a password meets all requirements
+     *
+     * @param string $password
+     * @throws HintException
+     */
+    protected function verifyPassword($password) {
+        if ($password === null) {
+            // No password is set, check if this is allowed.
+            if ($this->shareApiLinkEnforcePassword()) {
+                throw new \InvalidArgumentException($this->l->t('Passwords are enforced for link and mail shares'));
+            }
+
+            return;
+        }
+
+        // Let others verify the password
+        try {
+            $event = new ValidatePasswordPolicyEvent($password, PasswordContext::SHARING);
+            $this->dispatcher->dispatchTyped($event);
+        } catch (HintException $e) {
+            /* Wrap in a 400 bad request error */
+            throw new HintException($e->getMessage(), $e->getHint(), 400, $e);
+        }
+    }
+
+    /**
+     * Check for generic requirements before creating a share
+     *
+     * @param IShare $share
+     * @throws \InvalidArgumentException
+     * @throws GenericShareException
+     *
+     * @suppress PhanUndeclaredClassMethod
+     */
+    protected function generalCreateChecks(IShare $share, bool $isUpdate = false) {
+        if ($share->getShareType() === IShare::TYPE_USER) {
+            // We expect a valid user as sharedWith for user shares
+            if (!$this->userManager->userExists($share->getSharedWith())) {
+                throw new \InvalidArgumentException($this->l->t('Share recipient is not a valid user'));
+            }
+        } elseif ($share->getShareType() === IShare::TYPE_GROUP) {
+            // We expect a valid group as sharedWith for group shares
+            if (!$this->groupManager->groupExists($share->getSharedWith())) {
+                throw new \InvalidArgumentException($this->l->t('Share recipient is not a valid group'));
+            }
+        } elseif ($share->getShareType() === IShare::TYPE_LINK) {
+            // No check for TYPE_EMAIL here as we have a recipient for them
+            if ($share->getSharedWith() !== null) {
+                throw new \InvalidArgumentException($this->l->t('Share recipient should be empty'));
+            }
+        } elseif ($share->getShareType() === IShare::TYPE_EMAIL) {
+            if ($share->getSharedWith() === null) {
+                throw new \InvalidArgumentException($this->l->t('Share recipient should not be empty'));
+            }
+        } elseif ($share->getShareType() === IShare::TYPE_REMOTE) {
+            if ($share->getSharedWith() === null) {
+                throw new \InvalidArgumentException($this->l->t('Share recipient should not be empty'));
+            }
+        } elseif ($share->getShareType() === IShare::TYPE_REMOTE_GROUP) {
+            if ($share->getSharedWith() === null) {
+                throw new \InvalidArgumentException($this->l->t('Share recipient should not be empty'));
+            }
+        } elseif ($share->getShareType() === IShare::TYPE_CIRCLE) {
+            $circle = \OCA\Circles\Api\v1\Circles::detailsCircle($share->getSharedWith());
+            if ($circle === null) {
+                throw new \InvalidArgumentException($this->l->t('Share recipient is not a valid circle'));
+            }
+        } elseif ($share->getShareType() === IShare::TYPE_ROOM) {
+        } elseif ($share->getShareType() === IShare::TYPE_DECK) {
+        } elseif ($share->getShareType() === IShare::TYPE_SCIENCEMESH) {
+        } else {
+            // We cannot handle other types yet
+            throw new \InvalidArgumentException($this->l->t('Unknown share type'));
+        }
+
+        // Verify the initiator of the share is set
+        if ($share->getSharedBy() === null) {
+            throw new \InvalidArgumentException($this->l->t('Share initiator must be set'));
+        }
+
+        // Cannot share with yourself
+        if ($share->getShareType() === IShare::TYPE_USER
+            && $share->getSharedWith() === $share->getSharedBy()) {
+            throw new \InvalidArgumentException($this->l->t('Cannot share with yourself'));
+        }
+
+        // The path should be set
+        if ($share->getNode() === null) {
+            throw new \InvalidArgumentException($this->l->t('Shared path must be set'));
+        }
+
+        // And it should be a file or a folder
+        if (!($share->getNode() instanceof \OCP\Files\File)
+            && !($share->getNode() instanceof \OCP\Files\Folder)) {
+            throw new \InvalidArgumentException($this->l->t('Shared path must be either a file or a folder'));
+        }
+
+        // And you cannot share your rootfolder
+        if ($this->userManager->userExists($share->getSharedBy())) {
+            $userFolder = $this->rootFolder->getUserFolder($share->getSharedBy());
+        } else {
+            $userFolder = $this->rootFolder->getUserFolder($share->getShareOwner());
+        }
+        if ($userFolder->getId() === $share->getNode()->getId()) {
+            throw new \InvalidArgumentException($this->l->t('You cannot share your root folder'));
+        }
+
+        // Check if we actually have share permissions
+        if (!$share->getNode()->isShareable()) {
+            throw new GenericShareException($this->l->t('You are not allowed to share %s', [$share->getNode()->getName()]), code: 404);
+        }
+
+        // Permissions should be set
+        if ($share->getPermissions() === null) {
+            throw new \InvalidArgumentException($this->l->t('Valid permissions are required for sharing'));
+        }
+
+        // Permissions must be valid
+        if ($share->getPermissions() < 0 || $share->getPermissions() > \OCP\Constants::PERMISSION_ALL) {
+            throw new \InvalidArgumentException($this->l->t('Valid permissions are required for sharing'));
+        }
+
+        // Single file shares should never have delete or create permissions
+        if (($share->getNode() instanceof File)
+            && (($share->getPermissions() & (\OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_DELETE)) !== 0)) {
+            throw new \InvalidArgumentException($this->l->t('File shares cannot have create or delete permissions'));
+        }
+
+        $permissions = 0;
+        $nodesForUser = $userFolder->getById($share->getNodeId());
+        foreach ($nodesForUser as $node) {
+            if ($node->getInternalPath() === '' && !$node->getMountPoint() instanceof MoveableMount) {
+                // for the root of non-movable mount, the permissions we see if limited by the mount itself,
+                // so we instead use the "raw" permissions from the storage
+                $permissions |= $node->getStorage()->getPermissions('');
+            } else {
+                $permissions |= $node->getPermissions();
+            }
+        }
+
+        // Check that we do not share with more permissions than we have
+        if ($share->getPermissions() & ~$permissions) {
+            $path = $userFolder->getRelativePath($share->getNode()->getPath());
+            throw new GenericShareException($this->l->t('Cannot increase permissions of %s', [$path]), code: 404);
+        }
+
+        // Check that read permissions are always set
+        // Link shares are allowed to have no read permissions to allow upload to hidden folders
+        $noReadPermissionRequired = $share->getShareType() === IShare::TYPE_LINK
+            || $share->getShareType() === IShare::TYPE_EMAIL;
+        if (!$noReadPermissionRequired
+            && ($share->getPermissions() & \OCP\Constants::PERMISSION_READ) === 0) {
+            throw new \InvalidArgumentException($this->l->t('Shares need at least read permissions'));
+        }
+
+        if ($share->getNode() instanceof \OCP\Files\File) {
+            if ($share->getPermissions() & \OCP\Constants::PERMISSION_DELETE) {
+                throw new GenericShareException($this->l->t('Files cannot be shared with delete permissions'));
+            }
+            if ($share->getPermissions() & \OCP\Constants::PERMISSION_CREATE) {
+                throw new GenericShareException($this->l->t('Files cannot be shared with create permissions'));
+            }
+        }
+    }
+
+    /**
+     * Validate if the expiration date fits the system settings
+     *
+     * @param IShare $share The share to validate the expiration date of
+     * @return IShare The modified share object
+     * @throws GenericShareException
+     * @throws \InvalidArgumentException
+     * @throws \Exception
+     */
+    protected function validateExpirationDateInternal(IShare $share) {
+        $isRemote = $share->getShareType() === IShare::TYPE_REMOTE || $share->getShareType() === IShare::TYPE_REMOTE_GROUP;
+
+        $expirationDate = $share->getExpirationDate();
+
+        if ($isRemote) {
+            $defaultExpireDate = $this->shareApiRemoteDefaultExpireDate();
+            $defaultExpireDays = $this->shareApiRemoteDefaultExpireDays();
+            $configProp = 'remote_defaultExpDays';
+            $isEnforced = $this->shareApiRemoteDefaultExpireDateEnforced();
+        } else {
+            $defaultExpireDate = $this->shareApiInternalDefaultExpireDate();
+            $defaultExpireDays = $this->shareApiInternalDefaultExpireDays();
+            $configProp = 'internal_defaultExpDays';
+            $isEnforced = $this->shareApiInternalDefaultExpireDateEnforced();
+        }
+
+        // If $expirationDate is falsy, noExpirationDate is true and expiration not enforced
+        // Then skip expiration date validation as null is accepted
+        if (!$share->getNoExpirationDate() || $isEnforced) {
+            if ($expirationDate !== null) {
+                $expirationDate->setTimezone($this->dateTimeZone->getTimeZone());
+                $expirationDate->setTime(0, 0, 0);
+
+                $date = new \DateTime('now', $this->dateTimeZone->getTimeZone());
+                $date->setTime(0, 0, 0);
+                if ($date >= $expirationDate) {
+                    throw new GenericShareException($this->l->t('Expiration date is in the past'), code: 404);
+                }
+            }
+
+            // If expiredate is empty set a default one if there is a default
+            $fullId = null;
+            try {
+                $fullId = $share->getFullId();
+            } catch (\UnexpectedValueException $e) {
+                // This is a new share
+            }
+
+            if ($fullId === null && $expirationDate === null && $defaultExpireDate) {
+                $expirationDate = new \DateTime('now', $this->dateTimeZone->getTimeZone());
+                $expirationDate->setTime(0, 0, 0);
+                $days = (int)$this->config->getAppValue('core', $configProp, (string)$defaultExpireDays);
+                if ($days > $defaultExpireDays) {
+                    $days = $defaultExpireDays;
+                }
+                $expirationDate->add(new \DateInterval('P' . $days . 'D'));
+            }
+
+            // If we enforce the expiration date check that is does not exceed
+            if ($isEnforced) {
+                if (empty($expirationDate)) {
+                    throw new \InvalidArgumentException($this->l->t('Expiration date is enforced'));
+                }
+
+                $date = new \DateTime('now', $this->dateTimeZone->getTimeZone());
+                $date->setTime(0, 0, 0);
+                $date->add(new \DateInterval('P' . $defaultExpireDays . 'D'));
+                if ($date < $expirationDate) {
+                    throw new GenericShareException($this->l->n('Cannot set expiration date more than %n day in the future', 'Cannot set expiration date more than %n days in the future', $defaultExpireDays), code: 404);
+                }
+            }
+        }
+
+        $accepted = true;
+        $message = '';
+        \OCP\Util::emitHook('\OC\Share', 'verifyExpirationDate', [
+            'expirationDate' => &$expirationDate,
+            'accepted' => &$accepted,
+            'message' => &$message,
+            'passwordSet' => $share->getPassword() !== null,
+        ]);
+
+        if (!$accepted) {
+            throw new \Exception($message);
+        }
+
+        $share->setExpirationDate($expirationDate);
+
+        return $share;
+    }
+
+    /**
+     * Validate if the expiration date fits the system settings
+     *
+     * @param IShare $share The share to validate the expiration date of
+     * @return IShare The modified share object
+     * @throws GenericShareException
+     * @throws \InvalidArgumentException
+     * @throws \Exception
+     */
+    protected function validateExpirationDateLink(IShare $share) {
+        $expirationDate = $share->getExpirationDate();
+        $isEnforced = $this->shareApiLinkDefaultExpireDateEnforced();
+
+        // If $expirationDate is falsy, noExpirationDate is true and expiration not enforced
+        // Then skip expiration date validation as null is accepted
+        if (!($share->getNoExpirationDate() && !$isEnforced)) {
+            if ($expirationDate !== null) {
+                $expirationDate->setTimezone($this->dateTimeZone->getTimeZone());
+                $expirationDate->setTime(0, 0, 0);
+
+                $date = new \DateTime('now', $this->dateTimeZone->getTimeZone());
+                $date->setTime(0, 0, 0);
+                if ($date >= $expirationDate) {
+                    throw new GenericShareException($this->l->t('Expiration date is in the past'), code: 404);
+                }
+            }
+
+            // If expiredate is empty set a default one if there is a default
+            $fullId = null;
+            try {
+                $fullId = $share->getFullId();
+            } catch (\UnexpectedValueException $e) {
+                // This is a new share
+            }
+
+            if ($fullId === null && $expirationDate === null && $this->shareApiLinkDefaultExpireDate()) {
+                $expirationDate = new \DateTime('now', $this->dateTimeZone->getTimeZone());
+                $expirationDate->setTime(0, 0, 0);
+
+                $days = (int)$this->config->getAppValue('core', 'link_defaultExpDays', (string)$this->shareApiLinkDefaultExpireDays());
+                if ($days > $this->shareApiLinkDefaultExpireDays()) {
+                    $days = $this->shareApiLinkDefaultExpireDays();
+                }
+                $expirationDate->add(new \DateInterval('P' . $days . 'D'));
+            }
+
+            // If we enforce the expiration date check that is does not exceed
+            if ($isEnforced) {
+                if (empty($expirationDate)) {
+                    throw new \InvalidArgumentException($this->l->t('Expiration date is enforced'));
+                }
+
+                $date = new \DateTime('now', $this->dateTimeZone->getTimeZone());
+                $date->setTime(0, 0, 0);
+                $date->add(new \DateInterval('P' . $this->shareApiLinkDefaultExpireDays() . 'D'));
+                if ($date < $expirationDate) {
+                    throw new GenericShareException(
+                        $this->l->n('Cannot set expiration date more than %n day in the future', 'Cannot set expiration date more than %n days in the future', $this->shareApiLinkDefaultExpireDays()),
+                        code: 404,
+                    );
+                }
+            }
+
+        }
+
+        $accepted = true;
+        $message = '';
+        \OCP\Util::emitHook('\OC\Share', 'verifyExpirationDate', [
+            'expirationDate' => &$expirationDate,
+            'accepted' => &$accepted,
+            'message' => &$message,
+            'passwordSet' => $share->getPassword() !== null,
+        ]);
+
+        if (!$accepted) {
+            throw new \Exception($message);
+        }
+
+        $share->setExpirationDate($expirationDate);
+
+        return $share;
+    }
+
+    /**
+     * Check for pre share requirements for user shares
+     *
+     * @param IShare $share
+     * @throws \Exception
+     */
+    protected function userCreateChecks(IShare $share) {
+        // Check if we can share with group members only
+        if ($this->shareWithGroupMembersOnly()) {
+            $sharedBy = $this->userManager->get($share->getSharedBy());
+            $sharedWith = $this->userManager->get($share->getSharedWith());
+            // Verify we can share with this user
+            $groups = array_intersect(
+                $this->groupManager->getUserGroupIds($sharedBy),
+                $this->groupManager->getUserGroupIds($sharedWith)
+            );
+
+            // optional excluded groups
+            $excludedGroups = $this->shareWithGroupMembersOnlyExcludeGroupsList();
+            $groups = array_diff($groups, $excludedGroups);
+
+            if (empty($groups)) {
+                throw new \Exception($this->l->t('Sharing is only allowed with group members'));
+            }
+        }
+
+        /*
 		 * TODO: Could be costly, fix
 		 *
 		 * Also this is not what we want in the future.. then we want to squash identical shares.
 		 */
-		$provider = $this->factory->getProviderForType(IShare::TYPE_USER);
-		$existingShares = $provider->getSharesByPath($share->getNode());
-		foreach ($existingShares as $existingShare) {
-			// Ignore if it is the same share
-			try {
-				if ($existingShare->getFullId() === $share->getFullId()) {
-					continue;
-				}
-			} catch (\UnexpectedValueException $e) {
-				//Shares are not identical
-			}
-
-			// Identical share already exists
-			if ($existingShare->getSharedWith() === $share->getSharedWith() && $existingShare->getShareType() === $share->getShareType()) {
-				throw new AlreadySharedException($this->l->t('Sharing %s failed, because this item is already shared with the account %s', [$share->getNode()->getName(), $share->getSharedWithDisplayName()]), $existingShare);
-			}
-
-			// The share is already shared with this user via a group share
-			if ($existingShare->getShareType() === IShare::TYPE_GROUP) {
-				$group = $this->groupManager->get($existingShare->getSharedWith());
-				if (!is_null($group)) {
-					$user = $this->userManager->get($share->getSharedWith());
-
-					if ($group->inGroup($user) && $existingShare->getShareOwner() !== $share->getShareOwner()) {
-						throw new AlreadySharedException($this->l->t('Sharing %s failed, because this item is already shared with the account %s', [$share->getNode()->getName(), $share->getSharedWithDisplayName()]), $existingShare);
-					}
-				}
-			}
-		}
-	}
-
-	/**
-	 * Check for pre share requirements for group shares
-	 *
-	 * @param IShare $share
-	 * @throws \Exception
-	 */
-	protected function groupCreateChecks(IShare $share) {
-		// Verify group shares are allowed
-		if (!$this->allowGroupSharing()) {
-			throw new \Exception($this->l->t('Group sharing is now allowed'));
-		}
-
-		// Verify if the user can share with this group
-		if ($this->shareWithGroupMembersOnly()) {
-			$sharedBy = $this->userManager->get($share->getSharedBy());
-			$sharedWith = $this->groupManager->get($share->getSharedWith());
-
-			// optional excluded groups
-			$excludedGroups = $this->shareWithGroupMembersOnlyExcludeGroupsList();
-			if (is_null($sharedWith) || in_array($share->getSharedWith(), $excludedGroups) || !$sharedWith->inGroup($sharedBy)) {
-				throw new \Exception($this->l->t('Sharing is only allowed within your own groups'));
-			}
-		}
-
-		/*
+        $provider = $this->factory->getProviderForType(IShare::TYPE_USER);
+        $existingShares = $provider->getSharesByPath($share->getNode());
+        foreach ($existingShares as $existingShare) {
+            // Ignore if it is the same share
+            try {
+                if ($existingShare->getFullId() === $share->getFullId()) {
+                    continue;
+                }
+            } catch (\UnexpectedValueException $e) {
+                //Shares are not identical
+            }
+
+            // Identical share already exists
+            if ($existingShare->getSharedWith() === $share->getSharedWith() && $existingShare->getShareType() === $share->getShareType()) {
+                throw new AlreadySharedException($this->l->t('Sharing %s failed, because this item is already shared with the account %s', [$share->getNode()->getName(), $share->getSharedWithDisplayName()]), $existingShare);
+            }
+
+            // The share is already shared with this user via a group share
+            if ($existingShare->getShareType() === IShare::TYPE_GROUP) {
+                $group = $this->groupManager->get($existingShare->getSharedWith());
+                if (!is_null($group)) {
+                    $user = $this->userManager->get($share->getSharedWith());
+
+                    if ($group->inGroup($user) && $existingShare->getShareOwner() !== $share->getShareOwner()) {
+                        throw new AlreadySharedException($this->l->t('Sharing %s failed, because this item is already shared with the account %s', [$share->getNode()->getName(), $share->getSharedWithDisplayName()]), $existingShare);
+                    }
+                }
+            }
+        }
+    }
+
+    /**
+     * Check for pre share requirements for group shares
+     *
+     * @param IShare $share
+     * @throws \Exception
+     */
+    protected function groupCreateChecks(IShare $share) {
+        // Verify group shares are allowed
+        if (!$this->allowGroupSharing()) {
+            throw new \Exception($this->l->t('Group sharing is now allowed'));
+        }
+
+        // Verify if the user can share with this group
+        if ($this->shareWithGroupMembersOnly()) {
+            $sharedBy = $this->userManager->get($share->getSharedBy());
+            $sharedWith = $this->groupManager->get($share->getSharedWith());
+
+            // optional excluded groups
+            $excludedGroups = $this->shareWithGroupMembersOnlyExcludeGroupsList();
+            if (is_null($sharedWith) || in_array($share->getSharedWith(), $excludedGroups) || !$sharedWith->inGroup($sharedBy)) {
+                throw new \Exception($this->l->t('Sharing is only allowed within your own groups'));
+            }
+        }
+
+        /*
 		 * TODO: Could be costly, fix
 		 *
 		 * Also this is not what we want in the future.. then we want to squash identical shares.
 		 */
-		$provider = $this->factory->getProviderForType(IShare::TYPE_GROUP);
-		$existingShares = $provider->getSharesByPath($share->getNode());
-		foreach ($existingShares as $existingShare) {
-			try {
-				if ($existingShare->getFullId() === $share->getFullId()) {
-					continue;
-				}
-			} catch (\UnexpectedValueException $e) {
-				//It is a new share so just continue
-			}
-
-			if ($existingShare->getSharedWith() === $share->getSharedWith() && $existingShare->getShareType() === $share->getShareType()) {
-				throw new AlreadySharedException($this->l->t('Path is already shared with this group'), $existingShare);
-			}
-		}
-	}
-
-	/**
-	 * Check for pre share requirements for link shares
-	 *
-	 * @param IShare $share
-	 * @throws \Exception
-	 */
-	protected function linkCreateChecks(IShare $share) {
-		// Are link shares allowed?
-		if (!$this->shareApiAllowLinks()) {
-			throw new \Exception($this->l->t('Link sharing is not allowed'));
-		}
-
-		// Check if public upload is allowed
-		if ($share->getNodeType() === 'folder' && !$this->shareApiLinkAllowPublicUpload()
-			&& ($share->getPermissions() & (\OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_DELETE))) {
-			throw new \InvalidArgumentException($this->l->t('Public upload is not allowed'));
-		}
-	}
-
-	/**
-	 * To make sure we don't get invisible link shares we set the parent
-	 * of a link if it is a reshare. This is a quick word around
-	 * until we can properly display multiple link shares in the UI
-	 *
-	 * See: https://github.com/owncloud/core/issues/22295
-	 *
-	 * FIXME: Remove once multiple link shares can be properly displayed
-	 *
-	 * @param IShare $share
-	 */
-	protected function setLinkParent(IShare $share) {
-		$storage = $share->getNode()->getStorage();
-		if ($storage->instanceOfStorage(SharedStorage::class)) {
-			/** @var \OCA\Files_Sharing\SharedStorage $storage */
-			$share->setParent((int)$storage->getShareId());
-		}
-	}
-
-	/**
-	 * @param File|Folder $path
-	 */
-	protected function pathCreateChecks($path) {
-		// Make sure that we do not share a path that contains a shared mountpoint
-		if ($path instanceof \OCP\Files\Folder) {
-			$mounts = $this->mountManager->findIn($path->getPath());
-			foreach ($mounts as $mount) {
-				if ($mount->getStorage()->instanceOfStorage('\OCA\Files_Sharing\ISharedStorage')) {
-					// Using a flat sharing model ensures the file owner can always see who has access.
-					// Allowing parent folder sharing would require tracking inherited access, which adds complexity
-					// and hurts performance/scalability.
-					// So we forbid sharing a parent folder of a share you received.
-					throw new \InvalidArgumentException($this->l->t('You cannot share a folder that contains other shares'));
-				}
-			}
-		}
-	}
-
-	/**
-	 * Check if the user that is sharing can actually share
-	 *
-	 * @param IShare $share
-	 * @throws \Exception
-	 */
-	protected function canShare(IShare $share) {
-		if (!$this->shareApiEnabled()) {
-			throw new \Exception($this->l->t('Sharing is disabled'));
-		}
-
-		if ($this->sharingDisabledForUser($share->getSharedBy())) {
-			throw new \Exception($this->l->t('Sharing is disabled for you'));
-		}
-	}
-
-	/**
-	 * Share a path
-	 *
-	 * @param IShare $share
-	 * @return IShare The share object
-	 * @throws \Exception
-	 *
-	 * TODO: handle link share permissions or check them
-	 */
-	public function createShare(IShare $share) {
-		$this->canShare($share);
-
-		$this->generalCreateChecks($share);
-
-		// Verify if there are any issues with the path
-		$this->pathCreateChecks($share->getNode());
-
-		/*
+        $provider = $this->factory->getProviderForType(IShare::TYPE_GROUP);
+        $existingShares = $provider->getSharesByPath($share->getNode());
+        foreach ($existingShares as $existingShare) {
+            try {
+                if ($existingShare->getFullId() === $share->getFullId()) {
+                    continue;
+                }
+            } catch (\UnexpectedValueException $e) {
+                //It is a new share so just continue
