Use rawurldecode for allowing "+" in guests emails

lib/Controller/UsersController.php

@@ -114,7 +114,7 @@ public function __construct(
 	 */
 	public function create($email, $displayName) {
 		$errorMessages = [];
-		$email = \trim(\urldecode($email));
+		$email = \trim(\rawurldecode($email));
 		$username = \strtolower($email);
 
 		if (empty($email) || !$this->mailer->validateMailAddress($email)) {

tests/acceptance/features/apiGuests/guests.feature

@@ -5,10 +5,16 @@ Feature: Guests
     Given using OCS API version "1"
     And using new dav path
 
-  Scenario: Creating a guest user works fine
-    When the administrator creates guest user "guest" with email "[email protected]" using the API
+  Scenario Outline: Creating a guest user works fine
+    When the administrator creates guest user "<user>" with email "<email-address>" using the API
     Then the HTTP status code should be "201"
-    And user "guest" should be a guest user
+    And user "<user>" should be a guest user
+    And the email address of user "<email-address>" should be "<email-address>"
+    Examples:
+      | email-address                  | user                 |
+      | [email protected]              | guest                |
+      | [email protected]           | john.smith           |
+      | [email protected] | betty_anne+bob-burns |
 
   Scenario: Cannot create a guest if a user with the same email address exists
     Given user "existing-user" has been created with default attributes and skeleton files
@@ -37,15 +43,21 @@ Feature: Guests
     And as "user0" file "/textfile.txt" should not exist
 
   @mailhog
-  Scenario: A guest user can upload files to a folder shared with them
+  Scenario Outline: A guest user can upload files to a folder shared with them
     Given user "user0" has been created with default attributes and skeleton files
-    And the administrator has created guest user "guest" with email "[email protected]"
+    And the administrator has created guest user "<user>" with email "<email-address>"
     And the HTTP status code should be "201"
     And user "user0" has created folder "/tmp"
-    And user "user0" has shared folder "/tmp" with user "[email protected]"
-    And guest user "guest" has registered
-    When user "[email protected]" uploads file "textfile.txt" from the guests test data folder to "/tmp/textfile.txt" using the WebDAV API
+    And user "user0" has shared folder "/tmp" with user "<email-address>"
+    And guest user "<user>" has registered
+    When user "<email-address>" uploads file "textfile.txt" from the guests test data folder to "/tmp/textfile.txt" using the WebDAV API
     Then the HTTP status code should be "201"
+    And as "user0" file "/tmp/textfile.txt" should exist
+    Examples:
+      | email-address                  | user                 |
+      | [email protected]              | guest                |
+      | [email protected]           | john.smith           |
+      | [email protected] | betty_anne+bob-burns |
 
   @mailhog
   Scenario: A guest user can upload chunked files to a folder shared with them

tests/acceptance/features/bootstrap/GuestsContext.php

@@ -24,6 +24,7 @@
 use Behat\Behat\Context\Context;
 use Behat\Behat\Context\SnippetAcceptingContext;
 use Behat\Behat\Hook\Scope\BeforeScenarioScope;
+use PHPUnit\Framework\Assert;
 use TestHelpers\EmailHelper;
 use TestHelpers\HttpRequestHelper;
 use TestHelpers\SetupHelper;
@@ -126,7 +127,7 @@ private function setCSRFDotDisabledFromGuestsScenario($setting) {
 	 * @return string
 	 */
 	public function prepareUserNameAsFrontend($guestEmail) {
-		return \strtolower(\trim(\urldecode($guestEmail)));
+		return \str_replace('+', '%2B', \strtolower(\trim($guestEmail)));
 	}
 
 	/**
@@ -265,7 +266,7 @@ public function userCreatesAGuestUser(
 		$userName = $this->prepareUserNameAsFrontend($guestEmail);
 		$fullUrl
 			= $fullUrl
-			. "?displayName=$guestDisplayName&email=$guestEmail&username=$userName";
+			. "?displayName=$guestDisplayName&email=$userName&username=$userName";
 
 		$headers = [];
 		$headers['Content-Type'] = 'application/x-www-form-urlencoded';
@@ -382,6 +383,11 @@ public function theAdministratorCreatesAGuestUser(
 	 * @return void
 	 */
 	public function checkGuestUser($guestDisplayName) {
+		Assert::assertArrayHasKey(
+			$guestDisplayName,
+			$this->createdGuests,
+			__METHOD__ . " guest user '$guestDisplayName' has not been successfully created by this scenario"
+		);
 		$userName = $this->prepareUserNameAsFrontend(
 			$this->createdGuests[$guestDisplayName]
 		);
@@ -462,9 +468,7 @@ public function getRegistrationUrl($address) {
 	 */
 	public function registerGuestUser($guestDisplayName, $password = null) {
 		$oldCSRFSetting = $this->disableCSRFFromGuestsScenario();
-		$userName = $this->prepareUserNameAsFrontend(
-			$this->createdGuests[$guestDisplayName]
-		);
+		$userName = $this->createdGuests[$guestDisplayName];
 		$fullRegisterUrl = $this->getRegistrationUrl($userName);
 		$explodedFullRegisterUrl = \explode('/', $fullRegisterUrl);
 		$sizeOfExplodedFullRegisterUrl = \count($explodedFullRegisterUrl);

tests/acceptance/features/webUIGuests/guests.feature

@@ -28,11 +28,16 @@ Feature: Guests
     And a warning should be displayed on the set-password-page saying "The token is invalid"
 
   @mailhog @skipOnOcV10.2
-  Scenario: User uses valid email to create a guest user
+  Scenario Outline: User uses valid email to create a guest user
     Given user "user0" has been created with default attributes and skeleton files
     And user "user0" has logged in using the webUI
-    When the user shares file "data.zip" with guest user with email "[email protected]" using the webUI
-    Then user "[email protected]" should exist
+    When the user shares file "data.zip" with guest user with email "<email-address>" using the webUI
+    Then user "<email-address>" should exist
+    Examples:
+      | email-address                  |
+      | [email protected]                |
+      | [email protected]           |
+      | [email protected] |
 
   @mailhog
   Scenario: User uses some random string email to create a guest user
@@ -140,16 +145,22 @@ Feature: Guests
     Then the user should not have permission to upload or create files
 
   @mailhog
-  Scenario: Guest user is able to upload or create files inside the received share(with change permission)
+  Scenario Outline: Guest user is able to upload or create files inside the received share(with change permission)
     Given user "user0" has been created with default attributes and skeleton files
     And user "user0" has logged in using the webUI
-    When the user shares folder "simple-folder" with guest user with email "[email protected]" using the webUI
+    When the user shares folder "simple-folder" with guest user with email "<email-address>" using the webUI
     And the user logs out of the webUI
-    And guest user "[email protected]" registers with email "[email protected]" and sets password to "password" using the webUI
-    And user "[email protected]" logs in using the webUI
+    And guest user "<email-address>" registers with email "<email-address>" and sets password to "password" using the webUI
+    And user "<email-address>" logs in using the webUI
     And the user opens folder "simple-folder" using the webUI
     And the user uploads file "new-lorem.txt" using the webUI
     Then file "new-lorem.txt" should be listed on the webUI
+    And as "user0" file "/simple-folder/new-lorem.txt" should exist
+    Examples:
+      | email-address                  |
+      | [email protected]              |
+      | [email protected]           |
+      | [email protected] |
 
   @mailhog
   Scenario: Guest user tries to upload or create files inside the received share(read only permission)