+            }
+
+            if ($existingShare->getSharedWith() === $share->getSharedWith() && $existingShare->getShareType() === $share->getShareType()) {
+                throw new AlreadySharedException($this->l->t('Path is already shared with this group'), $existingShare);
+            }
+        }
+    }
+
+    /**
+     * Check for pre share requirements for link shares
+     *
+     * @param IShare $share
+     * @throws \Exception
+     */
+    protected function linkCreateChecks(IShare $share) {
+        // Are link shares allowed?
+        if (!$this->shareApiAllowLinks()) {
+            throw new \Exception($this->l->t('Link sharing is not allowed'));
+        }
+
+        // Check if public upload is allowed
+        if ($share->getNodeType() === 'folder' && !$this->shareApiLinkAllowPublicUpload()
+            && ($share->getPermissions() & (\OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_DELETE))) {
+            throw new \InvalidArgumentException($this->l->t('Public upload is not allowed'));
+        }
+    }
+
+    /**
+     * To make sure we don't get invisible link shares we set the parent
+     * of a link if it is a reshare. This is a quick word around
+     * until we can properly display multiple link shares in the UI
+     *
+     * See: https://github.com/owncloud/core/issues/22295
+     *
+     * FIXME: Remove once multiple link shares can be properly displayed
+     *
+     * @param IShare $share
+     */
+    protected function setLinkParent(IShare $share) {
+        $storage = $share->getNode()->getStorage();
+        if ($storage->instanceOfStorage(SharedStorage::class)) {
+            /** @var \OCA\Files_Sharing\SharedStorage $storage */
+            $share->setParent((int)$storage->getShareId());
+        }
+    }
+
+    /**
+     * @param File|Folder $path
+     */
+    protected function pathCreateChecks($path) {
+        // Make sure that we do not share a path that contains a shared mountpoint
+        if ($path instanceof \OCP\Files\Folder) {
+            $mounts = $this->mountManager->findIn($path->getPath());
+            foreach ($mounts as $mount) {
+                if ($mount->getStorage()->instanceOfStorage('\OCA\Files_Sharing\ISharedStorage')) {
+                    // Using a flat sharing model ensures the file owner can always see who has access.
+                    // Allowing parent folder sharing would require tracking inherited access, which adds complexity
+                    // and hurts performance/scalability.
+                    // So we forbid sharing a parent folder of a share you received.
+                    throw new \InvalidArgumentException($this->l->t('You cannot share a folder that contains other shares'));
+                }
+            }
+        }
+    }
+
+    /**
+     * Check if the user that is sharing can actually share
+     *
+     * @param IShare $share
+     * @throws \Exception
+     */
+    protected function canShare(IShare $share) {
+        if (!$this->shareApiEnabled()) {
+            throw new \Exception($this->l->t('Sharing is disabled'));
+        }
+
+        if ($this->sharingDisabledForUser($share->getSharedBy())) {
+            throw new \Exception($this->l->t('Sharing is disabled for you'));
+        }
+    }
+
+    /**
+     * Share a path
+     *
+     * @param IShare $share
+     * @return IShare The share object
+     * @throws \Exception
+     *
+     * TODO: handle link share permissions or check them
+     */
+    public function createShare(IShare $share) {
+        $this->canShare($share);
+
+        $this->generalCreateChecks($share);
+
+        // Verify if there are any issues with the path
+        $this->pathCreateChecks($share->getNode());
+
+        /*
 		 * On creation of a share the owner is always the owner of the path
 		 * Except for mounted federated shares.
 		 */
-		$storage = $share->getNode()->getStorage();
-		if ($storage->instanceOfStorage('OCA\Files_Sharing\External\Storage')) {
-			$parent = $share->getNode()->getParent();
-			while ($parent->getStorage()->instanceOfStorage('OCA\Files_Sharing\External\Storage')) {
-				$parent = $parent->getParent();
-			}
-			$share->setShareOwner($parent->getOwner()->getUID());
-		} else {
-			if ($share->getNode()->getOwner()) {
-				$share->setShareOwner($share->getNode()->getOwner()->getUID());
-			} else {
-				$share->setShareOwner($share->getSharedBy());
-			}
-		}
-
-		try {
-			// Verify share type
-			if ($share->getShareType() === IShare::TYPE_USER) {
-				$this->userCreateChecks($share);
-
-				// Verify the expiration date
-				$share = $this->validateExpirationDateInternal($share);
-			} elseif ($share->getShareType() === IShare::TYPE_GROUP) {
-				$this->groupCreateChecks($share);
-
-				// Verify the expiration date
-				$share = $this->validateExpirationDateInternal($share);
-			} elseif ($share->getShareType() === IShare::TYPE_REMOTE || $share->getShareType() === IShare::TYPE_REMOTE_GROUP) {
-				// Verify the expiration date
-				$share = $this->validateExpirationDateInternal($share);
-			} elseif ($share->getShareType() === IShare::TYPE_LINK
-				|| $share->getShareType() === IShare::TYPE_EMAIL) {
-				$this->linkCreateChecks($share);
-				$this->setLinkParent($share);
-
-				$token = $this->generateToken();
-				// Set the unique token
-				$share->setToken($token);
-
-				// Verify the expiration date
-				$share = $this->validateExpirationDateLink($share);
-
-				// Verify the password
-				$this->verifyPassword($share->getPassword());
-
-				// If a password is set. Hash it!
-				if ($share->getShareType() === IShare::TYPE_LINK
-					&& $share->getPassword() !== null) {
-					$share->setPassword($this->hasher->hash($share->getPassword()));
-				}
-			}
-
-			// Cannot share with the owner
-			if ($share->getShareType() === IShare::TYPE_USER
-				&& $share->getSharedWith() === $share->getShareOwner()) {
-				throw new \InvalidArgumentException($this->l->t('Cannot share with the share owner'));
-			}
-
-			// Generate the target
-			$shareFolder = $this->config->getSystemValue('share_folder', '/');
-			if ($share->getShareType() === IShare::TYPE_USER) {
-				$allowCustomShareFolder = $this->config->getSystemValueBool('sharing.allow_custom_share_folder', true);
-				if ($allowCustomShareFolder) {
-					$shareFolder = $this->config->getUserValue($share->getSharedWith(), Application::APP_ID, 'share_folder', $shareFolder);
-				}
-			}
-
-			$target = $shareFolder . '/' . $share->getNode()->getName();
-			$target = \OC\Files\Filesystem::normalizePath($target);
-			$share->setTarget($target);
-
-			// Pre share event
-			$event = new Share\Events\BeforeShareCreatedEvent($share);
-			$this->dispatchEvent($event, 'before share created');
-			if ($event->isPropagationStopped() && $event->getError()) {
-				throw new \Exception($event->getError());
-			}
-
-			$oldShare = $share;
-			$provider = $this->factory->getProviderForType($share->getShareType());
-			$share = $provider->create($share);
-
-			// Reuse the node we already have
-			$share->setNode($oldShare->getNode());
-
-			// Reset the target if it is null for the new share
-			if ($share->getTarget() === '') {
-				$share->setTarget($target);
-			}
-		} catch (AlreadySharedException $e) {
-			// If a share for the same target already exists, dont create a new one,
-			// but do trigger the hooks and notifications again
-			$oldShare = $share;
-
-			// Reuse the node we already have
-			$share = $e->getExistingShare();
-			$share->setNode($oldShare->getNode());
-		}
-
-		// Post share event
-		$this->dispatchEvent(new ShareCreatedEvent($share), 'share created');
-
-		// Send email if needed
-		if ($this->config->getSystemValueBool('sharing.enable_share_mail', true)) {
-			if ($share->getMailSend()) {
-				$provider = $this->factory->getProviderForType($share->getShareType());
-				if ($provider instanceof IShareProviderWithNotification) {
-					$provider->sendMailNotification($share);
-				} else {
-					$this->logger->debug('Share notification not sent because the provider does not support it.', ['app' => 'share']);
-				}
-			} else {
-				$this->logger->debug('Share notification not sent because mailsend is false.', ['app' => 'share']);
-			}
-		} else {
-			$this->logger->debug('Share notification not sent because sharing notification emails is disabled.', ['app' => 'share']);
-		}
-
-		return $share;
-	}
-
-	/**
-	 * Update a share
-	 *
-	 * @param IShare $share
-	 * @return IShare The share object
-	 * @throws \InvalidArgumentException
-	 * @throws HintException
-	 */
-	public function updateShare(IShare $share, bool $onlyValid = true) {
-		$expirationDateUpdated = false;
-
-		$this->canShare($share);
-
-		try {
-			$originalShare = $this->getShareById($share->getFullId(), onlyValid: $onlyValid);
-		} catch (\UnexpectedValueException $e) {
-			throw new \InvalidArgumentException($this->l->t('Share does not have a full ID'));
-		}
-
-		// We cannot change the share type!
-		if ($share->getShareType() !== $originalShare->getShareType()) {
-			throw new \InvalidArgumentException($this->l->t('Cannot change share type'));
-		}
-
-		// We can only change the recipient on user shares
-		if ($share->getSharedWith() !== $originalShare->getSharedWith()
-			&& $share->getShareType() !== IShare::TYPE_USER) {
-			throw new \InvalidArgumentException($this->l->t('Can only update recipient on user shares'));
-		}
-
-		// Cannot share with the owner
-		if ($share->getShareType() === IShare::TYPE_USER
-			&& $share->getSharedWith() === $share->getShareOwner()) {
-			throw new \InvalidArgumentException($this->l->t('Cannot share with the share owner'));
-		}
-
-		$this->generalCreateChecks($share, true);
-
-		if ($share->getShareType() === IShare::TYPE_USER) {
-			$this->userCreateChecks($share);
-
-			if ($share->getExpirationDate() != $originalShare->getExpirationDate()) {
-				// Verify the expiration date
-				$this->validateExpirationDateInternal($share);
-				$expirationDateUpdated = true;
-			}
-		} elseif ($share->getShareType() === IShare::TYPE_GROUP) {
-			$this->groupCreateChecks($share);
-
-			if ($share->getExpirationDate() != $originalShare->getExpirationDate()) {
-				// Verify the expiration date
-				$this->validateExpirationDateInternal($share);
-				$expirationDateUpdated = true;
-			}
-		} elseif ($share->getShareType() === IShare::TYPE_LINK
-			|| $share->getShareType() === IShare::TYPE_EMAIL) {
-			$this->linkCreateChecks($share);
-
-			// The new password is not set again if it is the same as the old
-			// one, unless when switching from sending by Talk to sending by
-			// mail.
-			$plainTextPassword = $share->getPassword();
-			$updatedPassword = $this->updateSharePasswordIfNeeded($share, $originalShare);
-
-			/**
-			 * Cannot enable the getSendPasswordByTalk if there is no password set
-			 */
-			if (empty($plainTextPassword) && $share->getSendPasswordByTalk()) {
-				throw new \InvalidArgumentException($this->l->t('Cannot enable sending the password by Talk with an empty password'));
-			}
-
-			/**
-			 * If we're in a mail share, we need to force a password change
-			 * as either the user is not aware of the password or is already (received by mail)
-			 * Thus the SendPasswordByTalk feature would not make sense
-			 */
-			if (!$updatedPassword && $share->getShareType() === IShare::TYPE_EMAIL) {
-				if (!$originalShare->getSendPasswordByTalk() && $share->getSendPasswordByTalk()) {
-					throw new \InvalidArgumentException($this->l->t('Cannot enable sending the password by Talk without setting a new password'));
-				}
-				if ($originalShare->getSendPasswordByTalk() && !$share->getSendPasswordByTalk()) {
-					throw new \InvalidArgumentException($this->l->t('Cannot disable sending the password by Talk without setting a new password'));
-				}
-			}
-
-			if ($share->getExpirationDate() != $originalShare->getExpirationDate()) {
-				// Verify the expiration date
-				$this->validateExpirationDateLink($share);
-				$expirationDateUpdated = true;
-			}
-		} elseif ($share->getShareType() === IShare::TYPE_REMOTE || $share->getShareType() === IShare::TYPE_REMOTE_GROUP) {
-			if ($share->getExpirationDate() != $originalShare->getExpirationDate()) {
-				// Verify the expiration date
-				$this->validateExpirationDateInternal($share);
-				$expirationDateUpdated = true;
-			}
-		}
-
-		$this->pathCreateChecks($share->getNode());
-
-		// Now update the share!
-		$provider = $this->factory->getProviderForType($share->getShareType());
-		if ($share->getShareType() === IShare::TYPE_EMAIL) {
-			/** @var ShareByMailProvider $provider */
-			$share = $provider->update($share, $plainTextPassword);
-		} else {
-			$share = $provider->update($share);
-		}
-
-		if ($expirationDateUpdated === true) {
-			\OC_Hook::emit(Share::class, 'post_set_expiration_date', [
-				'itemType' => $share->getNode() instanceof \OCP\Files\File ? 'file' : 'folder',
-				'itemSource' => $share->getNode()->getId(),
-				'date' => $share->getExpirationDate(),
-				'uidOwner' => $share->getSharedBy(),
-			]);
-		}
-
-		if ($share->getPassword() !== $originalShare->getPassword()) {
-			\OC_Hook::emit(Share::class, 'post_update_password', [
-				'itemType' => $share->getNode() instanceof \OCP\Files\File ? 'file' : 'folder',
-				'itemSource' => $share->getNode()->getId(),
-				'uidOwner' => $share->getSharedBy(),
-				'token' => $share->getToken(),
-				'disabled' => is_null($share->getPassword()),
-			]);
-		}
-
-		if ($share->getPermissions() !== $originalShare->getPermissions()) {
-			if ($this->userManager->userExists($share->getShareOwner())) {
-				$userFolder = $this->rootFolder->getUserFolder($share->getShareOwner());
-			} else {
-				$userFolder = $this->rootFolder->getUserFolder($share->getSharedBy());
-			}
-			\OC_Hook::emit(Share::class, 'post_update_permissions', [
-				'itemType' => $share->getNode() instanceof \OCP\Files\File ? 'file' : 'folder',
-				'itemSource' => $share->getNode()->getId(),
-				'shareType' => $share->getShareType(),
-				'shareWith' => $share->getSharedWith(),
-				'uidOwner' => $share->getSharedBy(),
-				'permissions' => $share->getPermissions(),
-				'attributes' => $share->getAttributes() !== null ? $share->getAttributes()->toArray() : null,
-				'path' => $userFolder->getRelativePath($share->getNode()->getPath()),
-			]);
-		}
-
-		return $share;
-	}
-
-	/**
-	 * Accept a share.
-	 *
-	 * @param IShare $share
-	 * @param string $recipientId
-	 * @return IShare The share object
-	 * @throws \InvalidArgumentException Thrown if the provider does not implement `IShareProviderSupportsAccept`
-	 * @since 9.0.0
-	 */
-	public function acceptShare(IShare $share, string $recipientId): IShare {
-		[$providerId,] = $this->splitFullId($share->getFullId());
-		$provider = $this->factory->getProvider($providerId);
-
-		if (!($provider instanceof IShareProviderSupportsAccept)) {
-			throw new \InvalidArgumentException($this->l->t('Share provider does not support accepting'));
-		}
-		/** @var IShareProvider&IShareProviderSupportsAccept $provider */
-		$provider->acceptShare($share, $recipientId);
-
-		$event = new ShareAcceptedEvent($share);
-		$this->dispatchEvent($event, 'share accepted');
-
-		return $share;
-	}
-
-	/**
-	 * Updates the password of the given share if it is not the same as the
-	 * password of the original share.
-	 *
-	 * @param IShare $share the share to update its password.
-	 * @param IShare $originalShare the original share to compare its
-	 *                              password with.
-	 * @return boolean whether the password was updated or not.
-	 */
-	private function updateSharePasswordIfNeeded(IShare $share, IShare $originalShare) {
-		$passwordsAreDifferent = ($share->getPassword() !== $originalShare->getPassword())
-			&& (($share->getPassword() !== null && $originalShare->getPassword() === null)
-				|| ($share->getPassword() === null && $originalShare->getPassword() !== null)
-				|| ($share->getPassword() !== null && $originalShare->getPassword() !== null
-					&& !$this->hasher->verify($share->getPassword(), $originalShare->getPassword())));
-
-		// Password updated.
-		if ($passwordsAreDifferent) {
-			// Verify the password
-			$this->verifyPassword($share->getPassword());
-
-			// If a password is set. Hash it!
-			if (!empty($share->getPassword())) {
-				$share->setPassword($this->hasher->hash($share->getPassword()));
-				if ($share->getShareType() === IShare::TYPE_EMAIL) {
-					// Shares shared by email have temporary passwords
-					$this->setSharePasswordExpirationTime($share);
-				}
-
-				return true;
-			} else {
-				// Empty string and null are seen as NOT password protected
-				$share->setPassword(null);
-				if ($share->getShareType() === IShare::TYPE_EMAIL) {
-					$share->setPasswordExpirationTime(null);
-				}
-				return true;
-			}
-		} else {
-			// Reset the password to the original one, as it is either the same
-			// as the "new" password or a hashed version of it.
-			$share->setPassword($originalShare->getPassword());
-		}
-
-		return false;
-	}
-
-	/**
-	 * Set the share's password expiration time
-	 */
-	private function setSharePasswordExpirationTime(IShare $share): void {
-		if (!$this->config->getSystemValueBool('sharing.enable_mail_link_password_expiration', false)) {
-			// Sets password expiration date to NULL
-			$share->setPasswordExpirationTime();
-			return;
-		}
-		// Sets password expiration date
-		$expirationTime = null;
-		$now = new \DateTime();
-		$expirationInterval = $this->config->getSystemValue('sharing.mail_link_password_expiration_interval', 3600);
-		$expirationTime = $now->add(new \DateInterval('PT' . $expirationInterval . 'S'));
-		$share->setPasswordExpirationTime($expirationTime);
-	}
-
-
-	/**
-	 * Delete all the children of this share
-	 *
-	 * @param IShare $share
-	 * @return IShare[] List of deleted shares
-	 */
-	protected function deleteChildren(IShare $share) {
-		$deletedShares = [];
-
-		$provider = $this->factory->getProviderForType($share->getShareType());
-
-		foreach ($provider->getChildren($share) as $child) {
-			$this->dispatchEvent(new BeforeShareDeletedEvent($child), 'before share deleted');
-
-			$deletedChildren = $this->deleteChildren($child);
-			$deletedShares = array_merge($deletedShares, $deletedChildren);
-
-			$provider->delete($child);
-			$this->dispatchEvent(new ShareDeletedEvent($child), 'share deleted');
-			$deletedShares[] = $child;
-		}
-
-		return $deletedShares;
-	}
-
-	/** Promote re-shares into direct shares so that target user keeps access */
-	protected function promoteReshares(IShare $share): void {
-		try {
-			$node = $share->getNode();
-		} catch (NotFoundException) {
-			/* Skip if node not found */
-			return;
-		}
-
-		$userIds = [];
-
-		if ($share->getShareType() === IShare::TYPE_USER) {
-			$userIds[] = $share->getSharedWith();
-		} elseif ($share->getShareType() === IShare::TYPE_GROUP) {
-			$group = $this->groupManager->get($share->getSharedWith());
-			$users = $group?->getUsers() ?? [];
-
-			foreach ($users as $user) {
-				/* Skip share owner */
-				if ($user->getUID() === $share->getShareOwner() || $user->getUID() === $share->getSharedBy()) {
-					continue;
-				}
-				$userIds[] = $user->getUID();
-			}
-		} else {
-			/* We only support user and group shares */
-			return;
-		}
-
-		$reshareRecords = [];
-		$shareTypes = [
-			IShare::TYPE_GROUP,
-			IShare::TYPE_USER,
-			IShare::TYPE_LINK,
-			IShare::TYPE_REMOTE,
-			IShare::TYPE_EMAIL,
-		];
-
-		foreach ($userIds as $userId) {
-			foreach ($shareTypes as $shareType) {
-				try {
-					$provider = $this->factory->getProviderForType($shareType);
-				} catch (ProviderException $e) {
-					continue;
-				}
-
-				if ($node instanceof Folder) {
-					/* We need to get all shares by this user to get subshares */
-					$shares = $provider->getSharesBy($userId, $shareType, null, false, -1, 0);
-
-					foreach ($shares as $share) {
-						try {
-							$path = $share->getNode()->getPath();
-						} catch (NotFoundException) {
-							/* Ignore share of non-existing node */
-							continue;
-						}
-						if ($node->getRelativePath($path) !== null) {
-							/* If relative path is not null it means the shared node is the same or in a subfolder */
-							$reshareRecords[] = $share;
-						}
-					}
-				} else {
-					$shares = $provider->getSharesBy($userId, $shareType, $node, false, -1, 0);
-					foreach ($shares as $child) {
-						$reshareRecords[] = $child;
-					}
-				}
-			}
-		}
-
-		foreach ($reshareRecords as $child) {
-			try {
-				/* Check if the share is still valid (means the resharer still has access to the file through another mean) */
-				$this->generalCreateChecks($child);
-			} catch (GenericShareException $e) {
-				/* The check is invalid, promote it to a direct share from the sharer of parent share */
-				$this->logger->debug('Promote reshare because of exception ' . $e->getMessage(), ['exception' => $e, 'fullId' => $child->getFullId()]);
-				try {
-					$child->setSharedBy($share->getSharedBy());
-					$this->updateShare($child);
-				} catch (GenericShareException|\InvalidArgumentException $e) {
-					$this->logger->warning('Failed to promote reshare because of exception ' . $e->getMessage(), ['exception' => $e, 'fullId' => $child->getFullId()]);
-				}
-			}
-		}
-	}
-
-	/**
-	 * Delete a share
-	 *
-	 * @param IShare $share
-	 * @throws ShareNotFound
-	 * @throws \InvalidArgumentException
-	 */
-	public function deleteShare(IShare $share) {
-		try {
-			$share->getFullId();
-		} catch (\UnexpectedValueException $e) {
-			throw new \InvalidArgumentException($this->l->t('Share does not have a full ID'));
-		}
-
-		$this->dispatchEvent(new BeforeShareDeletedEvent($share), 'before share deleted');
-
-		// Get all children and delete them as well
-		$this->deleteChildren($share);
-
-		// Do the actual delete
-		$provider = $this->factory->getProviderForType($share->getShareType());
-		$provider->delete($share);
-
-		$this->dispatchEvent(new ShareDeletedEvent($share), 'share deleted');
-
-		// Promote reshares of the deleted share
-		$this->promoteReshares($share);
-	}
-
-
-	/**
-	 * Unshare a file as the recipient.
-	 * This can be different from a regular delete for example when one of
-	 * the users in a groups deletes that share. But the provider should
-	 * handle this.
-	 *
-	 * @param IShare $share
-	 * @param string $recipientId
-	 */
-	public function deleteFromSelf(IShare $share, $recipientId) {
-		[$providerId,] = $this->splitFullId($share->getFullId());
-		$provider = $this->factory->getProvider($providerId);
-
-		$provider->deleteFromSelf($share, $recipientId);
-		$event = new ShareDeletedFromSelfEvent($share);
-		$this->dispatchEvent($event, 'leave share');
-	}
-
-	public function restoreShare(IShare $share, string $recipientId): IShare {
-		[$providerId,] = $this->splitFullId($share->getFullId());
-		$provider = $this->factory->getProvider($providerId);
-
-		return $provider->restore($share, $recipientId);
-	}
-
-	/**
-	 * @inheritdoc
-	 */
-	public function moveShare(IShare $share, $recipientId) {
-		if ($share->getShareType() === IShare::TYPE_LINK
-			|| $share->getShareType() === IShare::TYPE_EMAIL) {
-			throw new \InvalidArgumentException($this->l->t('Cannot change target of link share'));
-		}
-
-		if ($share->getShareType() === IShare::TYPE_USER && $share->getSharedWith() !== $recipientId) {
-			throw new \InvalidArgumentException($this->l->t('Invalid share recipient'));
-		}
-
-		if ($share->getShareType() === IShare::TYPE_GROUP) {
-			$sharedWith = $this->groupManager->get($share->getSharedWith());
-			if (is_null($sharedWith)) {
-				throw new \InvalidArgumentException($this->l->t('Group "%s" does not exist', [$share->getSharedWith()]));
-			}
-			$recipient = $this->userManager->get($recipientId);
-			if (!$sharedWith->inGroup($recipient)) {
-				throw new \InvalidArgumentException($this->l->t('Invalid share recipient'));
-			}
-		}
-
-		[$providerId,] = $this->splitFullId($share->getFullId());
-		$provider = $this->factory->getProvider($providerId);
-
-		return $provider->move($share, $recipientId);
-	}
-
-	public function getSharesInFolder($userId, Folder $node, $reshares = false, $shallow = true) {
-		$providers = $this->factory->getAllProviders();
-		if (!$shallow) {
-			throw new \Exception('non-shallow getSharesInFolder is no longer supported');
-		}
-
-		$isOwnerless = $node->getMountPoint() instanceof IShareOwnerlessMount;
-
-		$shares = [];
-		foreach ($providers as $provider) {
-			if ($isOwnerless) {
-				// If the provider does not implement the additional interface,
-				// we lack a performant way of querying all shares and therefore ignore the provider.
-				if ($provider instanceof IShareProviderSupportsAllSharesInFolder) {
-					foreach ($provider->getAllSharesInFolder($node) as $fid => $data) {
-						$shares[$fid] ??= [];
-						$shares[$fid] = array_merge($shares[$fid], $data);
-					}
-				}
-			} else {
-				foreach ($provider->getSharesInFolder($userId, $node, $reshares) as $fid => $data) {
-					$shares[$fid] ??= [];
-					$shares[$fid] = array_merge($shares[$fid], $data);
-				}
-			}
-		}
-
-		return $shares;
-	}
-
-	/**
-	 * @inheritdoc
-	 */
-	public function getSharesBy($userId, $shareType, $path = null, $reshares = false, $limit = 50, $offset = 0, bool $onlyValid = true) {
-		if ($path !== null
-			&& !($path instanceof \OCP\Files\File)
-			&& !($path instanceof \OCP\Files\Folder)) {
-			throw new \InvalidArgumentException($this->l->t('Invalid path'));
-		}
-
-		try {
-			$provider = $this->factory->getProviderForType($shareType);
-		} catch (ProviderException $e) {
-			return [];
-		}
-
-		if ($path?->getMountPoint() instanceof IShareOwnerlessMount) {
-			$shares = array_filter($provider->getSharesByPath($path), static fn (IShare $share) => $share->getShareType() === $shareType);
-		} else {
-			$shares = $provider->getSharesBy($userId, $shareType, $path, $reshares, $limit, $offset);
-		}
-
-		/*
+        $storage = $share->getNode()->getStorage();
+        if ($storage->instanceOfStorage('OCA\Files_Sharing\External\Storage')) {
+            $parent = $share->getNode()->getParent();
+            while ($parent->getStorage()->instanceOfStorage('OCA\Files_Sharing\External\Storage')) {
+                $parent = $parent->getParent();
+            }
+            $share->setShareOwner($parent->getOwner()->getUID());
+        } else {
+            if ($share->getNode()->getOwner()) {
+                $share->setShareOwner($share->getNode()->getOwner()->getUID());
+            } else {
+                $share->setShareOwner($share->getSharedBy());
+            }
+        }
+
+        try {
+            // Verify share type
+            if ($share->getShareType() === IShare::TYPE_USER) {
+                $this->userCreateChecks($share);
+
+                // Verify the expiration date
+                $share = $this->validateExpirationDateInternal($share);
+            } elseif ($share->getShareType() === IShare::TYPE_GROUP) {
+                $this->groupCreateChecks($share);
+
+                // Verify the expiration date
+                $share = $this->validateExpirationDateInternal($share);
+            } elseif ($share->getShareType() === IShare::TYPE_REMOTE || $share->getShareType() === IShare::TYPE_REMOTE_GROUP) {
+                // Verify the expiration date
+                $share = $this->validateExpirationDateInternal($share);
+            } elseif ($share->getShareType() === IShare::TYPE_LINK
+                || $share->getShareType() === IShare::TYPE_EMAIL) {
+                $this->linkCreateChecks($share);
+                $this->setLinkParent($share);
+
+                $token = $this->generateToken();
+                // Set the unique token
+                $share->setToken($token);
+
+                // Verify the expiration date
+                $share = $this->validateExpirationDateLink($share);
+
+                // Verify the password
+                $this->verifyPassword($share->getPassword());
+
+                // If a password is set. Hash it!
+                if ($share->getShareType() === IShare::TYPE_LINK
+                    && $share->getPassword() !== null) {
+                    $share->setPassword($this->hasher->hash($share->getPassword()));
+                }
+            }
+
+            // Cannot share with the owner
+            if ($share->getShareType() === IShare::TYPE_USER
+                && $share->getSharedWith() === $share->getShareOwner()) {
+                throw new \InvalidArgumentException($this->l->t('Cannot share with the share owner'));
+            }
+
+            // Generate the target
+            $shareFolder = $this->config->getSystemValue('share_folder', '/');
+            if ($share->getShareType() === IShare::TYPE_USER) {
+                $allowCustomShareFolder = $this->config->getSystemValueBool('sharing.allow_custom_share_folder', true);
+                if ($allowCustomShareFolder) {
+                    $shareFolder = $this->config->getUserValue($share->getSharedWith(), Application::APP_ID, 'share_folder', $shareFolder);
+                }
+            }
+
+            $target = $shareFolder . '/' . $share->getNode()->getName();
+            $target = \OC\Files\Filesystem::normalizePath($target);
+            $share->setTarget($target);
+
+            // Pre share event
+            $event = new Share\Events\BeforeShareCreatedEvent($share);
+            $this->dispatchEvent($event, 'before share created');
+            if ($event->isPropagationStopped() && $event->getError()) {
+                throw new \Exception($event->getError());
+            }
+
+            $oldShare = $share;
+            $provider = $this->factory->getProviderForType($share->getShareType());
+            $share = $provider->create($share);
+
+            // Reuse the node we already have
+            $share->setNode($oldShare->getNode());
+
+            // Reset the target if it is null for the new share
+            if ($share->getTarget() === '') {
+                $share->setTarget($target);
+            }
+        } catch (AlreadySharedException $e) {
+            // If a share for the same target already exists, dont create a new one,
+            // but do trigger the hooks and notifications again
+            $oldShare = $share;
+
+            // Reuse the node we already have
+            $share = $e->getExistingShare();
+            $share->setNode($oldShare->getNode());
+        }
+
+        // Post share event
+        $this->dispatchEvent(new ShareCreatedEvent($share), 'share created');
+
+        // Send email if needed
+        if ($this->config->getSystemValueBool('sharing.enable_share_mail', true)) {
+            if ($share->getMailSend()) {
+                $provider = $this->factory->getProviderForType($share->getShareType());
+                if ($provider instanceof IShareProviderWithNotification) {
+                    $provider->sendMailNotification($share);
+                } else {
+                    $this->logger->debug('Share notification not sent because the provider does not support it.', ['app' => 'share']);
+                }
+            } else {
+                $this->logger->debug('Share notification not sent because mailsend is false.', ['app' => 'share']);
+            }
+        } else {
+            $this->logger->debug('Share notification not sent because sharing notification emails is disabled.', ['app' => 'share']);
+        }
+
+        return $share;
+    }
+
+    /**
+     * Update a share
+     *
+     * @param IShare $share
+     * @return IShare The share object
+     * @throws \InvalidArgumentException
+     * @throws HintException
+     */
+    public function updateShare(IShare $share, bool $onlyValid = true) {
+        $expirationDateUpdated = false;
+
+        $this->canShare($share);
+
+        try {
+            $originalShare = $this->getShareById($share->getFullId(), onlyValid: $onlyValid);
+        } catch (\UnexpectedValueException $e) {
+            throw new \InvalidArgumentException($this->l->t('Share does not have a full ID'));
+        }
+
+        // We cannot change the share type!
+        if ($share->getShareType() !== $originalShare->getShareType()) {
+            throw new \InvalidArgumentException($this->l->t('Cannot change share type'));
+        }
+
+        // We can only change the recipient on user shares
+        if ($share->getSharedWith() !== $originalShare->getSharedWith()
+            && $share->getShareType() !== IShare::TYPE_USER) {
+            throw new \InvalidArgumentException($this->l->t('Can only update recipient on user shares'));
+        }
+
+        // Cannot share with the owner
+        if ($share->getShareType() === IShare::TYPE_USER
+            && $share->getSharedWith() === $share->getShareOwner()) {
+            throw new \InvalidArgumentException($this->l->t('Cannot share with the share owner'));
+        }
+
+        $this->generalCreateChecks($share, true);
+
+        if ($share->getShareType() === IShare::TYPE_USER) {
+            $this->userCreateChecks($share);
+
+            if ($share->getExpirationDate() != $originalShare->getExpirationDate()) {
+                // Verify the expiration date
+                $this->validateExpirationDateInternal($share);
+                $expirationDateUpdated = true;
+            }
+        } elseif ($share->getShareType() === IShare::TYPE_GROUP) {
+            $this->groupCreateChecks($share);
+
+            if ($share->getExpirationDate() != $originalShare->getExpirationDate()) {
+                // Verify the expiration date
+                $this->validateExpirationDateInternal($share);
+                $expirationDateUpdated = true;
+            }
+        } elseif ($share->getShareType() === IShare::TYPE_LINK
+            || $share->getShareType() === IShare::TYPE_EMAIL) {
+            $this->linkCreateChecks($share);
+
+            // The new password is not set again if it is the same as the old
+            // one, unless when switching from sending by Talk to sending by
+            // mail.
+            $plainTextPassword = $share->getPassword();
+            $updatedPassword = $this->updateSharePasswordIfNeeded($share, $originalShare);
+
+            /**
+             * Cannot enable the getSendPasswordByTalk if there is no password set
+             */
+            if (empty($plainTextPassword) && $share->getSendPasswordByTalk()) {
+                throw new \InvalidArgumentException($this->l->t('Cannot enable sending the password by Talk with an empty password'));
+            }
+
+            /**
+             * If we're in a mail share, we need to force a password change
+             * as either the user is not aware of the password or is already (received by mail)
+             * Thus the SendPasswordByTalk feature would not make sense
+             */
+            if (!$updatedPassword && $share->getShareType() === IShare::TYPE_EMAIL) {
+                if (!$originalShare->getSendPasswordByTalk() && $share->getSendPasswordByTalk()) {
+                    throw new \InvalidArgumentException($this->l->t('Cannot enable sending the password by Talk without setting a new password'));
+                }
+                if ($originalShare->getSendPasswordByTalk() && !$share->getSendPasswordByTalk()) {
+                    throw new \InvalidArgumentException($this->l->t('Cannot disable sending the password by Talk without setting a new password'));
+                }
+            }
+
+            if ($share->getExpirationDate() != $originalShare->getExpirationDate()) {
+                // Verify the expiration date
+                $this->validateExpirationDateLink($share);
+                $expirationDateUpdated = true;
+            }
+        } elseif ($share->getShareType() === IShare::TYPE_REMOTE || $share->getShareType() === IShare::TYPE_REMOTE_GROUP) {
+            if ($share->getExpirationDate() != $originalShare->getExpirationDate()) {
+                // Verify the expiration date
+                $this->validateExpirationDateInternal($share);
+                $expirationDateUpdated = true;
+            }
+        }
+
+        $this->pathCreateChecks($share->getNode());
+
+        // Now update the share!
+        $provider = $this->factory->getProviderForType($share->getShareType());
+        if ($share->getShareType() === IShare::TYPE_EMAIL) {
+            /** @var ShareByMailProvider $provider */
+            $share = $provider->update($share, $plainTextPassword);
+        } else {
+            $share = $provider->update($share);
+        }
+
+        if ($expirationDateUpdated === true) {
+            \OC_Hook::emit(Share::class, 'post_set_expiration_date', [
+                'itemType' => $share->getNode() instanceof \OCP\Files\File ? 'file' : 'folder',
+                'itemSource' => $share->getNode()->getId(),
+                'date' => $share->getExpirationDate(),
+                'uidOwner' => $share->getSharedBy(),
+            ]);
+        }
+
+        if ($share->getPassword() !== $originalShare->getPassword()) {
+            \OC_Hook::emit(Share::class, 'post_update_password', [
+                'itemType' => $share->getNode() instanceof \OCP\Files\File ? 'file' : 'folder',
+                'itemSource' => $share->getNode()->getId(),
+                'uidOwner' => $share->getSharedBy(),
+                'token' => $share->getToken(),
+                'disabled' => is_null($share->getPassword()),
+            ]);
+        }
+
+        if ($share->getPermissions() !== $originalShare->getPermissions()) {
+            if ($this->userManager->userExists($share->getShareOwner())) {
+                $userFolder = $this->rootFolder->getUserFolder($share->getShareOwner());
+            } else {
+                $userFolder = $this->rootFolder->getUserFolder($share->getSharedBy());
+            }
+            \OC_Hook::emit(Share::class, 'post_update_permissions', [
+                'itemType' => $share->getNode() instanceof \OCP\Files\File ? 'file' : 'folder',
+                'itemSource' => $share->getNode()->getId(),
+                'shareType' => $share->getShareType(),
+                'shareWith' => $share->getSharedWith(),
+                'uidOwner' => $share->getSharedBy(),
+                'permissions' => $share->getPermissions(),
+                'attributes' => $share->getAttributes() !== null ? $share->getAttributes()->toArray() : null,
+                'path' => $userFolder->getRelativePath($share->getNode()->getPath()),
+            ]);
+        }
+
+        return $share;
+    }
+
+    /**
+     * Accept a share.
+     *
+     * @param IShare $share
+     * @param string $recipientId
+     * @return IShare The share object
+     * @throws \InvalidArgumentException Thrown if the provider does not implement `IShareProviderSupportsAccept`
+     * @since 9.0.0
+     */
+    public function acceptShare(IShare $share, string $recipientId): IShare {
+        [$providerId,] = $this->splitFullId($share->getFullId());
+        $provider = $this->factory->getProvider($providerId);
+
+        if (!($provider instanceof IShareProviderSupportsAccept)) {
+            throw new \InvalidArgumentException($this->l->t('Share provider does not support accepting'));
+        }
+        /** @var IShareProvider&IShareProviderSupportsAccept $provider */
+        $provider->acceptShare($share, $recipientId);
+
+        $event = new ShareAcceptedEvent($share);
+        $this->dispatchEvent($event, 'share accepted');
+
+        return $share;
+    }
+
+    /**
+     * Updates the password of the given share if it is not the same as the
+     * password of the original share.
+     *
+     * @param IShare $share the share to update its password.
+     * @param IShare $originalShare the original share to compare its
+     *                              password with.
+     * @return boolean whether the password was updated or not.
+     */
+    private function updateSharePasswordIfNeeded(IShare $share, IShare $originalShare) {
+        $passwordsAreDifferent = ($share->getPassword() !== $originalShare->getPassword())
+            && (($share->getPassword() !== null && $originalShare->getPassword() === null)
+                || ($share->getPassword() === null && $originalShare->getPassword() !== null)
+                || ($share->getPassword() !== null && $originalShare->getPassword() !== null
+                    && !$this->hasher->verify($share->getPassword(), $originalShare->getPassword())));
+
+        // Password updated.
+        if ($passwordsAreDifferent) {
+            // Verify the password
+            $this->verifyPassword($share->getPassword());
+
+            // If a password is set. Hash it!
+            if (!empty($share->getPassword())) {
+                $share->setPassword($this->hasher->hash($share->getPassword()));
+                if ($share->getShareType() === IShare::TYPE_EMAIL) {
+                    // Shares shared by email have temporary passwords
+                    $this->setSharePasswordExpirationTime($share);
+                }
+
+                return true;
+            } else {
+                // Empty string and null are seen as NOT password protected
+                $share->setPassword(null);
+                if ($share->getShareType() === IShare::TYPE_EMAIL) {
+                    $share->setPasswordExpirationTime(null);
+                }
+                return true;
+            }
+        } else {
+            // Reset the password to the original one, as it is either the same
+            // as the "new" password or a hashed version of it.
+            $share->setPassword($originalShare->getPassword());
+        }
+
+        return false;
+    }
+
+    /**
+     * Set the share's password expiration time
+     */
+    private function setSharePasswordExpirationTime(IShare $share): void {
+        if (!$this->config->getSystemValueBool('sharing.enable_mail_link_password_expiration', false)) {
+            // Sets password expiration date to NULL
+            $share->setPasswordExpirationTime();
+            return;
+        }
+        // Sets password expiration date
+        $expirationTime = null;
+        $now = new \DateTime();
+        $expirationInterval = $this->config->getSystemValue('sharing.mail_link_password_expiration_interval', 3600);
+        $expirationTime = $now->add(new \DateInterval('PT' . $expirationInterval . 'S'));
+        $share->setPasswordExpirationTime($expirationTime);
+    }
+
+
+    /**
+     * Delete all the children of this share
+     *
+     * @param IShare $share
+     * @return IShare[] List of deleted shares
+     */
+    protected function deleteChildren(IShare $share) {
+        $deletedShares = [];
+
+        $provider = $this->factory->getProviderForType($share->getShareType());
+
+        foreach ($provider->getChildren($share) as $child) {
+            $this->dispatchEvent(new BeforeShareDeletedEvent($child), 'before share deleted');
+
+            $deletedChildren = $this->deleteChildren($child);
+            $deletedShares = array_merge($deletedShares, $deletedChildren);
+
+            $provider->delete($child);
+            $this->dispatchEvent(new ShareDeletedEvent($child), 'share deleted');
+            $deletedShares[] = $child;
+        }
+
+        return $deletedShares;
+    }
+
+    /** Promote re-shares into direct shares so that target user keeps access */
+    protected function promoteReshares(IShare $share): void {
+        try {
+            $node = $share->getNode();
+        } catch (NotFoundException) {
+            /* Skip if node not found */
+            return;
+        }
+
+        $userIds = [];
+
+        if ($share->getShareType() === IShare::TYPE_USER) {
+            $userIds[] = $share->getSharedWith();
+        } elseif ($share->getShareType() === IShare::TYPE_GROUP) {
+            $group = $this->groupManager->get($share->getSharedWith());
+            $users = $group?->getUsers() ?? [];
+
+            foreach ($users as $user) {
+                /* Skip share owner */
+                if ($user->getUID() === $share->getShareOwner() || $user->getUID() === $share->getSharedBy()) {
+                    continue;
+                }
+                $userIds[] = $user->getUID();
+            }
+        } else {
+            /* We only support user and group shares */
+            return;
+        }
+
+        $reshareRecords = [];
+        $shareTypes = [
+            IShare::TYPE_GROUP,
+            IShare::TYPE_USER,
+            IShare::TYPE_LINK,
+            IShare::TYPE_REMOTE,
+            IShare::TYPE_EMAIL,
+        ];
+
+        foreach ($userIds as $userId) {
+            foreach ($shareTypes as $shareType) {
+                try {
+                    $provider = $this->factory->getProviderForType($shareType);
+                } catch (ProviderException $e) {
+                    continue;
+                }
+
+                if ($node instanceof Folder) {
+                    /* We need to get all shares by this user to get subshares */
+                    $shares = $provider->getSharesBy($userId, $shareType, null, false, -1, 0);
+
+                    foreach ($shares as $share) {
+                        try {
+                            $path = $share->getNode()->getPath();
+                        } catch (NotFoundException) {
+                            /* Ignore share of non-existing node */
+                            continue;
+                        }
+                        if ($node->getRelativePath($path) !== null) {
+                            /* If relative path is not null it means the shared node is the same or in a subfolder */
+                            $reshareRecords[] = $share;
+                        }
+                    }
+                } else {
+                    $shares = $provider->getSharesBy($userId, $shareType, $node, false, -1, 0);
+                    foreach ($shares as $child) {
+                        $reshareRecords[] = $child;
+                    }
+                }
+            }
+        }
+
+        foreach ($reshareRecords as $child) {
+            try {
+                /* Check if the share is still valid (means the resharer still has access to the file through another mean) */
+                $this->generalCreateChecks($child);
+            } catch (GenericShareException $e) {
+                /* The check is invalid, promote it to a direct share from the sharer of parent share */
+                $this->logger->debug('Promote reshare because of exception ' . $e->getMessage(), ['exception' => $e, 'fullId' => $child->getFullId()]);
+                try {
+                    $child->setSharedBy($share->getSharedBy());
+                    $this->updateShare($child);
+                } catch (GenericShareException|\InvalidArgumentException $e) {
+                    $this->logger->warning('Failed to promote reshare because of exception ' . $e->getMessage(), ['exception' => $e, 'fullId' => $child->getFullId()]);
+                }
+            }
+        }
+    }
+
+    /**
+     * Delete a share
+     *
+     * @param IShare $share
+     * @throws ShareNotFound
+     * @throws \InvalidArgumentException
+     */
+    public function deleteShare(IShare $share) {
+        try {
+            $share->getFullId();
+        } catch (\UnexpectedValueException $e) {
+            throw new \InvalidArgumentException($this->l->t('Share does not have a full ID'));
+        }
+
+        $this->dispatchEvent(new BeforeShareDeletedEvent($share), 'before share deleted');
+
+        // Get all children and delete them as well
+        $this->deleteChildren($share);
+
+        // Do the actual delete
+        $provider = $this->factory->getProviderForType($share->getShareType());
+        $provider->delete($share);
+
+        $this->dispatchEvent(new ShareDeletedEvent($share), 'share deleted');
+
+        // Promote reshares of the deleted share
+        $this->promoteReshares($share);
+    }
+
+
+    /**
+     * Unshare a file as the recipient.
+     * This can be different from a regular delete for example when one of
+     * the users in a groups deletes that share. But the provider should
+     * handle this.
+     *
+     * @param IShare $share
+     * @param string $recipientId
+     */
+    public function deleteFromSelf(IShare $share, $recipientId) {
+        [$providerId,] = $this->splitFullId($share->getFullId());
+        $provider = $this->factory->getProvider($providerId);
+
+        $provider->deleteFromSelf($share, $recipientId);
+        $event = new ShareDeletedFromSelfEvent($share);
+        $this->dispatchEvent($event, 'leave share');
+    }
+
+    public function restoreShare(IShare $share, string $recipientId): IShare {
+        [$providerId,] = $this->splitFullId($share->getFullId());
+        $provider = $this->factory->getProvider($providerId);
+
+        return $provider->restore($share, $recipientId);
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function moveShare(IShare $share, $recipientId) {
+        if ($share->getShareType() === IShare::TYPE_LINK
+            || $share->getShareType() === IShare::TYPE_EMAIL) {
+            throw new \InvalidArgumentException($this->l->t('Cannot change target of link share'));
+        }
+
+        if ($share->getShareType() === IShare::TYPE_USER && $share->getSharedWith() !== $recipientId) {
+            throw new \InvalidArgumentException($this->l->t('Invalid share recipient'));
+        }
+
+        if ($share->getShareType() === IShare::TYPE_GROUP) {
+            $sharedWith = $this->groupManager->get($share->getSharedWith());
+            if (is_null($sharedWith)) {
+                throw new \InvalidArgumentException($this->l->t('Group "%s" does not exist', [$share->getSharedWith()]));
+            }
+            $recipient = $this->userManager->get($recipientId);
+            if (!$sharedWith->inGroup($recipient)) {
+                throw new \InvalidArgumentException($this->l->t('Invalid share recipient'));
+            }
+        }
+
+        [$providerId,] = $this->splitFullId($share->getFullId());
+        $provider = $this->factory->getProvider($providerId);
+
+        return $provider->move($share, $recipientId);
+    }
+
+    public function getSharesInFolder($userId, Folder $node, $reshares = false, $shallow = true) {
+        $providers = $this->factory->getAllProviders();
+        if (!$shallow) {
+            throw new \Exception('non-shallow getSharesInFolder is no longer supported');
+        }
+
+        $isOwnerless = $node->getMountPoint() instanceof IShareOwnerlessMount;
+
+        $shares = [];
+        foreach ($providers as $provider) {
+            if ($isOwnerless) {
+                // If the provider does not implement the additional interface,
+                // we lack a performant way of querying all shares and therefore ignore the provider.
+                if ($provider instanceof IShareProviderSupportsAllSharesInFolder) {
+                    foreach ($provider->getAllSharesInFolder($node) as $fid => $data) {
+                        $shares[$fid] ??= [];
+                        $shares[$fid] = array_merge($shares[$fid], $data);
+                    }
+                }
+            } else {
+                foreach ($provider->getSharesInFolder($userId, $node, $reshares) as $fid => $data) {
+                    $shares[$fid] ??= [];
+                    $shares[$fid] = array_merge($shares[$fid], $data);
+                }
+            }
+        }
+
+        return $shares;
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function getSharesBy($userId, $shareType, $path = null, $reshares = false, $limit = 50, $offset = 0, bool $onlyValid = true) {
+        if ($path !== null
+            && !($path instanceof \OCP\Files\File)
+            && !($path instanceof \OCP\Files\Folder)) {
+            throw new \InvalidArgumentException($this->l->t('Invalid path'));
+        }
+
+        try {
+            $provider = $this->factory->getProviderForType($shareType);
+        } catch (ProviderException $e) {
+            return [];
+        }
+
+        if ($path?->getMountPoint() instanceof IShareOwnerlessMount) {
+            $shares = array_filter($provider->getSharesByPath($path), static fn (IShare $share) => $share->getShareType() === $shareType);
+        } else {
+            $shares = $provider->getSharesBy($userId, $shareType, $path, $reshares, $limit, $offset);
+        }
+
+        /*
 		 * Work around so we don't return expired shares but still follow
 		 * proper pagination.
 		 */
 
-		$shares2 = [];
-
-		while (true) {
-			$added = 0;
-			foreach ($shares as $share) {
-				if ($onlyValid) {
-					try {
-						$this->checkShare($share);
-					} catch (ShareNotFound $e) {
-						// Ignore since this basically means the share is deleted
-						continue;
-					}
-				}
-
-				$added++;
-				$shares2[] = $share;
-
-				if (count($shares2) === $limit) {
-					break;
-				}
-			}
-
-			// If we did not fetch more shares than the limit then there are no more shares
-			if (count($shares) < $limit) {
-				break;
-			}
-
-			if (count($shares2) === $limit) {
-				break;
-			}
-
-			// If there was no limit on the select we are done
-			if ($limit === -1) {
-				break;
-			}
-
-			$offset += $added;
-
-			// Fetch again $limit shares
-			if ($path?->getMountPoint() instanceof IShareOwnerlessMount) {
-				// We already fetched all shares, so end here
-				$shares = [];
-			} else {
-				$shares = $provider->getSharesBy($userId, $shareType, $path, $reshares, $limit, $offset);
-			}
-
-			// No more shares means we are done
-			if (empty($shares)) {
-				break;
-			}
-		}
-
-		$shares = $shares2;
-
-		return $shares;
-	}
-
-	/**
-	 * @inheritdoc
-	 */
-	public function getSharedWith($userId, $shareType, $node = null, $limit = 50, $offset = 0) {
-		try {
-			$provider = $this->factory->getProviderForType($shareType);
-		} catch (ProviderException $e) {
-			return [];
-		}
-
-		$shares = $provider->getSharedWith($userId, $shareType, $node, $limit, $offset);
-
-		// remove all shares which are already expired
-		foreach ($shares as $key => $share) {
-			try {
-				$this->checkShare($share);
-			} catch (ShareNotFound $e) {
-				unset($shares[$key]);
-			}
-		}
-
-		return $shares;
-	}
-
-	/**
-	 * @inheritdoc
-	 */
-	public function getDeletedSharedWith($userId, $shareType, $node = null, $limit = 50, $offset = 0) {
-		$shares = $this->getSharedWith($userId, $shareType, $node, $limit, $offset);
-
-		// Only get deleted shares
-		$shares = array_filter($shares, function (IShare $share) {
-			return $share->getPermissions() === 0;
-		});
-
-		// Only get shares where the owner still exists
-		$shares = array_filter($shares, function (IShare $share) {
-			return $this->userManager->userExists($share->getShareOwner());
-		});
-
-		return $shares;
-	}
-
-	/**
-	 * @inheritdoc
-	 */
-	public function getShareById($id, $recipient = null, bool $onlyValid = true) {
-		if ($id === null) {
-			throw new ShareNotFound();
-		}
-
-		[$providerId, $id] = $this->splitFullId($id);
-
-		try {
-			$provider = $this->factory->getProvider($providerId);
-		} catch (ProviderException $e) {
-			throw new ShareNotFound();
-		}
-
-		$share = $provider->getShareById($id, $recipient);
-
-		if ($onlyValid) {
-			$this->checkShare($share);
-		}
-
-		return $share;
-	}
-
-	/**
-	 * Get all the shares for a given path
-	 *
-	 * @param \OCP\Files\Node $path
-	 * @param int $page
-	 * @param int $perPage
-	 *
-	 * @return Share[]
-	 */
-	public function getSharesByPath(\OCP\Files\Node $path, $page = 0, $perPage = 50) {
-		return [];
-	}
-
-	/**
-	 * Get the share by token possible with password
-	 *
-	 * @param string $token
-	 * @return IShare
-	 *
-	 * @throws ShareNotFound
-	 */
-	public function getShareByToken($token) {
-		// tokens cannot be valid local user names
-		if ($this->userManager->userExists($token)) {
-			throw new ShareNotFound();
-		}
-		$share = null;
-		try {
-			if ($this->config->getAppValue('core', 'shareapi_allow_links', 'yes') === 'yes') {
-				$provider = $this->factory->getProviderForType(IShare::TYPE_LINK);
-				$share = $provider->getShareByToken($token);
-			}
-		} catch (ProviderException $e) {
-		} catch (ShareNotFound $e) {
-		}
-
-
-		// If it is not a link share try to fetch a federated share by token
-		if ($share === null) {
-			try {
-				$provider = $this->factory->getProviderForType(IShare::TYPE_REMOTE);
-				$share = $provider->getShareByToken($token);
-			} catch (ProviderException $e) {
-			} catch (ShareNotFound $e) {
-			}
-		}
-
-		// If it is not a link share try to fetch a mail share by token
-		if ($share === null && $this->shareProviderExists(IShare::TYPE_EMAIL)) {
-			try {
-				$provider = $this->factory->getProviderForType(IShare::TYPE_EMAIL);
-				$share = $provider->getShareByToken($token);
-			} catch (ProviderException $e) {
-			} catch (ShareNotFound $e) {
-			}
-		}
-
-		if ($share === null && $this->shareProviderExists(IShare::TYPE_CIRCLE)) {
-			try {
-				$provider = $this->factory->getProviderForType(IShare::TYPE_CIRCLE);
-				$share = $provider->getShareByToken($token);
-			} catch (ProviderException $e) {
-			} catch (ShareNotFound $e) {
-			}
-		}
-
-		if ($share === null && $this->shareProviderExists(IShare::TYPE_ROOM)) {
-			try {
-				$provider = $this->factory->getProviderForType(IShare::TYPE_ROOM);
-				$share = $provider->getShareByToken($token);
-			} catch (ProviderException $e) {
-			} catch (ShareNotFound $e) {
-			}
-		}
-
-		if ($share === null) {
-			throw new ShareNotFound($this->l->t('The requested share does not exist anymore'));
-		}
-
-		$this->checkShare($share);
-
-		/*
+        $shares2 = [];
+
+        while (true) {
+            $added = 0;
+            foreach ($shares as $share) {
+                if ($onlyValid) {
+                    try {
+                        $this->checkShare($share);
+                    } catch (ShareNotFound $e) {
+                        // Ignore since this basically means the share is deleted
+                        continue;
+                    }
+                }
+
+                $added++;
+                $shares2[] = $share;
+
+                if (count($shares2) === $limit) {
+                    break;
+                }
+            }
+
+            // If we did not fetch more shares than the limit then there are no more shares
+            if (count($shares) < $limit) {
+                break;
+            }
+
+            if (count($shares2) === $limit) {
+                break;
+            }
+
+            // If there was no limit on the select we are done
+            if ($limit === -1) {
+                break;
+            }
+
+            $offset += $added;
+
+            // Fetch again $limit shares
+            if ($path?->getMountPoint() instanceof IShareOwnerlessMount) {
+                // We already fetched all shares, so end here
+                $shares = [];
+            } else {
+                $shares = $provider->getSharesBy($userId, $shareType, $path, $reshares, $limit, $offset);
+            }
+
+            // No more shares means we are done
+            if (empty($shares)) {
+                break;
+            }
+        }
+
+        $shares = $shares2;
+
+        return $shares;
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function getSharedWith($userId, $shareType, $node = null, $limit = 50, $offset = 0) {
+        try {
+            $provider = $this->factory->getProviderForType($shareType);
+        } catch (ProviderException $e) {
+            return [];
+        }
+
+        $shares = $provider->getSharedWith($userId, $shareType, $node, $limit, $offset);
+
+        // remove all shares which are already expired
+        foreach ($shares as $key => $share) {
+            try {
+                $this->checkShare($share);
+            } catch (ShareNotFound $e) {
+                unset($shares[$key]);
+            }
+        }
+
+        return $shares;
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function getDeletedSharedWith($userId, $shareType, $node = null, $limit = 50, $offset = 0) {
+        $shares = $this->getSharedWith($userId, $shareType, $node, $limit, $offset);
+
+        // Only get deleted shares
+        $shares = array_filter($shares, function (IShare $share) {
+            return $share->getPermissions() === 0;
+        });
+
+        // Only get shares where the owner still exists
+        $shares = array_filter($shares, function (IShare $share) {
+            return $this->userManager->userExists($share->getShareOwner());
+        });
+
+        return $shares;
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function getShareById($id, $recipient = null, bool $onlyValid = true) {
+        if ($id === null) {
+            throw new ShareNotFound();
+        }
+
+        [$providerId, $id] = $this->splitFullId($id);
+
+        try {
+            $provider = $this->factory->getProvider($providerId);
+        } catch (ProviderException $e) {
+            throw new ShareNotFound();
+        }
+
+        $share = $provider->getShareById($id, $recipient);
+
+        if ($onlyValid) {
+            $this->checkShare($share);
+        }
+
+        return $share;
+    }
+
+    /**
+     * Get all the shares for a given path
+     *
+     * @param \OCP\Files\Node $path
+     * @param int $page
+     * @param int $perPage
+     *
+     * @return Share[]
+     */
+    public function getSharesByPath(\OCP\Files\Node $path, $page = 0, $perPage = 50) {
+        return [];
+    }
+
+    /**
+     * Get the share by token possible with password
+     *
+     * @param string $token
+     * @return IShare
+     *
+     * @throws ShareNotFound
+     */
+    public function getShareByToken($token) {
+        // tokens cannot be valid local user names
+        if ($this->userManager->userExists($token)) {
+            throw new ShareNotFound();
+        }
+        $share = null;
+        try {
+            if ($this->config->getAppValue('core', 'shareapi_allow_links', 'yes') === 'yes') {
+                $provider = $this->factory->getProviderForType(IShare::TYPE_LINK);
+                $share = $provider->getShareByToken($token);
+            }
+        } catch (ProviderException $e) {
+        } catch (ShareNotFound $e) {
+        }
+
+
+        // If it is not a link share try to fetch a federated share by token
+        if ($share === null) {
+            try {
+                $provider = $this->factory->getProviderForType(IShare::TYPE_REMOTE);
+                $share = $provider->getShareByToken($token);
+            } catch (ProviderException $e) {
+            } catch (ShareNotFound $e) {
+            }
+        }
+
+        // If it is not a link share try to fetch a mail share by token
+        if ($share === null && $this->shareProviderExists(IShare::TYPE_EMAIL)) {
+            try {
+                $provider = $this->factory->getProviderForType(IShare::TYPE_EMAIL);
+                $share = $provider->getShareByToken($token);
+            } catch (ProviderException $e) {
+            } catch (ShareNotFound $e) {
+            }
+        }
+
+        if ($share === null && $this->shareProviderExists(IShare::TYPE_CIRCLE)) {
+            try {
+                $provider = $this->factory->getProviderForType(IShare::TYPE_CIRCLE);
+                $share = $provider->getShareByToken($token);
+            } catch (ProviderException $e) {
+            } catch (ShareNotFound $e) {
+            }
+        }
+
+        if ($share === null && $this->shareProviderExists(IShare::TYPE_ROOM)) {
+            try {
+                $provider = $this->factory->getProviderForType(IShare::TYPE_ROOM);
+                $share = $provider->getShareByToken($token);
+            } catch (ProviderException $e) {
+            } catch (ShareNotFound $e) {
+            }
+        }
+
+        if ($share === null) {
+            throw new ShareNotFound($this->l->t('The requested share does not exist anymore'));
+        }
+
+        $this->checkShare($share);
+
+        /*
 		 * Reduce the permissions for link or email shares if public upload is not enabled
 		 */
-		if (($share->getShareType() === IShare::TYPE_LINK || $share->getShareType() === IShare::TYPE_EMAIL)
-			&& $share->getNodeType() === 'folder' && !$this->shareApiLinkAllowPublicUpload()) {
-			$share->setPermissions($share->getPermissions() & ~(\OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE));
-		}
-
-		return $share;
-	}
-
-	/**
-	 * Check expire date and disabled owner
-	 *
-	 * @throws ShareNotFound
-	 */
-	protected function checkShare(IShare $share): void {
-		if ($share->isExpired()) {
-			$this->deleteShare($share);
-			throw new ShareNotFound($this->l->t('The requested share does not exist anymore'));
-		}
-		if ($this->config->getAppValue('files_sharing', 'hide_disabled_user_shares', 'no') === 'yes') {
-			$uids = array_unique([$share->getShareOwner(),$share->getSharedBy()]);
-			foreach ($uids as $uid) {
-				$user = $this->userManager->get($uid);
-				if ($user?->isEnabled() === false) {
-					throw new ShareNotFound($this->l->t('The requested share comes from a disabled user'));
-				}
-			}
-		}
-
-		// For link and email shares, verify the share owner can still create such shares
-		if ($share->getShareType() === IShare::TYPE_LINK || $share->getShareType() === IShare::TYPE_EMAIL) {
-			$shareOwner = $this->userManager->get($share->getShareOwner());
-			if ($shareOwner === null) {
-				throw new ShareNotFound($this->l->t('The requested share does not exist anymore'));
-			}
-			if (!$this->userCanCreateLinkShares($shareOwner)) {
-				throw new ShareNotFound($this->l->t('The requested share does not exist anymore'));
-			}
-		}
-	}
-
-	/**
-	 * Verify the password of a public share
-	 *
-	 * @param IShare $share
-	 * @param ?string $password
-	 * @return bool
-	 */
-	public function checkPassword(IShare $share, $password) {
-
-		// if there is no password on the share object / passsword is null, there is nothing to check
-		if ($password === null || $share->getPassword() === null) {
-			return false;
-		}
-
-		// Makes sure password hasn't expired
-		$expirationTime = $share->getPasswordExpirationTime();
-		if ($expirationTime !== null && $expirationTime < new \DateTime()) {
-			return false;
-		}
-
-		$newHash = '';
-		if (!$this->hasher->verify($password, $share->getPassword(), $newHash)) {
-			return false;
-		}
-
-		if (!empty($newHash)) {
-			$share->setPassword($newHash);
-			$provider = $this->factory->getProviderForType($share->getShareType());
-			$provider->update($share);
-		}
-
-		return true;
-	}
-
-	/**
-	 * @inheritdoc
-	 */
-	public function userDeleted($uid) {
-		$types = [IShare::TYPE_USER, IShare::TYPE_GROUP, IShare::TYPE_LINK, IShare::TYPE_REMOTE, IShare::TYPE_EMAIL];
-
-		foreach ($types as $type) {
-			try {
-				$provider = $this->factory->getProviderForType($type);
-			} catch (ProviderException $e) {
-				continue;
-			}
-			$provider->userDeleted($uid, $type);
-		}
-	}
-
-	/**
-	 * @inheritdoc
-	 */
-	public function groupDeleted($gid) {
-		foreach ([IShare::TYPE_GROUP, IShare::TYPE_REMOTE_GROUP] as $type) {
-			try {
-				$provider = $this->factory->getProviderForType($type);
-			} catch (ProviderException $e) {
-				continue;
-			}
-			$provider->groupDeleted($gid);
-		}
-
-		$excludedGroups = $this->config->getAppValue('core', 'shareapi_exclude_groups_list', '');
-		if ($excludedGroups === '') {
-			return;
-		}
-
-		$excludedGroups = json_decode($excludedGroups, true);
-		if (json_last_error() !== JSON_ERROR_NONE) {
-			return;
-		}
-
-		$excludedGroups = array_diff($excludedGroups, [$gid]);
-		$this->config->setAppValue('core', 'shareapi_exclude_groups_list', json_encode($excludedGroups));
-	}
-
-	/**
-	 * @inheritdoc
-	 */
-	public function userDeletedFromGroup($uid, $gid) {
-		foreach ([IShare::TYPE_GROUP, IShare::TYPE_REMOTE_GROUP] as $type) {
-			try {
-				$provider = $this->factory->getProviderForType($type);
-			} catch (ProviderException $e) {
-				continue;
-			}
-			$provider->userDeletedFromGroup($uid, $gid);
-		}
-	}
-
-	#[\Override]
-	public function getAccessList(\OCP\Files\Node $path, $recursive = true, $currentAccess = false) {
-		$owner = $path->getOwner();
-
-		if ($owner === null) {
-			return [];
-		}
-
-		$owner = $owner->getUID();
-
-		if ($currentAccess) {
-			$al = ['users' => [], 'remote' => [], 'public' => false, 'mail' => []];
-		} else {
-			$al = ['users' => [], 'remote' => false, 'public' => false, 'mail' => []];
-		}
-		if (!$this->userManager->userExists($owner)) {
-			return $al;
-		}
-
-		//Get node for the owner and correct the owner in case of external storage
-		$userFolder = $this->rootFolder->getUserFolder($owner);
-		if ($path->getId() !== $userFolder->getId() && !$userFolder->isSubNode($path)) {
-			$path = $userFolder->getFirstNodeById($path->getId());
-			if ($path === null || $path->getOwner() === null) {
-				return [];
-			}
-			$owner = $path->getOwner()->getUID();
-		}
-
-		$providers = $this->factory->getAllProviders();
-
-		/** @var Node[] $nodes */
-		$nodes = [];
-
-
-		if ($currentAccess) {
-			$ownerPath = $path->getPath();
-			$ownerPath = explode('/', $ownerPath, 4);
-			if (count($ownerPath) < 4) {
-				$ownerPath = '';
-			} else {
-				$ownerPath = $ownerPath[3];
-			}
-			$al['users'][$owner] = [
-				'node_id' => $path->getId(),
-				'node_path' => '/' . $ownerPath,
-			];
-		} else {
-			$al['users'][] = $owner;
-		}
-
-		// Collect all the shares
-		while ($path->getPath() !== $userFolder->getPath()) {
-			$nodes[] = $path;
-			if (!$recursive) {
-				break;
-			}
-			$path = $path->getParent();
-		}
-
-		foreach ($providers as $provider) {
-			$tmp = $provider->getAccessList($nodes, $currentAccess);
-
-			foreach ($tmp as $k => $v) {
-				if (isset($al[$k])) {
-					if (is_array($al[$k])) {
-						if ($currentAccess) {
-							$al[$k] += $v;
-						} else {
-							$al[$k] = array_merge($al[$k], $v);
-							$al[$k] = array_unique($al[$k]);
-							$al[$k] = array_values($al[$k]);
-						}
-					} else {
-						$al[$k] = $al[$k] || $v;
-					}
-				} else {
-					$al[$k] = $v;
-				}
-			}
-		}
-
-		return $al;
-	}
-
-	/**
-	 * Create a new share
-	 *
-	 * @return IShare
-	 */
-	public function newShare() {
-		return new \OC\Share20\Share($this->rootFolder, $this->userManager);
-	}
-
-	/**
-	 * Is the share API enabled
-	 *
-	 * @return bool
-	 */
-	public function shareApiEnabled() {
-		return $this->config->getAppValue('core', 'shareapi_enabled', 'yes') === 'yes';
-	}
-
-	/**
-	 * Is public link sharing enabled
-	 *
-	 * @param ?IUser $user User to check against group exclusions, defaults to current session user
-	 * @return bool
-	 */
-	public function shareApiAllowLinks(?IUser $user = null) {
-		if ($this->config->getAppValue('core', 'shareapi_allow_links', 'yes') !== 'yes') {
-			return false;
-		}
-
-		$user = $user ?? $this->userSession->getUser();
-		if ($user) {
-			$excludedGroups = json_decode($this->config->getAppValue('core', 'shareapi_allow_links_exclude_groups', '[]'));
-			if ($excludedGroups) {
-				$userGroups = $this->groupManager->getUserGroupIds($user);
-				return !(bool)array_intersect($excludedGroups, $userGroups);
-			}
-		}
-
-		return true;
-	}
-
-	/**
-	 * Check if a specific user can create link shares
-	 *
-	 * @param IUser $user The user to check
-	 * @return bool
-	 */
-	protected function userCanCreateLinkShares(IUser $user): bool {
-		return $this->shareApiAllowLinks($user);
-	}
-
-	/**
-	 * Is password on public link requires
-	 *
-	 * @param bool Check group membership exclusion
-	 * @return bool
-	 */
-	public function shareApiLinkEnforcePassword(bool $checkGroupMembership = true) {
-		$excludedGroups = $this->config->getAppValue('core', 'shareapi_enforce_links_password_excluded_groups', '');
-		if ($excludedGroups !== '' && $checkGroupMembership) {
-			$excludedGroups = json_decode($excludedGroups);
-			$user = $this->userSession->getUser();
-			if ($user) {
-				$userGroups = $this->groupManager->getUserGroupIds($user);
-				if ((bool)array_intersect($excludedGroups, $userGroups)) {
-					return false;
-				}
-			}
-		}
-		return $this->appConfig->getValueBool('core', ConfigLexicon::SHARE_LINK_PASSWORD_ENFORCED);
-	}
-
-	/**
-	 * Is default link expire date enabled
-	 *
-	 * @return bool
-	 */
-	public function shareApiLinkDefaultExpireDate() {
-		return $this->appConfig->getValueBool('core', ConfigLexicon::SHARE_LINK_EXPIRE_DATE_DEFAULT);
-	}
-
-	/**
-	 * Is default link expire date enforced
-	 *
-	 * @return bool
-	 */
-	public function shareApiLinkDefaultExpireDateEnforced() {
-		return $this->shareApiLinkDefaultExpireDate()
-			&& $this->appConfig->getValueBool('core', ConfigLexicon::SHARE_LINK_EXPIRE_DATE_ENFORCED);
-	}
-
-
-	/**
-	 * Number of default link expire days
-	 *
-	 * @return int
-	 */
-	public function shareApiLinkDefaultExpireDays() {
-		return (int)$this->config->getAppValue('core', 'shareapi_expire_after_n_days', '7');
-	}
-
-	/**
-	 * Is default internal expire date enabled
-	 *
-	 * @return bool
-	 */
-	public function shareApiInternalDefaultExpireDate(): bool {
-		return $this->config->getAppValue('core', 'shareapi_default_internal_expire_date', 'no') === 'yes';
-	}
-
-	/**
-	 * Is default remote expire date enabled
-	 *
-	 * @return bool
-	 */
-	public function shareApiRemoteDefaultExpireDate(): bool {
-		return $this->config->getAppValue('core', 'shareapi_default_remote_expire_date', 'no') === 'yes';
-	}
-
-	/**
-	 * Is default expire date enforced
-	 *
-	 * @return bool
-	 */
-	public function shareApiInternalDefaultExpireDateEnforced(): bool {
-		return $this->shareApiInternalDefaultExpireDate()
-			&& $this->config->getAppValue('core', 'shareapi_enforce_internal_expire_date', 'no') === 'yes';
-	}
-
-	/**
-	 * Is default expire date enforced for remote shares
-	 *
-	 * @return bool
-	 */
-	public function shareApiRemoteDefaultExpireDateEnforced(): bool {
-		return $this->shareApiRemoteDefaultExpireDate()
-			&& $this->config->getAppValue('core', 'shareapi_enforce_remote_expire_date', 'no') === 'yes';
-	}
-
-	/**
-	 * Number of default expire days
-	 *
-	 * @return int
-	 */
-	public function shareApiInternalDefaultExpireDays(): int {
-		return (int)$this->config->getAppValue('core', 'shareapi_internal_expire_after_n_days', '7');
-	}
-
-	/**
-	 * Number of default expire days for remote shares
-	 *
-	 * @return int
-	 */
-	public function shareApiRemoteDefaultExpireDays(): int {
-		return (int)$this->config->getAppValue('core', 'shareapi_remote_expire_after_n_days', '7');
-	}
-
-	/**
-	 * Allow public upload on link shares
-	 *
-	 * @return bool
-	 */
-	public function shareApiLinkAllowPublicUpload() {
-		return $this->config->getAppValue('core', 'shareapi_allow_public_upload', 'yes') === 'yes';
-	}
-
-	/**
-	 * check if user can only share with group members
-	 *
-	 * @return bool
-	 */
-	public function shareWithGroupMembersOnly() {
-		return $this->config->getAppValue('core', 'shareapi_only_share_with_group_members', 'no') === 'yes';
-	}
-
-	/**
-	 * If shareWithGroupMembersOnly is enabled, return an optional
-	 * list of groups that must be excluded from the principle of
-	 * belonging to the same group.
-	 *
-	 * @return array
-	 */
-	public function shareWithGroupMembersOnlyExcludeGroupsList() {
-		if (!$this->shareWithGroupMembersOnly()) {
-			return [];
-		}
-		$excludeGroups = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members_exclude_group_list', '');
-		return json_decode($excludeGroups, true) ?? [];
-	}
-
-	/**
-	 * Check if users can share with groups
-	 *
-	 * @return bool
-	 */
-	public function allowGroupSharing() {
-		return $this->config->getAppValue('core', 'shareapi_allow_group_sharing', 'yes') === 'yes';
-	}
-
-	public function allowEnumeration(): bool {
-		return $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') === 'yes';
-	}
-
-	public function limitEnumerationToGroups(): bool {
-		return $this->allowEnumeration()
-			&& $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no') === 'yes';
-	}
-
-	public function limitEnumerationToPhone(): bool {
-		return $this->allowEnumeration()
-			&& $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_phone', 'no') === 'yes';
-	}
-
-	public function allowEnumerationFullMatch(): bool {
-		return $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match', 'yes') === 'yes';
-	}
-
-	public function matchEmail(): bool {
-		return $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_email', 'yes') === 'yes';
-	}
-
-	public function matchUserId(): bool {
-		return $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_user_id', 'yes') === 'yes';
-	}
-
-	public function ignoreSecondDisplayName(): bool {
-		return $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_dn', 'no') === 'yes';
-	}
-
-	public function allowCustomTokens(): bool {
-		return $this->appConfig->getValueBool('core', ConfigLexicon::SHARE_CUSTOM_TOKEN);
-	}
-
-	public function allowViewWithoutDownload(): bool {
-		return $this->appConfig->getValueBool('core', 'shareapi_allow_view_without_download', true);
-	}
-
-	public function currentUserCanEnumerateTargetUser(?IUser $currentUser, IUser $targetUser): bool {
-		if ($this->allowEnumerationFullMatch()) {
-			return true;
-		}
-
-		if (!$this->allowEnumeration()) {
-			return false;
-		}
-
-		if (!$this->limitEnumerationToPhone() && !$this->limitEnumerationToGroups()) {
-			// Enumeration is enabled and not restricted: OK
-			return true;
-		}
-
-		if (!$currentUser instanceof IUser) {
-			// Enumeration restrictions require an account
-			return false;
-		}
-
-		// Enumeration is limited to phone match
-		if ($this->limitEnumerationToPhone() && $this->knownUserService->isKnownToUser($currentUser->getUID(), $targetUser->getUID())) {
-			return true;
-		}
-
-		// Enumeration is limited to groups
-		if ($this->limitEnumerationToGroups()) {
-			$currentUserGroupIds = $this->groupManager->getUserGroupIds($currentUser);
-			$targetUserGroupIds = $this->groupManager->getUserGroupIds($targetUser);
-			if (!empty(array_intersect($currentUserGroupIds, $targetUserGroupIds))) {
-				return true;
-			}
-		}
-
-		return false;
-	}
-
-	/**
-	 * Check if sharing is disabled for the current user
-	 */
-	public function sharingDisabledForUser(?string $userId): bool {
-		return $this->shareDisableChecker->sharingDisabledForUser($userId);
-	}
-
-	/**
-	 * @inheritdoc
-	 */
-	public function outgoingServer2ServerSharesAllowed() {
-		return $this->config->getAppValue('files_sharing', 'outgoing_server2server_share_enabled', 'yes') === 'yes';
-	}
-
-	/**
-	 * @inheritdoc
-	 */
-	public function outgoingServer2ServerGroupSharesAllowed() {
-		return $this->config->getAppValue('files_sharing', 'outgoing_server2server_group_share_enabled', 'no') === 'yes';
-	}
-
-	/**
-	 * @inheritdoc
-	 */
-	public function shareProviderExists($shareType) {
-		try {
-			$this->factory->getProviderForType($shareType);
-		} catch (ProviderException $e) {
-			return false;
-		}
-
-		return true;
-	}
-
-	public function registerShareProvider(string $shareProviderClass): void {
-		$this->factory->registerProvider($shareProviderClass);
-	}
-
-	public function getAllShares(): iterable {
-		$providers = $this->factory->getAllProviders();
-
-		foreach ($providers as $provider) {
-			yield from $provider->getAllShares();
-		}
-	}
-
-	public function generateToken(): string {
-		// Initial token length
-		$tokenLength = \OC\Share\Helper::getTokenLength();
-
-		do {
-			$tokenExists = false;
-
-			for ($i = 0; $i <= 2; $i++) {
-				// Generate a new token
-				$token = $this->secureRandom->generate(
-					$tokenLength,
-					ISecureRandom::CHAR_HUMAN_READABLE,
-				);
-
-				try {
-					// Try to fetch a share with the generated token
-					$this->getShareByToken($token);
-					$tokenExists = true; // Token exists, we need to try again
-				} catch (ShareNotFound $e) {
-					// Token is unique, exit the loop
-					$tokenExists = false;
-					break;
-				}
-			}
-
-			// If we've reached the maximum attempts and the token still exists, increase the token length
-			if ($tokenExists) {
-				$tokenLength++;
-
-				// Check if the token length exceeds the maximum allowed length
-				if ($tokenLength > \OC\Share\Constants::MAX_TOKEN_LENGTH) {
-					throw new ShareTokenException('Unable to generate a unique share token. Maximum token length exceeded.');
-				}
-			}
-		} while ($tokenExists);
-
-		return $token;
-	}
-
-	private function dispatchEvent(Event $event, string $name): void {
-		try {
-			$this->dispatcher->dispatchTyped($event);
-		} catch (\Exception $e) {
-			$this->logger->error("Error while sending ' . $name . ' event", ['exception' => $e]);
-		}
-	}
+        if (($share->getShareType() === IShare::TYPE_LINK || $share->getShareType() === IShare::TYPE_EMAIL)
+            && $share->getNodeType() === 'folder' && !$this->shareApiLinkAllowPublicUpload()) {
+            $share->setPermissions($share->getPermissions() & ~(\OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE));
+        }
+
+        return $share;
+    }
+
+    /**
+     * Check expire date and disabled owner
+     *
+     * @throws ShareNotFound
+     */
+    protected function checkShare(IShare $share): void {
+        if ($share->isExpired()) {
+            $this->deleteShare($share);
+            throw new ShareNotFound($this->l->t('The requested share does not exist anymore'));
+        }
+        if ($this->config->getAppValue('files_sharing', 'hide_disabled_user_shares', 'no') === 'yes') {
+            $uids = array_unique([$share->getShareOwner(),$share->getSharedBy()]);
+            foreach ($uids as $uid) {
+                $user = $this->userManager->get($uid);
+                if ($user?->isEnabled() === false) {
+                    throw new ShareNotFound($this->l->t('The requested share comes from a disabled user'));
+                }
+            }
+        }
+
+        // For link and email shares, verify the share owner can still create such shares
+        if ($share->getShareType() === IShare::TYPE_LINK || $share->getShareType() === IShare::TYPE_EMAIL) {
+            $shareOwner = $this->userManager->get($share->getShareOwner());
+            if ($shareOwner === null) {
+                throw new ShareNotFound($this->l->t('The requested share does not exist anymore'));
+            }
+            if (!$this->userCanCreateLinkShares($shareOwner)) {
+                throw new ShareNotFound($this->l->t('The requested share does not exist anymore'));
+            }
+        }
+    }
+
+    /**
+     * Verify the password of a public share
+     *
+     * @param IShare $share
+     * @param ?string $password
+     * @return bool
+     */
+    public function checkPassword(IShare $share, $password) {
+
+        // if there is no password on the share object / passsword is null, there is nothing to check
+        if ($password === null || $share->getPassword() === null) {
+            return false;
+        }
+
+        // Makes sure password hasn't expired
+        $expirationTime = $share->getPasswordExpirationTime();
+        if ($expirationTime !== null && $expirationTime < new \DateTime()) {
+            return false;
+        }
+
+        $newHash = '';
+        if (!$this->hasher->verify($password, $share->getPassword(), $newHash)) {
+            return false;
+        }
+
+        if (!empty($newHash)) {
+            $share->setPassword($newHash);
+            $provider = $this->factory->getProviderForType($share->getShareType());
+            $provider->update($share);
+        }
+
+        return true;
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function userDeleted($uid) {
+        $types = [IShare::TYPE_USER, IShare::TYPE_GROUP, IShare::TYPE_LINK, IShare::TYPE_REMOTE, IShare::TYPE_EMAIL];
+
+        foreach ($types as $type) {
+            try {
+                $provider = $this->factory->getProviderForType($type);
+            } catch (ProviderException $e) {
+                continue;
+            }
+            $provider->userDeleted($uid, $type);
+        }
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function groupDeleted($gid) {
+        foreach ([IShare::TYPE_GROUP, IShare::TYPE_REMOTE_GROUP] as $type) {
+            try {
+                $provider = $this->factory->getProviderForType($type);
+            } catch (ProviderException $e) {
+                continue;
+            }
+            $provider->groupDeleted($gid);
+        }
+
+        $excludedGroups = $this->config->getAppValue('core', 'shareapi_exclude_groups_list', '');
+        if ($excludedGroups === '') {
+            return;
+        }
+
+        $excludedGroups = json_decode($excludedGroups, true);
+        if (json_last_error() !== JSON_ERROR_NONE) {
+            return;
+        }
+
+        $excludedGroups = array_diff($excludedGroups, [$gid]);
+        $this->config->setAppValue('core', 'shareapi_exclude_groups_list', json_encode($excludedGroups));
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function userDeletedFromGroup($uid, $gid) {
+        foreach ([IShare::TYPE_GROUP, IShare::TYPE_REMOTE_GROUP] as $type) {
+            try {
+                $provider = $this->factory->getProviderForType($type);
+            } catch (ProviderException $e) {
+                continue;
+            }
+            $provider->userDeletedFromGroup($uid, $gid);
+        }
+    }
+
+    #[\Override]
+    public function getAccessList(\OCP\Files\Node $path, $recursive = true, $currentAccess = false) {
+        $owner = $path->getOwner();
+
+        if ($owner === null) {
+            return [];
+        }
+
+        $owner = $owner->getUID();
+
+        if ($currentAccess) {
+            $al = ['users' => [], 'remote' => [], 'public' => false, 'mail' => []];
+        } else {
+            $al = ['users' => [], 'remote' => false, 'public' => false, 'mail' => []];
+        }
+        if (!$this->userManager->userExists($owner)) {
+            return $al;
+        }
+
+        //Get node for the owner and correct the owner in case of external storage
+        $userFolder = $this->rootFolder->getUserFolder($owner);
+        if ($path->getId() !== $userFolder->getId() && !$userFolder->isSubNode($path)) {
+            $path = $userFolder->getFirstNodeById($path->getId());
+            if ($path === null || $path->getOwner() === null) {
+                return [];
+            }
+            $owner = $path->getOwner()->getUID();
+        }
+
+        $providers = $this->factory->getAllProviders();
+
+        /** @var Node[] $nodes */
+        $nodes = [];
+
+
+        if ($currentAccess) {
+            $ownerPath = $path->getPath();
+            $ownerPath = explode('/', $ownerPath, 4);
+            if (count($ownerPath) < 4) {
+                $ownerPath = '';
+            } else {
+                $ownerPath = $ownerPath[3];
+            }
+            $al['users'][$owner] = [
+                'node_id' => $path->getId(),
+                'node_path' => '/' . $ownerPath,
+            ];
+        } else {
+            $al['users'][] = $owner;
+        }
+
+        // Collect all the shares
+        while ($path->getPath() !== $userFolder->getPath()) {
+            $nodes[] = $path;
+            if (!$recursive) {
+                break;
+            }
+            $path = $path->getParent();
+        }
+
+        foreach ($providers as $provider) {
+            $tmp = $provider->getAccessList($nodes, $currentAccess);
+
+            foreach ($tmp as $k => $v) {
+                if (isset($al[$k])) {
+                    if (is_array($al[$k])) {
+                        if ($currentAccess) {
+                            $al[$k] += $v;
+                        } else {
+                            $al[$k] = array_merge($al[$k], $v);
+                            $al[$k] = array_unique($al[$k]);
+                            $al[$k] = array_values($al[$k]);
+                        }
+                    } else {
+                        $al[$k] = $al[$k] || $v;
+                    }
+                } else {
+                    $al[$k] = $v;
+                }
+            }
+        }
+
+        return $al;
+    }
+
+    /**
+     * Create a new share
+     *
+     * @return IShare
+     */
+    public function newShare() {
+        return new \OC\Share20\Share($this->rootFolder, $this->userManager);
+    }
+
+    /**
+     * Is the share API enabled
+     *
+     * @return bool
+     */
+    public function shareApiEnabled() {
+        return $this->config->getAppValue('core', 'shareapi_enabled', 'yes') === 'yes';
+    }
+
+    /**
+     * Is public link sharing enabled
+     *
+     * @param ?IUser $user User to check against group exclusions, defaults to current session user
+     * @return bool
+     */
+    public function shareApiAllowLinks(?IUser $user = null) {
+        if ($this->config->getAppValue('core', 'shareapi_allow_links', 'yes') !== 'yes') {
+            return false;
+        }
+
+        $user = $user ?? $this->userSession->getUser();
+        if ($user) {
+            $excludedGroups = json_decode($this->config->getAppValue('core', 'shareapi_allow_links_exclude_groups', '[]'));
+            if ($excludedGroups) {
+                $userGroups = $this->groupManager->getUserGroupIds($user);
+                return !(bool)array_intersect($excludedGroups, $userGroups);
+            }
+        }
+
+        return true;
+    }
+
+    /**
+     * Check if a specific user can create link shares
+     *
+     * @param IUser $user The user to check
+     * @return bool
+     */
+    protected function userCanCreateLinkShares(IUser $user): bool {
+        return $this->shareApiAllowLinks($user);
+    }
+
+    /**
+     * Is password on public link requires
+     *
+     * @param bool Check group membership exclusion
+     * @return bool
+     */
+    public function shareApiLinkEnforcePassword(bool $checkGroupMembership = true) {
+        $excludedGroups = $this->config->getAppValue('core', 'shareapi_enforce_links_password_excluded_groups', '');
+        if ($excludedGroups !== '' && $checkGroupMembership) {
+            $excludedGroups = json_decode($excludedGroups);
+            $user = $this->userSession->getUser();
+            if ($user) {
+                $userGroups = $this->groupManager->getUserGroupIds($user);
+                if ((bool)array_intersect($excludedGroups, $userGroups)) {
+                    return false;
+                }
+            }
+        }
+        return $this->appConfig->getValueBool('core', ConfigLexicon::SHARE_LINK_PASSWORD_ENFORCED);
+    }
+
+    /**
+     * Is default link expire date enabled
+     *
+     * @return bool
+     */
+    public function shareApiLinkDefaultExpireDate() {
+        return $this->appConfig->getValueBool('core', ConfigLexicon::SHARE_LINK_EXPIRE_DATE_DEFAULT);
+    }
+
+    /**
+     * Is default link expire date enforced
+     *
+     * @return bool
+     */
+    public function shareApiLinkDefaultExpireDateEnforced() {
+        return $this->shareApiLinkDefaultExpireDate()
+            && $this->appConfig->getValueBool('core', ConfigLexicon::SHARE_LINK_EXPIRE_DATE_ENFORCED);
+    }
+
+
+    /**
+     * Number of default link expire days
+     *
+     * @return int
+     */
+    public function shareApiLinkDefaultExpireDays() {
+        return (int)$this->config->getAppValue('core', 'shareapi_expire_after_n_days', '7');
+    }
+
+    /**
+     * Is default internal expire date enabled
+     *
+     * @return bool
+     */
+    public function shareApiInternalDefaultExpireDate(): bool {
+        return $this->config->getAppValue('core', 'shareapi_default_internal_expire_date', 'no') === 'yes';
+    }
+
+    /**
+     * Is default remote expire date enabled
+     *
+     * @return bool
+     */
+    public function shareApiRemoteDefaultExpireDate(): bool {
+        return $this->config->getAppValue('core', 'shareapi_default_remote_expire_date', 'no') === 'yes';
+    }
+
+    /**
+     * Is default expire date enforced
+     *
+     * @return bool
+     */
+    public function shareApiInternalDefaultExpireDateEnforced(): bool {
+        return $this->shareApiInternalDefaultExpireDate()
+            && $this->config->getAppValue('core', 'shareapi_enforce_internal_expire_date', 'no') === 'yes';
+    }
+
+    /**
+     * Is default expire date enforced for remote shares
+     *
+     * @return bool
+     */
+    public function shareApiRemoteDefaultExpireDateEnforced(): bool {
+        return $this->shareApiRemoteDefaultExpireDate()
+            && $this->config->getAppValue('core', 'shareapi_enforce_remote_expire_date', 'no') === 'yes';
+    }
+
+    /**
+     * Number of default expire days
+     *
+     * @return int
+     */
+    public function shareApiInternalDefaultExpireDays(): int {
+        return (int)$this->config->getAppValue('core', 'shareapi_internal_expire_after_n_days', '7');
+    }
+
+    /**
+     * Number of default expire days for remote shares
+     *
+     * @return int
+     */
+    public function shareApiRemoteDefaultExpireDays(): int {
+        return (int)$this->config->getAppValue('core', 'shareapi_remote_expire_after_n_days', '7');
+    }
+
+    /**
+     * Allow public upload on link shares
+     *
+     * @return bool
+     */
+    public function shareApiLinkAllowPublicUpload() {
+        return $this->config->getAppValue('core', 'shareapi_allow_public_upload', 'yes') === 'yes';
+    }
+
+    /**
+     * check if user can only share with group members
+     *
+     * @return bool
+     */
+    public function shareWithGroupMembersOnly() {
+        return $this->config->getAppValue('core', 'shareapi_only_share_with_group_members', 'no') === 'yes';
+    }
+
+    /**
+     * If shareWithGroupMembersOnly is enabled, return an optional
+     * list of groups that must be excluded from the principle of
+     * belonging to the same group.
+     *
+     * @return array
+     */
+    public function shareWithGroupMembersOnlyExcludeGroupsList() {
+        if (!$this->shareWithGroupMembersOnly()) {
+            return [];
+        }
+        $excludeGroups = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members_exclude_group_list', '');
+        return json_decode($excludeGroups, true) ?? [];
+    }
+
+    /**
+     * Check if users can share with groups
+     *
+     * @return bool
+     */
+    public function allowGroupSharing() {
+        return $this->config->getAppValue('core', 'shareapi_allow_group_sharing', 'yes') === 'yes';
+    }
+
+    public function allowEnumeration(): bool {
+        return $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') === 'yes';
+    }
+
+    public function limitEnumerationToGroups(): bool {
+        return $this->allowEnumeration()
+            && $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no') === 'yes';
+    }
+
+    public function limitEnumerationToPhone(): bool {
+        return $this->allowEnumeration()
+            && $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_phone', 'no') === 'yes';
+    }
+
+    public function allowEnumerationFullMatch(): bool {
+        return $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match', 'yes') === 'yes';
+    }
+
+    public function matchEmail(): bool {
+        return $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_email', 'yes') === 'yes';
+    }
+
+    public function matchUserId(): bool {
+        return $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_user_id', 'yes') === 'yes';
+    }
+
+    public function ignoreSecondDisplayName(): bool {
+        return $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_dn', 'no') === 'yes';
+    }
+
+    public function allowCustomTokens(): bool {
+        return $this->appConfig->getValueBool('core', ConfigLexicon::SHARE_CUSTOM_TOKEN);
+    }
+
+    public function allowViewWithoutDownload(): bool {
+        return $this->appConfig->getValueBool('core', 'shareapi_allow_view_without_download', true);
+    }
+
+    public function currentUserCanEnumerateTargetUser(?IUser $currentUser, IUser $targetUser): bool {
+        if ($this->allowEnumerationFullMatch()) {
+            return true;
+        }
+
+        if (!$this->allowEnumeration()) {
+            return false;
+        }
+
+        if (!$this->limitEnumerationToPhone() && !$this->limitEnumerationToGroups()) {
+            // Enumeration is enabled and not restricted: OK
+            return true;
+        }
+
+        if (!$currentUser instanceof IUser) {
+            // Enumeration restrictions require an account
+            return false;
+        }
+
+        // Enumeration is limited to phone match
+        if ($this->limitEnumerationToPhone() && $this->knownUserService->isKnownToUser($currentUser->getUID(), $targetUser->getUID())) {
+            return true;
+        }
+
+        // Enumeration is limited to groups
+        if ($this->limitEnumerationToGroups()) {
+            $currentUserGroupIds = $this->groupManager->getUserGroupIds($currentUser);
+            $targetUserGroupIds = $this->groupManager->getUserGroupIds($targetUser);
+            if (!empty(array_intersect($currentUserGroupIds, $targetUserGroupIds))) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    /**
+     * Check if sharing is disabled for the current user
+     */
+    public function sharingDisabledForUser(?string $userId): bool {
+        return $this->shareDisableChecker->sharingDisabledForUser($userId);
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function outgoingServer2ServerSharesAllowed() {
+        return $this->config->getAppValue('files_sharing', 'outgoing_server2server_share_enabled', 'yes') === 'yes';
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function outgoingServer2ServerGroupSharesAllowed() {
+        return $this->config->getAppValue('files_sharing', 'outgoing_server2server_group_share_enabled', 'no') === 'yes';
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function shareProviderExists($shareType) {
+        try {
+            $this->factory->getProviderForType($shareType);
+        } catch (ProviderException $e) {
+            return false;
+        }
+
+        return true;
+    }
+
+    public function registerShareProvider(string $shareProviderClass): void {
+        $this->factory->registerProvider($shareProviderClass);
+    }
+
+    public function getAllShares(): iterable {
+        $providers = $this->factory->getAllProviders();
+
+        foreach ($providers as $provider) {
+            yield from $provider->getAllShares();
+        }
+    }
+
+    public function generateToken(): string {
+        // Initial token length
+        $tokenLength = \OC\Share\Helper::getTokenLength();
+
+        do {
+            $tokenExists = false;
+
+            for ($i = 0; $i <= 2; $i++) {
+                // Generate a new token
+                $token = $this->secureRandom->generate(
+                    $tokenLength,
+                    ISecureRandom::CHAR_HUMAN_READABLE,
+                );
+
+                try {
+                    // Try to fetch a share with the generated token
+                    $this->getShareByToken($token);
+                    $tokenExists = true; // Token exists, we need to try again
+                } catch (ShareNotFound $e) {
+                    // Token is unique, exit the loop
+                    $tokenExists = false;
+                    break;
+                }
+            }
+
+            // If we've reached the maximum attempts and the token still exists, increase the token length
+            if ($tokenExists) {
+                $tokenLength++;
+
+                // Check if the token length exceeds the maximum allowed length
+                if ($tokenLength > \OC\Share\Constants::MAX_TOKEN_LENGTH) {
+                    throw new ShareTokenException('Unable to generate a unique share token. Maximum token length exceeded.');
+                }
+            }
+        } while ($tokenExists);
+
+        return $token;
+    }
+
+    private function dispatchEvent(Event $event, string $name): void {
+        try {
+            $this->dispatcher->dispatchTyped($event);
+        } catch (\Exception $e) {
+            $this->logger->error("Error while sending ' . $name . ' event", ['exception' => $e]);
+        }
+    }
 }

apps/settings/tests/Settings/Admin/SharingTest.php

Indentation +222 added lines, -222 removed lines

@@ -20,245 +20,245 @@
 use Test\TestCase;
 
 class SharingTest extends TestCase {
-	private Sharing $admin;
+    private Sharing $admin;
 
-	private IConfig&MockObject $config;
-	private IAppConfig&MockObject $appConfig;
-	private IL10N&MockObject $l10n;
-	private IManager&MockObject $shareManager;
-	private IAppManager&MockObject $appManager;
-	private IURLGenerator&MockObject $urlGenerator;
-	private IInitialState&MockObject $initialState;
+    private IConfig&MockObject $config;
+    private IAppConfig&MockObject $appConfig;
+    private IL10N&MockObject $l10n;
+    private IManager&MockObject $shareManager;
+    private IAppManager&MockObject $appManager;
+    private IURLGenerator&MockObject $urlGenerator;
+    private IInitialState&MockObject $initialState;
 
-	protected function setUp(): void {
-		parent::setUp();
-		$this->config = $this->createMock(IConfig::class);
-		$this->appConfig = $this->createMock(IAppConfig::class);
-		$this->l10n = $this->createMock(IL10N::class);
+    protected function setUp(): void {
+        parent::setUp();
+        $this->config = $this->createMock(IConfig::class);
+        $this->appConfig = $this->createMock(IAppConfig::class);
+        $this->l10n = $this->createMock(IL10N::class);
 
-		$this->shareManager = $this->createMock(IManager::class);
-		$this->appManager = $this->createMock(IAppManager::class);
-		$this->urlGenerator = $this->createMock(IURLGenerator::class);
-		$this->initialState = $this->createMock(IInitialState::class);
+        $this->shareManager = $this->createMock(IManager::class);
+        $this->appManager = $this->createMock(IAppManager::class);
+        $this->urlGenerator = $this->createMock(IURLGenerator::class);
+        $this->initialState = $this->createMock(IInitialState::class);
 
-		$this->admin = new Sharing(
-			$this->config,
-			$this->appConfig,
-			$this->l10n,
-			$this->shareManager,
-			$this->appManager,
-			$this->urlGenerator,
-			$this->initialState,
-			'settings',
-		);
-	}
+        $this->admin = new Sharing(
+            $this->config,
+            $this->appConfig,
+            $this->l10n,
+            $this->shareManager,
+            $this->appManager,
+            $this->urlGenerator,
+            $this->initialState,
+            'settings',
+        );
+    }
 
-	public function testGetFormWithoutExcludedGroups(): void {
-		$this->appConfig
-			->method('getValueBool')
-			->willReturnMap([
-				['core', 'shareapi_allow_federation_on_public_shares', true],
-				['core', 'shareapi_enable_link_password_by_default', true],
-				['core', 'shareapi_default_expire_date', false],
-				['core', 'shareapi_enforce_expire_date', false],
-			]);
+    public function testGetFormWithoutExcludedGroups(): void {
+        $this->appConfig
+            ->method('getValueBool')
+            ->willReturnMap([
+                ['core', 'shareapi_allow_federation_on_public_shares', true],
+                ['core', 'shareapi_enable_link_password_by_default', true],
+                ['core', 'shareapi_default_expire_date', false],
+                ['core', 'shareapi_enforce_expire_date', false],
+            ]);
 
-		$this->config
-			->method('getAppValue')
-			->willReturnMap([
-				['core', 'shareapi_exclude_groups_list', '', ''],
-				['core', 'shareapi_allow_links_exclude_groups', '', ''],
-				['core', 'shareapi_allow_group_sharing', 'yes', 'yes'],
-				['core', 'shareapi_allow_links', 'yes', 'yes'],
-				['core', 'shareapi_allow_public_upload', 'yes', 'yes'],
-				['core', 'shareapi_allow_resharing', 'yes', 'yes'],
-				['core', 'shareapi_allow_share_dialog_user_enumeration', 'yes', 'yes'],
-				['core', 'shareapi_restrict_user_enumeration_to_group', 'no', 'no'],
-				['core', 'shareapi_restrict_user_enumeration_to_phone', 'no', 'no'],
-				['core', 'shareapi_restrict_user_enumeration_full_match', 'yes', 'yes'],
-				['core', 'shareapi_restrict_user_enumeration_full_match_user_id', 'yes', 'yes'],
-				['core', 'shareapi_restrict_user_enumeration_full_match_email', 'yes', 'yes'],
-				['core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_dn', 'no', 'no'],
-				['core', 'shareapi_enabled', 'yes', 'yes'],
-				['core', 'shareapi_expire_after_n_days', '7', '7'],
-				['core', 'shareapi_exclude_groups', 'no', 'no'],
-				['core', 'shareapi_public_link_disclaimertext', '', 'Lorem ipsum'],
-				['core', 'shareapi_default_permissions', (string)Constants::PERMISSION_ALL, Constants::PERMISSION_ALL],
-				['core', 'shareapi_default_internal_expire_date', 'no', 'no'],
-				['core', 'shareapi_internal_expire_after_n_days', '7', '7'],
-				['core', 'shareapi_enforce_internal_expire_date', 'no', 'no'],
-				['core', 'shareapi_default_remote_expire_date', 'no', 'no'],
-				['core', 'shareapi_remote_expire_after_n_days', '7', '7'],
-				['core', 'shareapi_enforce_remote_expire_date', 'no', 'no'],
-				['core', 'shareapi_enforce_links_password_excluded_groups', '', ''],
-				['core', 'shareapi_only_share_with_group_members_exclude_group_list', '', '[]'],
-			]);
-		$this->shareManager->method('shareWithGroupMembersOnly')
-			->willReturn(false);
+        $this->config
+            ->method('getAppValue')
+            ->willReturnMap([
+                ['core', 'shareapi_exclude_groups_list', '', ''],
+                ['core', 'shareapi_allow_links_exclude_groups', '', ''],
+                ['core', 'shareapi_allow_group_sharing', 'yes', 'yes'],
+                ['core', 'shareapi_allow_links', 'yes', 'yes'],
+                ['core', 'shareapi_allow_public_upload', 'yes', 'yes'],
+                ['core', 'shareapi_allow_resharing', 'yes', 'yes'],
+                ['core', 'shareapi_allow_share_dialog_user_enumeration', 'yes', 'yes'],
+                ['core', 'shareapi_restrict_user_enumeration_to_group', 'no', 'no'],
+                ['core', 'shareapi_restrict_user_enumeration_to_phone', 'no', 'no'],
+                ['core', 'shareapi_restrict_user_enumeration_full_match', 'yes', 'yes'],
+                ['core', 'shareapi_restrict_user_enumeration_full_match_user_id', 'yes', 'yes'],
+                ['core', 'shareapi_restrict_user_enumeration_full_match_email', 'yes', 'yes'],
+                ['core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_dn', 'no', 'no'],
+                ['core', 'shareapi_enabled', 'yes', 'yes'],
+                ['core', 'shareapi_expire_after_n_days', '7', '7'],
+                ['core', 'shareapi_exclude_groups', 'no', 'no'],
+                ['core', 'shareapi_public_link_disclaimertext', '', 'Lorem ipsum'],
+                ['core', 'shareapi_default_permissions', (string)Constants::PERMISSION_ALL, Constants::PERMISSION_ALL],
+                ['core', 'shareapi_default_internal_expire_date', 'no', 'no'],
+                ['core', 'shareapi_internal_expire_after_n_days', '7', '7'],
+                ['core', 'shareapi_enforce_internal_expire_date', 'no', 'no'],
+                ['core', 'shareapi_default_remote_expire_date', 'no', 'no'],
+                ['core', 'shareapi_remote_expire_after_n_days', '7', '7'],
+                ['core', 'shareapi_enforce_remote_expire_date', 'no', 'no'],
+                ['core', 'shareapi_enforce_links_password_excluded_groups', '', ''],
+                ['core', 'shareapi_only_share_with_group_members_exclude_group_list', '', '[]'],
+            ]);
+        $this->shareManager->method('shareWithGroupMembersOnly')
+            ->willReturn(false);
 
-		$this->appManager->method('isEnabledForUser')->with('files_sharing')->willReturn(false);
+        $this->appManager->method('isEnabledForUser')->with('files_sharing')->willReturn(false);
 
-		$initialStateCalls = [];
-		$this->initialState
-			->expects($this->exactly(3))
-			->method('provideInitialState')
-			->willReturnCallback(function (string $key) use (&$initialStateCalls): void {
-				$initialStateCalls[$key] = func_get_args();
-			});
+        $initialStateCalls = [];
+        $this->initialState
+            ->expects($this->exactly(3))
+            ->method('provideInitialState')
+            ->willReturnCallback(function (string $key) use (&$initialStateCalls): void {
+                $initialStateCalls[$key] = func_get_args();
+            });
 
-		$expectedInitialStateCalls = [
-			'sharingAppEnabled' => false,
-			'sharingDocumentation' => '',
-			'sharingSettings' => [
-				'allowGroupSharing' => true,
-				'allowLinks' => true,
-				'allowPublicUpload' => true,
-				'allowResharing' => true,
-				'allowShareDialogUserEnumeration' => true,
-				'allowFederationOnPublicShares' => true,
-				'restrictUserEnumerationToGroup' => false,
-				'restrictUserEnumerationToPhone' => false,
-				'restrictUserEnumerationFullMatch' => true,
-				'restrictUserEnumerationFullMatchUserId' => true,
-				'restrictUserEnumerationFullMatchEmail' => true,
-				'restrictUserEnumerationFullMatchIgnoreSecondDN' => false,
-				'enforceLinksPassword' => false,
-				'onlyShareWithGroupMembers' => false,
-				'enabled' => true,
-				'defaultExpireDate' => false,
-				'expireAfterNDays' => '7',
-				'enforceExpireDate' => false,
-				'excludeGroups' => 'no',
-				'excludeGroupsList' => [],
-				'publicShareDisclaimerText' => 'Lorem ipsum',
-				'enableLinkPasswordByDefault' => true,
-				'defaultPermissions' => Constants::PERMISSION_ALL,
-				'defaultInternalExpireDate' => false,
-				'internalExpireAfterNDays' => '7',
-				'enforceInternalExpireDate' => false,
-				'defaultRemoteExpireDate' => false,
-				'remoteExpireAfterNDays' => '7',
-				'enforceRemoteExpireDate' => false,
-				'allowLinksExcludeGroups' => [],
-				'onlyShareWithGroupMembersExcludeGroupList' => [],
-				'enforceLinksPasswordExcludedGroups' => [],
-				'enforceLinksPasswordExcludedGroupsEnabled' => false,
-			]
-		];
+        $expectedInitialStateCalls = [
+            'sharingAppEnabled' => false,
+            'sharingDocumentation' => '',
+            'sharingSettings' => [
+                'allowGroupSharing' => true,
+                'allowLinks' => true,
+                'allowPublicUpload' => true,
+                'allowResharing' => true,
+                'allowShareDialogUserEnumeration' => true,
+                'allowFederationOnPublicShares' => true,
+                'restrictUserEnumerationToGroup' => false,
+                'restrictUserEnumerationToPhone' => false,
+                'restrictUserEnumerationFullMatch' => true,
+                'restrictUserEnumerationFullMatchUserId' => true,
+                'restrictUserEnumerationFullMatchEmail' => true,
+                'restrictUserEnumerationFullMatchIgnoreSecondDN' => false,
+                'enforceLinksPassword' => false,
+                'onlyShareWithGroupMembers' => false,
+                'enabled' => true,
+                'defaultExpireDate' => false,
+                'expireAfterNDays' => '7',
+                'enforceExpireDate' => false,
+                'excludeGroups' => 'no',
+                'excludeGroupsList' => [],
+                'publicShareDisclaimerText' => 'Lorem ipsum',
+                'enableLinkPasswordByDefault' => true,
+                'defaultPermissions' => Constants::PERMISSION_ALL,
+                'defaultInternalExpireDate' => false,
+                'internalExpireAfterNDays' => '7',
+                'enforceInternalExpireDate' => false,
+                'defaultRemoteExpireDate' => false,
+                'remoteExpireAfterNDays' => '7',
+                'enforceRemoteExpireDate' => false,
+                'allowLinksExcludeGroups' => [],
+                'onlyShareWithGroupMembersExcludeGroupList' => [],
+                'enforceLinksPasswordExcludedGroups' => [],
+                'enforceLinksPasswordExcludedGroupsEnabled' => false,
+            ]
+        ];
 
-		$expected = new TemplateResponse(
-			'settings',
-			'settings/admin/sharing',
-			[],
-			''
-		);
+        $expected = new TemplateResponse(
+            'settings',
+            'settings/admin/sharing',
+            [],
+            ''
+        );
 
-		$this->assertEquals($expected, $this->admin->getForm());
-		$this->assertEquals(sort($expectedInitialStateCalls), sort($initialStateCalls), 'Provided initial state does not match');
-	}
+        $this->assertEquals($expected, $this->admin->getForm());
+        $this->assertEquals(sort($expectedInitialStateCalls), sort($initialStateCalls), 'Provided initial state does not match');
+    }
 
-	public function testGetFormWithExcludedGroups(): void {
-		$this->config
-			->method('getAppValue')
-			->willReturnMap([
-				['core', 'shareapi_exclude_groups_list', '', '["NoSharers","OtherNoSharers"]'],
-				['core', 'shareapi_allow_links_exclude_groups', '', ''],
-				['core', 'shareapi_allow_group_sharing', 'yes', 'yes'],
-				['core', 'shareapi_allow_links', 'yes', 'yes'],
-				['core', 'shareapi_allow_public_upload', 'yes', 'yes'],
-				['core', 'shareapi_allow_resharing', 'yes', 'yes'],
-				['core', 'shareapi_allow_share_dialog_user_enumeration', 'yes', 'yes'],
-				['core', 'shareapi_restrict_user_enumeration_to_group', 'no', 'no'],
-				['core', 'shareapi_restrict_user_enumeration_to_phone', 'no', 'no'],
-				['core', 'shareapi_restrict_user_enumeration_full_match', 'yes', 'yes'],
-				['core', 'shareapi_restrict_user_enumeration_full_match_user_id', 'yes', 'yes'],
-				['core', 'shareapi_restrict_user_enumeration_full_match_email', 'yes', 'yes'],
-				['core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_dn', 'no', 'no'],
-				['core', 'shareapi_enabled', 'yes', 'yes'],
-				['core', 'shareapi_default_expire_date', 'no', 'no'],
-				['core', 'shareapi_expire_after_n_days', '7', '7'],
-				['core', 'shareapi_enforce_expire_date', 'no', 'no'],
-				['core', 'shareapi_exclude_groups', 'no', 'yes'],
-				['core', 'shareapi_public_link_disclaimertext', '', 'Lorem ipsum'],
-				['core', 'shareapi_enable_link_password_by_default', 'no', 'yes'],
-				['core', 'shareapi_default_permissions', (string)Constants::PERMISSION_ALL, Constants::PERMISSION_ALL],
-				['core', 'shareapi_default_internal_expire_date', 'no', 'no'],
-				['core', 'shareapi_internal_expire_after_n_days', '7', '7'],
-				['core', 'shareapi_enforce_internal_expire_date', 'no', 'no'],
-				['core', 'shareapi_default_remote_expire_date', 'no', 'no'],
-				['core', 'shareapi_remote_expire_after_n_days', '7', '7'],
-				['core', 'shareapi_enforce_remote_expire_date', 'no', 'no'],
-				['core', 'shareapi_enforce_links_password_excluded_groups', '', ''],
-				['core', 'shareapi_only_share_with_group_members_exclude_group_list', '', '[]'],
-			]);
-		$this->shareManager->method('shareWithGroupMembersOnly')
-			->willReturn(false);
+    public function testGetFormWithExcludedGroups(): void {
+        $this->config
+            ->method('getAppValue')
+            ->willReturnMap([
+                ['core', 'shareapi_exclude_groups_list', '', '["NoSharers","OtherNoSharers"]'],
+                ['core', 'shareapi_allow_links_exclude_groups', '', ''],
+                ['core', 'shareapi_allow_group_sharing', 'yes', 'yes'],
+                ['core', 'shareapi_allow_links', 'yes', 'yes'],
+                ['core', 'shareapi_allow_public_upload', 'yes', 'yes'],
+                ['core', 'shareapi_allow_resharing', 'yes', 'yes'],
+                ['core', 'shareapi_allow_share_dialog_user_enumeration', 'yes', 'yes'],
+                ['core', 'shareapi_restrict_user_enumeration_to_group', 'no', 'no'],
+                ['core', 'shareapi_restrict_user_enumeration_to_phone', 'no', 'no'],
+                ['core', 'shareapi_restrict_user_enumeration_full_match', 'yes', 'yes'],
+                ['core', 'shareapi_restrict_user_enumeration_full_match_user_id', 'yes', 'yes'],
+                ['core', 'shareapi_restrict_user_enumeration_full_match_email', 'yes', 'yes'],
+                ['core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_dn', 'no', 'no'],
+                ['core', 'shareapi_enabled', 'yes', 'yes'],
+                ['core', 'shareapi_default_expire_date', 'no', 'no'],
+                ['core', 'shareapi_expire_after_n_days', '7', '7'],
+                ['core', 'shareapi_enforce_expire_date', 'no', 'no'],
+                ['core', 'shareapi_exclude_groups', 'no', 'yes'],
+                ['core', 'shareapi_public_link_disclaimertext', '', 'Lorem ipsum'],
+                ['core', 'shareapi_enable_link_password_by_default', 'no', 'yes'],
+                ['core', 'shareapi_default_permissions', (string)Constants::PERMISSION_ALL, Constants::PERMISSION_ALL],
+                ['core', 'shareapi_default_internal_expire_date', 'no', 'no'],
+                ['core', 'shareapi_internal_expire_after_n_days', '7', '7'],
+                ['core', 'shareapi_enforce_internal_expire_date', 'no', 'no'],
+                ['core', 'shareapi_default_remote_expire_date', 'no', 'no'],
+                ['core', 'shareapi_remote_expire_after_n_days', '7', '7'],
+                ['core', 'shareapi_enforce_remote_expire_date', 'no', 'no'],
+                ['core', 'shareapi_enforce_links_password_excluded_groups', '', ''],
+                ['core', 'shareapi_only_share_with_group_members_exclude_group_list', '', '[]'],
+            ]);
+        $this->shareManager->method('shareWithGroupMembersOnly')
+            ->willReturn(false);
 
-		$this->appManager->method('isEnabledForUser')->with('files_sharing')->willReturn(true);
+        $this->appManager->method('isEnabledForUser')->with('files_sharing')->willReturn(true);
 
-		$initialStateCalls = [];
-		$this->initialState
-			->expects($this->exactly(3))
-			->method('provideInitialState')
-			->willReturnCallback(function (string $key) use (&$initialStateCalls): void {
-				$initialStateCalls[$key] = func_get_args();
-			});
+        $initialStateCalls = [];
+        $this->initialState
+            ->expects($this->exactly(3))
+            ->method('provideInitialState')
+            ->willReturnCallback(function (string $key) use (&$initialStateCalls): void {
+                $initialStateCalls[$key] = func_get_args();
+            });
 
-		$expectedInitialStateCalls = [
-			'sharingAppEnabled' => true,
-			'sharingDocumentation' => '',
-			'sharingSettings' => [
-				'allowGroupSharing' => true,
-				'allowLinks' => true,
-				'allowPublicUpload' => true,
-				'allowResharing' => true,
-				'allowShareDialogUserEnumeration' => true,
-				'restrictUserEnumerationToGroup' => false,
-				'restrictUserEnumerationToPhone' => false,
-				'restrictUserEnumerationFullMatch' => true,
-				'restrictUserEnumerationFullMatchUserId' => true,
-				'restrictUserEnumerationFullMatchEmail' => true,
-				'restrictUserEnumerationFullMatchIgnoreSecondDN' => false,
-				'enforceLinksPassword' => false,
-				'onlyShareWithGroupMembers' => false,
-				'enabled' => true,
-				'defaultExpireDate' => false,
-				'expireAfterNDays' => '7',
-				'enforceExpireDate' => false,
-				'excludeGroups' => 'yes',
-				'excludeGroupsList' => ['NoSharers','OtherNoSharers'],
-				'publicShareDisclaimerText' => 'Lorem ipsum',
-				'enableLinkPasswordByDefault' => true,
-				'defaultPermissions' => Constants::PERMISSION_ALL,
-				'defaultInternalExpireDate' => false,
-				'internalExpireAfterNDays' => '7',
-				'enforceInternalExpireDate' => false,
-				'defaultRemoteExpireDate' => false,
-				'remoteExpireAfterNDays' => '7',
-				'enforceRemoteExpireDate' => false,
-				'allowLinksExcludeGroups' => [],
-				'onlyShareWithGroupMembersExcludeGroupList' => [],
-				'enforceLinksPasswordExcludedGroups' => [],
-				'enforceLinksPasswordExcludedGroupsEnabled' => false,
-			],
-		];
+        $expectedInitialStateCalls = [
+            'sharingAppEnabled' => true,
+            'sharingDocumentation' => '',
+            'sharingSettings' => [
+                'allowGroupSharing' => true,
+                'allowLinks' => true,
+                'allowPublicUpload' => true,
+                'allowResharing' => true,
+                'allowShareDialogUserEnumeration' => true,
+                'restrictUserEnumerationToGroup' => false,
+                'restrictUserEnumerationToPhone' => false,
+                'restrictUserEnumerationFullMatch' => true,
+                'restrictUserEnumerationFullMatchUserId' => true,
+                'restrictUserEnumerationFullMatchEmail' => true,
+                'restrictUserEnumerationFullMatchIgnoreSecondDN' => false,
+                'enforceLinksPassword' => false,
+                'onlyShareWithGroupMembers' => false,
+                'enabled' => true,
+                'defaultExpireDate' => false,
+                'expireAfterNDays' => '7',
+                'enforceExpireDate' => false,
+                'excludeGroups' => 'yes',
+                'excludeGroupsList' => ['NoSharers','OtherNoSharers'],
+                'publicShareDisclaimerText' => 'Lorem ipsum',
+                'enableLinkPasswordByDefault' => true,
+                'defaultPermissions' => Constants::PERMISSION_ALL,
+                'defaultInternalExpireDate' => false,
+                'internalExpireAfterNDays' => '7',
+                'enforceInternalExpireDate' => false,
+                'defaultRemoteExpireDate' => false,
+                'remoteExpireAfterNDays' => '7',
+                'enforceRemoteExpireDate' => false,
+                'allowLinksExcludeGroups' => [],
+                'onlyShareWithGroupMembersExcludeGroupList' => [],
+                'enforceLinksPasswordExcludedGroups' => [],
+                'enforceLinksPasswordExcludedGroupsEnabled' => false,
+            ],
+        ];
 
-		$expected = new TemplateResponse(
-			'settings',
-			'settings/admin/sharing',
-			[],
-			''
-		);
+        $expected = new TemplateResponse(
+            'settings',
+            'settings/admin/sharing',
+            [],
+            ''
+        );
 
-		$this->assertEquals($expected, $this->admin->getForm());
-		$this->assertEquals(sort($expectedInitialStateCalls), sort($initialStateCalls), 'Provided initial state does not match');
-	}
+        $this->assertEquals($expected, $this->admin->getForm());
+        $this->assertEquals(sort($expectedInitialStateCalls), sort($initialStateCalls), 'Provided initial state does not match');
+    }
 
-	public function testGetSection(): void {
-		$this->assertSame('sharing', $this->admin->getSection());
-	}
+    public function testGetSection(): void {
+        $this->assertSame('sharing', $this->admin->getSection());
+    }
 
-	public function testGetPriority(): void {
-		$this->assertSame(0, $this->admin->getPriority());
-	}
+    public function testGetPriority(): void {
+        $this->assertSame(0, $this->admin->getPriority());
+    }
 }

tests/lib/Collaboration/Collaborators/UserPluginTest.php

Indentation +753 added lines, -753 removed lines

@@ -25,757 +25,757 @@
 use Test\TestCase;
 
 class UserPluginTest extends TestCase {
-	private IConfig&MockObject $config;
-	private IUserManager&MockObject $userManager;
-	private IGroupManager&MockObject $groupManager;
-	private IUserSession&MockObject $session;
-	private KnownUserService&MockObject $knownUserService;
-	private IUserStatusManager&MockObject $userStatusManager;
-	private IUser&MockObject $user;
-
-	/** @var UserPlugin */
-	protected $plugin;
-
-	/** @var ISearchResult */
-	protected $searchResult;
-
-	protected int $limit = 2;
-
-	protected int $offset = 0;
-
-	protected function setUp(): void {
-		parent::setUp();
-
-		$this->config = $this->createMock(IConfig::class);
-
-		$this->userManager = $this->createMock(IUserManager::class);
-
-		$this->groupManager = $this->createMock(IGroupManager::class);
-
-		$this->session = $this->createMock(IUserSession::class);
-
-		$this->knownUserService = $this->createMock(KnownUserService::class);
-
-		$this->userStatusManager = $this->createMock(IUserStatusManager::class);
-
-		$this->searchResult = new SearchResult();
-
-		$this->user = $this->getUserMock('admin', 'Administrator');
-	}
-
-	public function instantiatePlugin(): void {
-		// cannot be done within setUp, because dependent mocks needs to be set
-		// up with configuration etc. first
-		$this->plugin = new UserPlugin(
-			$this->config,
-			$this->userManager,
-			$this->groupManager,
-			$this->session,
-			$this->knownUserService,
-			$this->userStatusManager
-		);
-	}
-
-	public function mockConfig($mockedSettings): void {
-		$this->config->expects($this->any())
-			->method('getAppValue')
-			->willReturnCallback(
-				function ($appName, $key, $default) use ($mockedSettings) {
-					return $mockedSettings[$appName][$key] ?? $default;
-				}
-			);
-	}
-
-	public function getUserMock(string $uid, string $displayName, bool $enabled = true, array $groups = []): IUser&MockObject {
-		$user = $this->createMock(IUser::class);
-
-		$user->expects($this->any())
-			->method('getUID')
-			->willReturn($uid);
-
-		$user->expects($this->any())
-			->method('getDisplayName')
-			->willReturn($displayName);
-
-		$user->expects($this->any())
-			->method('isEnabled')
-			->willReturn($enabled);
-
-		return $user;
-	}
-
-	public static function dataGetUsers(): array {
-		return [
-			['test', false, true, [], [], [], [], true, false],
-			['test', false, false, [], [], [], [], true, false],
-			['test', true, true, [], [], [], [], true, false],
-			['test', true, false, [], [], [], [], true, false],
-			[
-				'test', false, true, [], [],
-				[
-					['label' => 'Test', 'value' => ['shareType' => IShare::TYPE_USER, 'shareWith' => 'test'], 'icon' => 'icon-user', 'subline' => null, 'status' => [], 'shareWithDisplayNameUnique' => 'test'],
-				], [], true, ['test', 'Test'],
-			],
-			[
-				'test', false, false, [], [],
-				[
-					['label' => 'Test', 'value' => ['shareType' => IShare::TYPE_USER, 'shareWith' => 'test'], 'icon' => 'icon-user', 'subline' => null, 'status' => [], 'shareWithDisplayNameUnique' => 'test'],
-				], [], true, ['test', 'Test'],
-			],
-			[
-				'test', true, true, [], [],
-				[], [], true, ['test', 'Test'],
-			],
-			[
-				'test', true, false, [], [],
-				[], [], true, ['test', 'Test'],
-			],
-			[
-				'test', true, true, ['test-group'], [['test-group', 'test', 2, 0, []]],
-				[
-					['label' => 'Test', 'value' => ['shareType' => IShare::TYPE_USER, 'shareWith' => 'test'], 'icon' => 'icon-user', 'subline' => null, 'status' => [], 'shareWithDisplayNameUnique' => 'test'],
-				], [], true, ['test', 'Test'],
-			],
-			[
-				'test', true, false, ['test-group'], [['test-group', 'test', 2, 0, []]],
-				[
-					['label' => 'Test', 'value' => ['shareType' => IShare::TYPE_USER, 'shareWith' => 'test'], 'icon' => 'icon-user', 'subline' => null, 'status' => [], 'shareWithDisplayNameUnique' => 'test'],
-				], [], true, ['test', 'Test'],
-			],
-			[
-				'test',
-				false,
-				true,
-				[],
-				[
-					['test1', 'Test One'],
-				],
-				[],
-				[
-					['label' => 'Test One', 'value' => ['shareType' => IShare::TYPE_USER, 'shareWith' => 'test1'], 'icon' => 'icon-user', 'subline' => null, 'status' => [], 'shareWithDisplayNameUnique' => 'test1'],
-				],
-				true,
-				false,
-			],
-			[
-				'test',
-				false,
-				false,
-				[],
-				[
-					['test1', 'Test One'],
-				],
-				[],
-				[],
-				true,
-				false,
-			],
-			[
-				'test',
-				false,
-				true,
-				[],
-				[
-					['test1', 'Test One'],
-					['test2', 'Test Two'],
-				],
-				[],
-				[
-					['label' => 'Test One', 'value' => ['shareType' => IShare::TYPE_USER, 'shareWith' => 'test1'], 'icon' => 'icon-user', 'subline' => null, 'status' => [], 'shareWithDisplayNameUnique' => 'test1'],
-					['label' => 'Test Two', 'value' => ['shareType' => IShare::TYPE_USER, 'shareWith' => 'test2'], 'icon' => 'icon-user', 'subline' => null, 'status' => [], 'shareWithDisplayNameUnique' => 'test2'],
-				],
-				false,
-				false,
-			],
-			[
-				'test',
-				false,
-				false,
-				[],
-				[
-					['test1', 'Test One'],
-					['test2', 'Test Two'],
-				],
-				[],
-				[],
-				true,
-				false,
-			],
-			[
-				'test',
-				false,
-				true,
-				[],
-				[
-					['test0', 'Test'],
-					['test1', 'Test One'],
-					['test2', 'Test Two'],
-				],
-				[
-					['label' => 'Test', 'value' => ['shareType' => IShare::TYPE_USER, 'shareWith' => 'test0'], 'icon' => 'icon-user', 'subline' => null, 'status' => [], 'shareWithDisplayNameUnique' => 'test0'],
-				],
-				[
-					['label' => 'Test One', 'value' => ['shareType' => IShare::TYPE_USER, 'shareWith' => 'test1'], 'icon' => 'icon-user', 'subline' => null, 'status' => [], 'shareWithDisplayNameUnique' => 'test1'],
-					['label' => 'Test Two', 'value' => ['shareType' => IShare::TYPE_USER, 'shareWith' => 'test2'], 'icon' => 'icon-user', 'subline' => null, 'status' => [], 'shareWithDisplayNameUnique' => 'test2'],
-				],
-				false,
-				false,
-			],
-			[
-				'test',
-				false,
-				true,
-				[],
-				[
-					['test0', 'Test'],
-					['test1', 'Test One'],
-					['test2', 'Test Two'],
-				],
-				[
-					['label' => 'Test', 'value' => ['shareType' => IShare::TYPE_USER, 'shareWith' => 'test0'], 'icon' => 'icon-user', 'subline' => null, 'status' => [], 'shareWithDisplayNameUnique' => 'test0'],
-				],
-				[
-					['label' => 'Test One', 'value' => ['shareType' => IShare::TYPE_USER, 'shareWith' => 'test1'], 'icon' => 'icon-user', 'subline' => null, 'status' => [], 'shareWithDisplayNameUnique' => 'test1'],
-					['label' => 'Test Two', 'value' => ['shareType' => IShare::TYPE_USER, 'shareWith' => 'test2'], 'icon' => 'icon-user', 'subline' => null, 'status' => [], 'shareWithDisplayNameUnique' => 'test2'],
-				],
-				false,
-				false,
-				[],
-				true,
-			],
-			[
-				'test',
-				false,
-				false,
-				[],
-				[
-					['test0', 'Test'],
-					['test1', 'Test One'],
-					['test2', 'Test Two'],
-				],
-				[
-					['label' => 'Test', 'value' => ['shareType' => IShare::TYPE_USER, 'shareWith' => 'test0'], 'icon' => 'icon-user', 'subline' => null, 'status' => [], 'shareWithDisplayNameUnique' => 'test0'],
-				],
-				[],
-				true,
-				false,
-			],
-			[
-				'test',
-				true,
-				true,
-				['abc', 'xyz'],
-				[
-					['abc', 'test', 2, 0, ['test1' => 'Test One']],
-					['xyz', 'test', 2, 0, []],
-				],
-				[],
-				[
-					['label' => 'Test One', 'value' => ['shareType' => IShare::TYPE_USER, 'shareWith' => 'test1'], 'icon' => 'icon-user', 'subline' => null, 'status' => [], 'shareWithDisplayNameUnique' => 'test1'],
-				],
-				true,
-				false,
-				[['test1', ['test1', 'Test One']]],
-			],
-			[
-				'test',
-				true,
-				false,
-				['abc', 'xyz'],
-				[
-					['abc', 'test', 2, 0, ['test1' => 'Test One']],
-					['xyz', 'test', 2, 0, []],
-				],
-				[],
-				[],
-				true,
-				false,
-				[['test1', ['test1', 'Test One']]],
-			],
-			[
-				'test',
-				true,
-				true,
-				['abc', 'xyz'],
-				[
-					['abc', 'test', 2, 0, [
-						'test1' => 'Test One',
-						'test2' => 'Test Two',
-					]],
-					['xyz', 'test', 2, 0, [
-						'test1' => 'Test One',
-						'test2' => 'Test Two',
-					]],
-				],
-				[],
-				[
-					['label' => 'Test One', 'value' => ['shareType' => IShare::TYPE_USER, 'shareWith' => 'test1'], 'icon' => 'icon-user', 'subline' => null, 'status' => [], 'shareWithDisplayNameUnique' => 'test1'],
-					['label' => 'Test Two', 'value' => ['shareType' => IShare::TYPE_USER, 'shareWith' => 'test2'], 'icon' => 'icon-user', 'subline' => null, 'status' => [], 'shareWithDisplayNameUnique' => 'test2'],
-				],
-				true,
-				false,
-				[
-					['test1', ['test1', 'Test One']],
-					['test2', ['test2', 'Test Two']],
-				],
-			],
-			[
-				'test',
-				true,
-				false,
-				['abc', 'xyz'],
-				[
-					['abc', 'test', 2, 0, [
-						'test1' => 'Test One',
-						'test2' => 'Test Two',
-					]],
-					['xyz', 'test', 2, 0, [
-						'test1' => 'Test One',
-						'test2' => 'Test Two',
-					]],
-				],
-				[],
-				[],
-				true,
-				false,
-				[
-					['test1', ['test1', 'Test One']],
-					['test2', ['test2', 'Test Two']],
-				],
-			],
-			[
-				'test',
-				true,
-				true,
-				['abc', 'xyz'],
-				[
-					['abc', 'test', 2, 0, [
-						'test' => 'Test One',
-					]],
-					['xyz', 'test', 2, 0, [
-						'test2' => 'Test Two',
-					]],
-				],
-				[
-					['label' => 'Test One', 'value' => ['shareType' => IShare::TYPE_USER, 'shareWith' => 'test'], 'icon' => 'icon-user', 'subline' => null, 'status' => [], 'shareWithDisplayNameUnique' => 'test'],
-				],
-				[
-					['label' => 'Test Two', 'value' => ['shareType' => IShare::TYPE_USER, 'shareWith' => 'test2'], 'icon' => 'icon-user', 'subline' => null, 'status' => [], 'shareWithDisplayNameUnique' => 'test2'],
-				],
-				false,
-				false,
-				[
-					['test', ['test', 'Test One']],
-					['test2', ['test2', 'Test Two']],
-				],
-			],
-			[
-				'test',
-				true,
-				false,
-				['abc', 'xyz'],
-				[
-					['abc', 'test', 2, 0, [
-						'test' => 'Test One',
-					]],
-					['xyz', 'test', 2, 0, [
-						'test2' => 'Test Two',
-					]],
-				],
-				[
-					['label' => 'Test One', 'value' => ['shareType' => IShare::TYPE_USER, 'shareWith' => 'test'], 'icon' => 'icon-user', 'subline' => null, 'status' => [], 'shareWithDisplayNameUnique' => 'test'],
-				],
-				[],
-				true,
-				false,
-				[
-					['test', ['test', 'Test One']],
-					['test2', ['test2', 'Test Two']],
-				],
-			],
-		];
-	}
-
-	#[DataProvider('dataGetUsers')]
-	public function testSearch(
-		string $searchTerm,
-		bool $shareWithGroupOnly,
-		bool $shareeEnumeration,
-		array $groupResponse,
-		array $userResponse,
-		array $exactExpected,
-		array $expected,
-		bool $reachedEnd,
-		array|false $singleUser,
-		array $users = [],
-		bool $shareeEnumerationPhone = false,
-	): void {
-		if ($singleUser !== false) {
-			$singleUser = $this->getUserMock(...$singleUser);
-		}
-		$users = array_map(
-			fn ($args) => [$args[0], $this->getUserMock(...$args[1])],
-			$users
-		);
-		$this->mockConfig(['core' => [
-			'shareapi_only_share_with_group_members' => $shareWithGroupOnly ? 'yes' : 'no',
-			'shareapi_allow_share_dialog_user_enumeration' => $shareeEnumeration? 'yes' : 'no',
-			'shareapi_restrict_user_enumeration_to_group' => false ? 'yes' : 'no',
-			'shareapi_restrict_user_enumeration_to_phone' => $shareeEnumerationPhone ? 'yes' : 'no',
-		]]);
-
-		$this->instantiatePlugin();
-
-		$this->session->expects($this->any())
-			->method('getUser')
-			->willReturn($this->user);
-
-		if (!$shareWithGroupOnly) {
-			$userResponse = array_map(
-				fn ($args) => $this->getUserMock(...$args),
-				$userResponse
-			);
-			if ($shareeEnumerationPhone) {
-				$this->userManager->expects($this->once())
-					->method('searchKnownUsersByDisplayName')
-					->with($this->user->getUID(), $searchTerm, $this->limit, $this->offset)
-					->willReturn($userResponse);
-
-				$this->knownUserService->method('isKnownToUser')
-					->willReturnMap([
-						[$this->user->getUID(), 'test0', true],
-						[$this->user->getUID(), 'test1', true],
-						[$this->user->getUID(), 'test2', true],
-					]);
-			}
-			$this->userManager->expects($this->once())
-				->method('searchDisplayName')
-				->with($searchTerm, $this->limit, $this->offset)
-				->willReturn($userResponse);
-		} else {
-			$this->groupManager->method('getUserGroupIds')
-				->with($this->user)
-				->willReturn($groupResponse);
-
-			if ($singleUser !== false) {
-				$this->groupManager->method('getUserGroupIds')
-					->with($singleUser)
-					->willReturn($groupResponse);
-			}
-
-			$this->groupManager->method('displayNamesInGroup')
-				->willReturnMap($userResponse);
-		}
-
-		if ($singleUser !== false) {
-			$users[] = [$searchTerm, $singleUser];
-		}
-
-		if (!empty($users)) {
-			$this->userManager->expects($this->atLeastOnce())
-				->method('get')
-				->willReturnMap($users);
-		}
-
-		$moreResults = $this->plugin->search($searchTerm, $this->limit, $this->offset, $this->searchResult);
-		$result = $this->searchResult->asArray();
-
-		$this->assertEquals($exactExpected, $result['exact']['users']);
-		$this->assertEquals($expected, $result['users']);
-		$this->assertSame($reachedEnd, $moreResults);
-	}
-
-	public static function takeOutCurrentUserProvider(): array {
-		$inputUsers = [
-			'alice' => 'Alice',
-			'bob' => 'Bob',
-			'carol' => 'Carol',
-		];
-		return [
-			[
-				$inputUsers,
-				['alice', 'carol'],
-				'bob',
-			],
-			[
-				$inputUsers,
-				['alice', 'bob', 'carol'],
-				'dave',
-			],
-			[
-				$inputUsers,
-				['alice', 'bob', 'carol'],
-				null,
-			],
-		];
-	}
-
-	#[DataProvider('takeOutCurrentUserProvider')]
-	public function testTakeOutCurrentUser(array $users, array $expectedUIDs, ?string $currentUserId): void {
-		$this->instantiatePlugin();
-
-		$this->session->expects($this->once())
-			->method('getUser')
-			->willReturnCallback(function () use ($currentUserId) {
-				if ($currentUserId !== null) {
-					return $this->getUserMock($currentUserId, $currentUserId);
-				}
-				return null;
-			});
-
-		$this->plugin->takeOutCurrentUser($users);
-		$this->assertSame($expectedUIDs, array_keys($users));
-	}
-
-	public static function dataSearchEnumeration(): array {
-		return [
-			[
-				'test',
-				['groupA'],
-				[
-					['uid' => 'test1', 'groups' => ['groupA']],
-					['uid' => 'test2', 'groups' => ['groupB']],
-				],
-				['exact' => [], 'wide' => ['test1']],
-				['core' => ['shareapi_restrict_user_enumeration_to_group' => 'yes']],
-			],
-			[
-				'test',
-				['groupA'],
-				[
-					['uid' => 'test1', 'displayName' => 'Test user 1', 'groups' => ['groupA']],
-					['uid' => 'test2', 'displayName' => 'Test user 2', 'groups' => ['groupA']],
-				],
-				['exact' => [], 'wide' => []],
-				['core' => ['shareapi_allow_share_dialog_user_enumeration' => 'no']],
-			],
-			[
-				'test1',
-				['groupA'],
-				[
-					['uid' => 'test1', 'displayName' => 'Test user 1', 'groups' => ['groupA']],
-					['uid' => 'test2', 'displayName' => 'Test user 2', 'groups' => ['groupA']],
-				],
-				['exact' => ['test1'], 'wide' => []],
-				['core' => ['shareapi_allow_share_dialog_user_enumeration' => 'no']],
-			],
-			[
-				'test1',
-				['groupA'],
-				[
-					['uid' => 'test1', 'displayName' => 'Test user 1', 'groups' => ['groupA']],
-					['uid' => 'test2', 'displayName' => 'Test user 2', 'groups' => ['groupA']],
-				],
-				['exact' => [], 'wide' => []],
-				[
-					'core' => [
-						'shareapi_allow_share_dialog_user_enumeration' => 'no',
-						'shareapi_restrict_user_enumeration_full_match_user_id' => 'no',
-					],
-				]
-			],
-			[
-				'Test user 1',
-				['groupA'],
-				[
-					['uid' => 'test1', 'displayName' => 'Test user 1', 'groups' => ['groupA']],
-					['uid' => 'test2', 'displayName' => 'Test user 2', 'groups' => ['groupA']],
-				],
-				['exact' => ['test1'], 'wide' => []],
-				[
-					'core' => [
-						'shareapi_allow_share_dialog_user_enumeration' => 'no',
-						'shareapi_restrict_user_enumeration_full_match_user_id' => 'no',
-					],
-				]
-			],
-			[
-				'Test user 1',
-				['groupA'],
-				[
-					['uid' => 'test1', 'displayName' => 'Test user 1 (Second displayName for user 1)', 'groups' => ['groupA']],
-					['uid' => 'test2', 'displayName' => 'Test user 2 (Second displayName for user 2)', 'groups' => ['groupA']],
-				],
-				['exact' => [], 'wide' => []],
-				['core' => ['shareapi_allow_share_dialog_user_enumeration' => 'no'],
-				]
-			],
-			[
-				'Test user 1',
-				['groupA'],
-				[
-					['uid' => 'test1', 'displayName' => 'Test user 1 (Second displayName for user 1)', 'groups' => ['groupA']],
-					['uid' => 'test2', 'displayName' => 'Test user 2 (Second displayName for user 2)', 'groups' => ['groupA']],
-				],
-				['exact' => ['test1'], 'wide' => []],
-				[
-					'core' => [
-						'shareapi_allow_share_dialog_user_enumeration' => 'no',
-						'shareapi_restrict_user_enumeration_full_match_ignore_second_dn' => 'yes',
-					],
-				]
-			],
-			[
-				'test1',
-				['groupA'],
-				[
-					['uid' => 'test1', 'groups' => ['groupA']],
-					['uid' => 'test2', 'groups' => ['groupB']],
-				],
-				['exact' => ['test1'], 'wide' => []],
-				['core' => ['shareapi_restrict_user_enumeration_to_group' => 'yes']],
-			],
-			[
-				'test',
-				['groupA'],
-				[
-					['uid' => 'test1', 'groups' => ['groupA']],
-					['uid' => 'test2', 'groups' => ['groupB', 'groupA']],
-				],
-				['exact' => [], 'wide' => ['test1', 'test2']],
-				['core' => ['shareapi_restrict_user_enumeration_to_group' => 'yes']],
-			],
-			[
-				'test',
-				['groupA'],
-				[
-					['uid' => 'test1', 'groups' => ['groupA', 'groupC']],
-					['uid' => 'test2', 'groups' => ['groupB', 'groupA']],
-				],
-				['exact' => [], 'wide' => ['test1', 'test2']],
-				['core' => ['shareapi_restrict_user_enumeration_to_group' => 'yes']],
-			],
-			[
-				'test',
-				['groupC', 'groupB'],
-				[
-					['uid' => 'test1', 'groups' => ['groupA', 'groupC']],
-					['uid' => 'test2', 'groups' => ['groupB', 'groupA']],
-				],
-				['exact' => [], 'wide' => ['test1', 'test2']],
-				['core' => ['shareapi_restrict_user_enumeration_to_group' => 'yes']],
-			],
-			[
-				'test',
-				[],
-				[
-					['uid' => 'test1', 'groups' => ['groupA']],
-					['uid' => 'test2', 'groups' => ['groupB', 'groupA']],
-				],
-				['exact' => [], 'wide' => []],
-				['core' => ['shareapi_restrict_user_enumeration_to_group' => 'yes']],
-			],
-			[
-				'test',
-				['groupC', 'groupB'],
-				[
-					['uid' => 'test1', 'groups' => []],
-					['uid' => 'test2', 'groups' => []],
-				],
-				['exact' => [], 'wide' => []],
-				['core' => ['shareapi_restrict_user_enumeration_to_group' => 'yes']],
-			],
-			[
-				'test',
-				['groupC', 'groupB'],
-				[
-					['uid' => 'test1', 'groups' => []],
-					['uid' => 'test2', 'groups' => []],
-				],
-				['exact' => [], 'wide' => []],
-				['core' => ['shareapi_restrict_user_enumeration_to_group' => 'yes']],
-			],
-		];
-	}
-
-	#[DataProvider('dataSearchEnumeration')]
-	public function testSearchEnumerationLimit(string $search, $userGroups, $matchingUsers, $result, $mockedSettings): void {
-		$this->mockConfig($mockedSettings);
-
-		$userResults = [];
-		foreach ($matchingUsers as $user) {
-			$userResults[$user['uid']] = $user['uid'];
-		}
-
-		$usersById = [];
-		foreach ($matchingUsers as $user) {
-			$usersById[$user['uid']] = $user;
-		}
-
-		$mappedResultExact = array_map(function ($user) use ($usersById, $search) {
-			return [
-				'label' => $search === $user ? $user : $usersById[$user]['displayName'],
-				'value' => ['shareType' => 0, 'shareWith' => $user],
-				'icon' => 'icon-user',
-				'subline' => null,
-				'status' => [],
-				'shareWithDisplayNameUnique' => $user,
-			];
-		}, $result['exact']);
-		$mappedResultWide = array_map(function ($user) {
-			return [
-				'label' => $user,
-				'value' => ['shareType' => 0, 'shareWith' => $user],
-				'icon' => 'icon-user',
-				'subline' => null,
-				'status' => [],
-				'shareWithDisplayNameUnique' => $user,
-			];
-		}, $result['wide']);
-
-		$this->userManager
-			->method('get')
-			->willReturnCallback(function ($userId) use ($userResults) {
-				if (isset($userResults[$userId])) {
-					return $this->getUserMock($userId, $userId);
-				}
-				return null;
-			});
-		$this->userManager
-			->method('searchDisplayName')
-			->willReturnCallback(function ($search) use ($matchingUsers) {
-				$users = array_filter(
-					$matchingUsers,
-					fn ($user) => str_contains(strtolower($user['displayName'] ?? ''), strtolower($search))
-				);
-				return array_map(
-					fn ($user) => $this->getUserMock($user['uid'], $user['displayName'] ?? ''),
-					$users);
-			});
-
-		$this->groupManager->method('displayNamesInGroup')
-			->willReturn($userResults);
-
-
-		$this->session->expects($this->any())
-			->method('getUser')
-			->willReturn($this->getUserMock('test', 'foo'));
-		$this->groupManager->expects($this->any())
-			->method('getUserGroupIds')
-			->willReturnCallback(function ($user) use ($matchingUsers, $userGroups) {
-				static $firstCall = true;
-				if ($firstCall) {
-					$firstCall = false;
-					// current user
-					return $userGroups;
-				}
-				$neededObject = array_filter(
-					$matchingUsers,
-					function ($e) use ($user) {
-						return $user->getUID() === $e['uid'];
-					}
-				);
-				if (count($neededObject) > 0) {
-					return array_shift($neededObject)['groups'];
-				}
-				return [];
-			});
-
-		$this->instantiatePlugin();
-		$this->plugin->search($search, $this->limit, $this->offset, $this->searchResult);
-		$result = $this->searchResult->asArray();
-
-		$this->assertEquals($mappedResultExact, $result['exact']['users']);
-		$this->assertEquals($mappedResultWide, $result['users']);
-	}
+    private IConfig&MockObject $config;
+    private IUserManager&MockObject $userManager;
+    private IGroupManager&MockObject $groupManager;
+    private IUserSession&MockObject $session;
+    private KnownUserService&MockObject $knownUserService;
+    private IUserStatusManager&MockObject $userStatusManager;
+    private IUser&MockObject $user;
+
+    /** @var UserPlugin */
+    protected $plugin;
+
+    /** @var ISearchResult */
+    protected $searchResult;
+
+    protected int $limit = 2;
+
+    protected int $offset = 0;
+
+    protected function setUp(): void {
+        parent::setUp();
+
+        $this->config = $this->createMock(IConfig::class);
+
+        $this->userManager = $this->createMock(IUserManager::class);
+
+        $this->groupManager = $this->createMock(IGroupManager::class);
+
+        $this->session = $this->createMock(IUserSession::class);
+
+        $this->knownUserService = $this->createMock(KnownUserService::class);
+
+        $this->userStatusManager = $this->createMock(IUserStatusManager::class);
+
+        $this->searchResult = new SearchResult();
+
+        $this->user = $this->getUserMock('admin', 'Administrator');
+    }
+
+    public function instantiatePlugin(): void {
+        // cannot be done within setUp, because dependent mocks needs to be set
+        // up with configuration etc. first
+        $this->plugin = new UserPlugin(
+            $this->config,
+            $this->userManager,
+            $this->groupManager,
+            $this->session,
+            $this->knownUserService,
+            $this->userStatusManager
+        );
+    }
+
+    public function mockConfig($mockedSettings): void {
+        $this->config->expects($this->any())
+            ->method('getAppValue')
+            ->willReturnCallback(
+                function ($appName, $key, $default) use ($mockedSettings) {
+                    return $mockedSettings[$appName][$key] ?? $default;
+                }
+            );
+    }
+
+    public function getUserMock(string $uid, string $displayName, bool $enabled = true, array $groups = []): IUser&MockObject {
+        $user = $this->createMock(IUser::class);
+
+        $user->expects($this->any())
+            ->method('getUID')
+            ->willReturn($uid);
+
+        $user->expects($this->any())
+            ->method('getDisplayName')
+            ->willReturn($displayName);
+
+        $user->expects($this->any())
+            ->method('isEnabled')
+            ->willReturn($enabled);
+
+        return $user;
+    }
+
+    public static function dataGetUsers(): array {
+        return [
+            ['test', false, true, [], [], [], [], true, false],
+            ['test', false, false, [], [], [], [], true, false],
+            ['test', true, true, [], [], [], [], true, false],
+            ['test', true, false, [], [], [], [], true, false],
+            [
+                'test', false, true, [], [],
+                [
+                    ['label' => 'Test', 'value' => ['shareType' => IShare::TYPE_USER, 'shareWith' => 'test'], 'icon' => 'icon-user', 'subline' => null, 'status' => [], 'shareWithDisplayNameUnique' => 'test'],
+                ], [], true, ['test', 'Test'],
+            ],
+            [
+                'test', false, false, [], [],
+                [
+                    ['label' => 'Test', 'value' => ['shareType' => IShare::TYPE_USER, 'shareWith' => 'test'], 'icon' => 'icon-user', 'subline' => null, 'status' => [], 'shareWithDisplayNameUnique' => 'test'],
+                ], [], true, ['test', 'Test'],
+            ],
+            [
+                'test', true, true, [], [],
+                [], [], true, ['test', 'Test'],
+            ],
+            [
+                'test', true, false, [], [],
+                [], [], true, ['test', 'Test'],
+            ],
+            [
+                'test', true, true, ['test-group'], [['test-group', 'test', 2, 0, []]],
+                [
+                    ['label' => 'Test', 'value' => ['shareType' => IShare::TYPE_USER, 'shareWith' => 'test'], 'icon' => 'icon-user', 'subline' => null, 'status' => [], 'shareWithDisplayNameUnique' => 'test'],
+                ], [], true, ['test', 'Test'],
+            ],
+            [
+                'test', true, false, ['test-group'], [['test-group', 'test', 2, 0, []]],
+                [
+                    ['label' => 'Test', 'value' => ['shareType' => IShare::TYPE_USER, 'shareWith' => 'test'], 'icon' => 'icon-user', 'subline' => null, 'status' => [], 'shareWithDisplayNameUnique' => 'test'],
+                ], [], true, ['test', 'Test'],
+            ],
+            [
+                'test',
+                false,
+                true,
+                [],
+                [
+                    ['test1', 'Test One'],
+                ],
+                [],
+                [
+                    ['label' => 'Test One', 'value' => ['shareType' => IShare::TYPE_USER, 'shareWith' => 'test1'], 'icon' => 'icon-user', 'subline' => null, 'status' => [], 'shareWithDisplayNameUnique' => 'test1'],
+                ],
+                true,
+                false,
+            ],
+            [
+                'test',
+                false,
+                false,
+                [],
+                [
+                    ['test1', 'Test One'],
+                ],
+                [],
+                [],
+                true,
+                false,
+            ],
+            [
+                'test',
+                false,
+                true,
+                [],
+                [
+                    ['test1', 'Test One'],
+                    ['test2', 'Test Two'],
+                ],
+                [],
+                [
+                    ['label' => 'Test One', 'value' => ['shareType' => IShare::TYPE_USER, 'shareWith' => 'test1'], 'icon' => 'icon-user', 'subline' => null, 'status' => [], 'shareWithDisplayNameUnique' => 'test1'],
+                    ['label' => 'Test Two', 'value' => ['shareType' => IShare::TYPE_USER, 'shareWith' => 'test2'], 'icon' => 'icon-user', 'subline' => null, 'status' => [], 'shareWithDisplayNameUnique' => 'test2'],
+                ],
+                false,
+                false,
+            ],
+            [
+                'test',
+                false,
+                false,
+                [],
+                [
+                    ['test1', 'Test One'],
+                    ['test2', 'Test Two'],
+                ],
+                [],
+                [],
+                true,
+                false,
+            ],
+            [
+                'test',
+                false,
+                true,
+                [],
+                [
+                    ['test0', 'Test'],
+                    ['test1', 'Test One'],
+                    ['test2', 'Test Two'],
+                ],
+                [
+                    ['label' => 'Test', 'value' => ['shareType' => IShare::TYPE_USER, 'shareWith' => 'test0'], 'icon' => 'icon-user', 'subline' => null, 'status' => [], 'shareWithDisplayNameUnique' => 'test0'],
+                ],
+                [
+                    ['label' => 'Test One', 'value' => ['shareType' => IShare::TYPE_USER, 'shareWith' => 'test1'], 'icon' => 'icon-user', 'subline' => null, 'status' => [], 'shareWithDisplayNameUnique' => 'test1'],
+                    ['label' => 'Test Two', 'value' => ['shareType' => IShare::TYPE_USER, 'shareWith' => 'test2'], 'icon' => 'icon-user', 'subline' => null, 'status' => [], 'shareWithDisplayNameUnique' => 'test2'],
+                ],
+                false,
+                false,
+            ],
+            [
+                'test',
+                false,
+                true,
+                [],
+                [
+                    ['test0', 'Test'],
+                    ['test1', 'Test One'],
+                    ['test2', 'Test Two'],
+                ],
+                [
+                    ['label' => 'Test', 'value' => ['shareType' => IShare::TYPE_USER, 'shareWith' => 'test0'], 'icon' => 'icon-user', 'subline' => null, 'status' => [], 'shareWithDisplayNameUnique' => 'test0'],
+                ],
+                [
+                    ['label' => 'Test One', 'value' => ['shareType' => IShare::TYPE_USER, 'shareWith' => 'test1'], 'icon' => 'icon-user', 'subline' => null, 'status' => [], 'shareWithDisplayNameUnique' => 'test1'],
+                    ['label' => 'Test Two', 'value' => ['shareType' => IShare::TYPE_USER, 'shareWith' => 'test2'], 'icon' => 'icon-user', 'subline' => null, 'status' => [], 'shareWithDisplayNameUnique' => 'test2'],
+                ],
+                false,
+                false,
+                [],
+                true,
+            ],
+            [
+                'test',
+                false,
+                false,
+                [],
+                [
+                    ['test0', 'Test'],
+                    ['test1', 'Test One'],
+                    ['test2', 'Test Two'],
+                ],
+                [
+                    ['label' => 'Test', 'value' => ['shareType' => IShare::TYPE_USER, 'shareWith' => 'test0'], 'icon' => 'icon-user', 'subline' => null, 'status' => [], 'shareWithDisplayNameUnique' => 'test0'],
+                ],
+                [],
+                true,
+                false,
+            ],
+            [
+                'test',
+                true,
+                true,
+                ['abc', 'xyz'],
+                [
+                    ['abc', 'test', 2, 0, ['test1' => 'Test One']],
+                    ['xyz', 'test', 2, 0, []],
+                ],
+                [],
+                [
+                    ['label' => 'Test One', 'value' => ['shareType' => IShare::TYPE_USER, 'shareWith' => 'test1'], 'icon' => 'icon-user', 'subline' => null, 'status' => [], 'shareWithDisplayNameUnique' => 'test1'],
+                ],
+                true,
+                false,
+                [['test1', ['test1', 'Test One']]],
+            ],
+            [
+                'test',
+                true,
+                false,
+                ['abc', 'xyz'],
+                [
+                    ['abc', 'test', 2, 0, ['test1' => 'Test One']],
+                    ['xyz', 'test', 2, 0, []],
+                ],
+                [],
+                [],
+                true,
+                false,
+                [['test1', ['test1', 'Test One']]],
+            ],
+            [
+                'test',
+                true,
+                true,
+                ['abc', 'xyz'],
+                [
+                    ['abc', 'test', 2, 0, [
+                        'test1' => 'Test One',
+                        'test2' => 'Test Two',
+                    ]],
+                    ['xyz', 'test', 2, 0, [
+                        'test1' => 'Test One',
+                        'test2' => 'Test Two',
+                    ]],
+                ],
+                [],
+                [
+                    ['label' => 'Test One', 'value' => ['shareType' => IShare::TYPE_USER, 'shareWith' => 'test1'], 'icon' => 'icon-user', 'subline' => null, 'status' => [], 'shareWithDisplayNameUnique' => 'test1'],
+                    ['label' => 'Test Two', 'value' => ['shareType' => IShare::TYPE_USER, 'shareWith' => 'test2'], 'icon' => 'icon-user', 'subline' => null, 'status' => [], 'shareWithDisplayNameUnique' => 'test2'],
+                ],
+                true,
+                false,
+                [
+                    ['test1', ['test1', 'Test One']],
+                    ['test2', ['test2', 'Test Two']],
+                ],
+            ],
+            [
+                'test',
+                true,
+                false,
+                ['abc', 'xyz'],
+                [
+                    ['abc', 'test', 2, 0, [
+                        'test1' => 'Test One',
+                        'test2' => 'Test Two',
+                    ]],
+                    ['xyz', 'test', 2, 0, [
+                        'test1' => 'Test One',
+                        'test2' => 'Test Two',
+                    ]],
+                ],
+                [],
+                [],
+                true,
+                false,
+                [
+                    ['test1', ['test1', 'Test One']],
+                    ['test2', ['test2', 'Test Two']],
+                ],
+            ],
+            [
+                'test',
+                true,
+                true,
+                ['abc', 'xyz'],
+                [
+                    ['abc', 'test', 2, 0, [
+                        'test' => 'Test One',
+                    ]],
+                    ['xyz', 'test', 2, 0, [
+                        'test2' => 'Test Two',
+                    ]],
+                ],
+                [
+                    ['label' => 'Test One', 'value' => ['shareType' => IShare::TYPE_USER, 'shareWith' => 'test'], 'icon' => 'icon-user', 'subline' => null, 'status' => [], 'shareWithDisplayNameUnique' => 'test'],
+                ],
+                [
+                    ['label' => 'Test Two', 'value' => ['shareType' => IShare::TYPE_USER, 'shareWith' => 'test2'], 'icon' => 'icon-user', 'subline' => null, 'status' => [], 'shareWithDisplayNameUnique' => 'test2'],
+                ],
+                false,
+                false,
+                [
+                    ['test', ['test', 'Test One']],
+                    ['test2', ['test2', 'Test Two']],
+                ],
+            ],
+            [
+                'test',
+                true,
+                false,
+                ['abc', 'xyz'],
+                [
+                    ['abc', 'test', 2, 0, [
+                        'test' => 'Test One',
+                    ]],
+                    ['xyz', 'test', 2, 0, [
+                        'test2' => 'Test Two',
+                    ]],
+                ],
+                [
+                    ['label' => 'Test One', 'value' => ['shareType' => IShare::TYPE_USER, 'shareWith' => 'test'], 'icon' => 'icon-user', 'subline' => null, 'status' => [], 'shareWithDisplayNameUnique' => 'test'],
+                ],
+                [],
+                true,
+                false,
+                [
+                    ['test', ['test', 'Test One']],
+                    ['test2', ['test2', 'Test Two']],
+                ],
+            ],
+        ];
+    }
+
+    #[DataProvider('dataGetUsers')]
+    public function testSearch(
+        string $searchTerm,
+        bool $shareWithGroupOnly,
+        bool $shareeEnumeration,
+        array $groupResponse,
+        array $userResponse,
+        array $exactExpected,
+        array $expected,
+        bool $reachedEnd,
+        array|false $singleUser,
+        array $users = [],
+        bool $shareeEnumerationPhone = false,
+    ): void {
+        if ($singleUser !== false) {
+            $singleUser = $this->getUserMock(...$singleUser);
+        }
+        $users = array_map(
+            fn ($args) => [$args[0], $this->getUserMock(...$args[1])],
+            $users
+        );
+        $this->mockConfig(['core' => [
+            'shareapi_only_share_with_group_members' => $shareWithGroupOnly ? 'yes' : 'no',
+            'shareapi_allow_share_dialog_user_enumeration' => $shareeEnumeration? 'yes' : 'no',
+            'shareapi_restrict_user_enumeration_to_group' => false ? 'yes' : 'no',
+            'shareapi_restrict_user_enumeration_to_phone' => $shareeEnumerationPhone ? 'yes' : 'no',
+        ]]);
+
+        $this->instantiatePlugin();
+
+        $this->session->expects($this->any())
+            ->method('getUser')
+            ->willReturn($this->user);
+
+        if (!$shareWithGroupOnly) {
+            $userResponse = array_map(
+                fn ($args) => $this->getUserMock(...$args),
+                $userResponse
+            );
+            if ($shareeEnumerationPhone) {
+                $this->userManager->expects($this->once())
+                    ->method('searchKnownUsersByDisplayName')
+                    ->with($this->user->getUID(), $searchTerm, $this->limit, $this->offset)
+                    ->willReturn($userResponse);
+
+                $this->knownUserService->method('isKnownToUser')
+                    ->willReturnMap([
+                        [$this->user->getUID(), 'test0', true],
+                        [$this->user->getUID(), 'test1', true],
+                        [$this->user->getUID(), 'test2', true],
+                    ]);
+            }
+            $this->userManager->expects($this->once())
+                ->method('searchDisplayName')
+                ->with($searchTerm, $this->limit, $this->offset)
+                ->willReturn($userResponse);
+        } else {
+            $this->groupManager->method('getUserGroupIds')
+                ->with($this->user)
+                ->willReturn($groupResponse);
+
+            if ($singleUser !== false) {
+                $this->groupManager->method('getUserGroupIds')
+                    ->with($singleUser)
+                    ->willReturn($groupResponse);
+            }
+
+            $this->groupManager->method('displayNamesInGroup')
+                ->willReturnMap($userResponse);
+        }
+
+        if ($singleUser !== false) {
+            $users[] = [$searchTerm, $singleUser];
+        }
+
+        if (!empty($users)) {
+            $this->userManager->expects($this->atLeastOnce())
+                ->method('get')
+                ->willReturnMap($users);
+        }
+
+        $moreResults = $this->plugin->search($searchTerm, $this->limit, $this->offset, $this->searchResult);
+        $result = $this->searchResult->asArray();
+
+        $this->assertEquals($exactExpected, $result['exact']['users']);
+        $this->assertEquals($expected, $result['users']);
+        $this->assertSame($reachedEnd, $moreResults);
+    }
+
+    public static function takeOutCurrentUserProvider(): array {
+        $inputUsers = [
+            'alice' => 'Alice',
+            'bob' => 'Bob',
+            'carol' => 'Carol',
+        ];
+        return [
+            [
+                $inputUsers,
+                ['alice', 'carol'],
+                'bob',
+            ],
+            [
+                $inputUsers,
+                ['alice', 'bob', 'carol'],
+                'dave',
+            ],
+            [
+                $inputUsers,
+                ['alice', 'bob', 'carol'],
+                null,
+            ],
+        ];
+    }
+
+    #[DataProvider('takeOutCurrentUserProvider')]
+    public function testTakeOutCurrentUser(array $users, array $expectedUIDs, ?string $currentUserId): void {
+        $this->instantiatePlugin();
+
+        $this->session->expects($this->once())
+            ->method('getUser')
+            ->willReturnCallback(function () use ($currentUserId) {
+                if ($currentUserId !== null) {
+                    return $this->getUserMock($currentUserId, $currentUserId);
+                }
+                return null;
+            });
+
+        $this->plugin->takeOutCurrentUser($users);
+        $this->assertSame($expectedUIDs, array_keys($users));
+    }
+
+    public static function dataSearchEnumeration(): array {
+        return [
+            [
+                'test',
+                ['groupA'],
+                [
+                    ['uid' => 'test1', 'groups' => ['groupA']],
+                    ['uid' => 'test2', 'groups' => ['groupB']],
+                ],
+                ['exact' => [], 'wide' => ['test1']],
+                ['core' => ['shareapi_restrict_user_enumeration_to_group' => 'yes']],
+            ],
+            [
+                'test',
+                ['groupA'],
+                [
+                    ['uid' => 'test1', 'displayName' => 'Test user 1', 'groups' => ['groupA']],
+                    ['uid' => 'test2', 'displayName' => 'Test user 2', 'groups' => ['groupA']],
+                ],
+                ['exact' => [], 'wide' => []],
+                ['core' => ['shareapi_allow_share_dialog_user_enumeration' => 'no']],
+            ],
+            [
+                'test1',
+                ['groupA'],
+                [
+                    ['uid' => 'test1', 'displayName' => 'Test user 1', 'groups' => ['groupA']],
+                    ['uid' => 'test2', 'displayName' => 'Test user 2', 'groups' => ['groupA']],
+                ],
+                ['exact' => ['test1'], 'wide' => []],
+                ['core' => ['shareapi_allow_share_dialog_user_enumeration' => 'no']],
+            ],
+            [
+                'test1',
+                ['groupA'],
+                [
+                    ['uid' => 'test1', 'displayName' => 'Test user 1', 'groups' => ['groupA']],
+                    ['uid' => 'test2', 'displayName' => 'Test user 2', 'groups' => ['groupA']],
+                ],
+                ['exact' => [], 'wide' => []],
+                [
+                    'core' => [
+                        'shareapi_allow_share_dialog_user_enumeration' => 'no',
+                        'shareapi_restrict_user_enumeration_full_match_user_id' => 'no',
+                    ],
+                ]
+            ],
+            [
+                'Test user 1',
+                ['groupA'],
+                [
+                    ['uid' => 'test1', 'displayName' => 'Test user 1', 'groups' => ['groupA']],
+                    ['uid' => 'test2', 'displayName' => 'Test user 2', 'groups' => ['groupA']],
+                ],
+                ['exact' => ['test1'], 'wide' => []],
+                [
+                    'core' => [
+                        'shareapi_allow_share_dialog_user_enumeration' => 'no',
+                        'shareapi_restrict_user_enumeration_full_match_user_id' => 'no',
+                    ],
+                ]
+            ],
+            [
+                'Test user 1',
+                ['groupA'],
+                [
+                    ['uid' => 'test1', 'displayName' => 'Test user 1 (Second displayName for user 1)', 'groups' => ['groupA']],
+                    ['uid' => 'test2', 'displayName' => 'Test user 2 (Second displayName for user 2)', 'groups' => ['groupA']],
+                ],
+                ['exact' => [], 'wide' => []],
+                ['core' => ['shareapi_allow_share_dialog_user_enumeration' => 'no'],
+                ]
+            ],
+            [
+                'Test user 1',
+                ['groupA'],
+                [
+                    ['uid' => 'test1', 'displayName' => 'Test user 1 (Second displayName for user 1)', 'groups' => ['groupA']],
+                    ['uid' => 'test2', 'displayName' => 'Test user 2 (Second displayName for user 2)', 'groups' => ['groupA']],
+                ],
+                ['exact' => ['test1'], 'wide' => []],
+                [
+                    'core' => [
+                        'shareapi_allow_share_dialog_user_enumeration' => 'no',
+                        'shareapi_restrict_user_enumeration_full_match_ignore_second_dn' => 'yes',
+                    ],
+                ]
+            ],
+            [
+                'test1',
+                ['groupA'],
+                [
+                    ['uid' => 'test1', 'groups' => ['groupA']],
+                    ['uid' => 'test2', 'groups' => ['groupB']],
+                ],
+                ['exact' => ['test1'], 'wide' => []],
+                ['core' => ['shareapi_restrict_user_enumeration_to_group' => 'yes']],
+            ],
+            [
+                'test',
+                ['groupA'],
+                [
+                    ['uid' => 'test1', 'groups' => ['groupA']],
+                    ['uid' => 'test2', 'groups' => ['groupB', 'groupA']],
+                ],
+                ['exact' => [], 'wide' => ['test1', 'test2']],
+                ['core' => ['shareapi_restrict_user_enumeration_to_group' => 'yes']],
+            ],
+            [
+                'test',
+                ['groupA'],
+                [
+                    ['uid' => 'test1', 'groups' => ['groupA', 'groupC']],
+                    ['uid' => 'test2', 'groups' => ['groupB', 'groupA']],
+                ],
+                ['exact' => [], 'wide' => ['test1', 'test2']],
+                ['core' => ['shareapi_restrict_user_enumeration_to_group' => 'yes']],
+            ],
+            [
+                'test',
+                ['groupC', 'groupB'],
+                [
+                    ['uid' => 'test1', 'groups' => ['groupA', 'groupC']],
+                    ['uid' => 'test2', 'groups' => ['groupB', 'groupA']],
+                ],
+                ['exact' => [], 'wide' => ['test1', 'test2']],
+                ['core' => ['shareapi_restrict_user_enumeration_to_group' => 'yes']],
+            ],
+            [
+                'test',
+                [],
+                [
+                    ['uid' => 'test1', 'groups' => ['groupA']],
+                    ['uid' => 'test2', 'groups' => ['groupB', 'groupA']],
+                ],
+                ['exact' => [], 'wide' => []],
+                ['core' => ['shareapi_restrict_user_enumeration_to_group' => 'yes']],
+            ],
+            [
+                'test',
+                ['groupC', 'groupB'],
+                [
+                    ['uid' => 'test1', 'groups' => []],
+                    ['uid' => 'test2', 'groups' => []],
+                ],
+                ['exact' => [], 'wide' => []],
+                ['core' => ['shareapi_restrict_user_enumeration_to_group' => 'yes']],
+            ],
+            [
+                'test',
+                ['groupC', 'groupB'],
+                [
+                    ['uid' => 'test1', 'groups' => []],
+                    ['uid' => 'test2', 'groups' => []],
+                ],
+                ['exact' => [], 'wide' => []],
+                ['core' => ['shareapi_restrict_user_enumeration_to_group' => 'yes']],
+            ],
+        ];
+    }
+
+    #[DataProvider('dataSearchEnumeration')]
+    public function testSearchEnumerationLimit(string $search, $userGroups, $matchingUsers, $result, $mockedSettings): void {
+        $this->mockConfig($mockedSettings);
+
+        $userResults = [];
+        foreach ($matchingUsers as $user) {
+            $userResults[$user['uid']] = $user['uid'];
+        }
+
+        $usersById = [];
+        foreach ($matchingUsers as $user) {
+            $usersById[$user['uid']] = $user;
+        }
+
+        $mappedResultExact = array_map(function ($user) use ($usersById, $search) {
+            return [
+                'label' => $search === $user ? $user : $usersById[$user]['displayName'],
+                'value' => ['shareType' => 0, 'shareWith' => $user],
+                'icon' => 'icon-user',
+                'subline' => null,
+                'status' => [],
+                'shareWithDisplayNameUnique' => $user,
+            ];
+        }, $result['exact']);
+        $mappedResultWide = array_map(function ($user) {
+            return [
+                'label' => $user,
+                'value' => ['shareType' => 0, 'shareWith' => $user],
+                'icon' => 'icon-user',
+                'subline' => null,
+                'status' => [],
+                'shareWithDisplayNameUnique' => $user,
+            ];
+        }, $result['wide']);
+
+        $this->userManager
+            ->method('get')
+            ->willReturnCallback(function ($userId) use ($userResults) {
+                if (isset($userResults[$userId])) {
+                    return $this->getUserMock($userId, $userId);
+                }
+                return null;
+            });
+        $this->userManager
+            ->method('searchDisplayName')
+            ->willReturnCallback(function ($search) use ($matchingUsers) {
+                $users = array_filter(
+                    $matchingUsers,
+                    fn ($user) => str_contains(strtolower($user['displayName'] ?? ''), strtolower($search))
+                );
+                return array_map(
+                    fn ($user) => $this->getUserMock($user['uid'], $user['displayName'] ?? ''),
+                    $users);
+            });
+
+        $this->groupManager->method('displayNamesInGroup')
+            ->willReturn($userResults);
+
+
+        $this->session->expects($this->any())
+            ->method('getUser')
+            ->willReturn($this->getUserMock('test', 'foo'));
+        $this->groupManager->expects($this->any())
+            ->method('getUserGroupIds')
+            ->willReturnCallback(function ($user) use ($matchingUsers, $userGroups) {
+                static $firstCall = true;
+                if ($firstCall) {
+                    $firstCall = false;
+                    // current user
+                    return $userGroups;
+                }
+                $neededObject = array_filter(
+                    $matchingUsers,
+                    function ($e) use ($user) {
+                        return $user->getUID() === $e['uid'];
+                    }
+                );
+                if (count($neededObject) > 0) {
+                    return array_shift($neededObject)['groups'];
+                }
+                return [];
+            });
+
+        $this->instantiatePlugin();
+        $this->plugin->search($search, $this->limit, $this->offset, $this->searchResult);
+        $result = $this->searchResult->asArray();
+
+        $this->assertEquals($mappedResultExact, $result['exact']['users']);
+        $this->assertEquals($mappedResultWide, $result['users']);
+    }
 }