fix(MailQueueHandler): check enable_email toggle before sending queued emails

The admin Enable notification emails toggle was only checked when queuing
new emails. The sendEmails() background job had no knowledge of it and
would send all queued entries regardless.

Adds an early-return guard using IAppConfig::getValueString() at the top
of sendEmails(), consistent with the checks in UserSettings. The queue is
left intact so pending notifications can be delivered if the admin
re-enables emails.

AI-Assisted-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: Anna Larch <anna@nextcloud.com>

Author: miaulalala

.github/workflows/npm-audit-fix.yml

@@ -67,22 +67,6 @@ jobs:
           npm ci
           npm run build --if-present
 
-      - name: Generate PR body
-        if: steps.checkout.outcome == 'success'
-        run: |
-          {
-            printf '%s\n\n' "$NPM_AUDIT_MARKDOWN"
-            echo '## Full `npm audit` report'
-            echo ''
-            echo '```'
-            npm audit 2>&1 || true
-            echo '```'
-            echo ''
-            echo "**Node.js:** $(node --version) | **npm:** $(npm --version) | **Branch:** ${{ matrix.branches }}"
-          } > pr-body.md
-        env:
-          NPM_AUDIT_MARKDOWN: ${{ steps.npm-audit.outputs.markdown }}
-
       - name: Create Pull Request
         if: steps.checkout.outcome == 'success'
         uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1
@@ -94,7 +78,7 @@ jobs:
           signoff: true
           branch: automated/noid/${{ matrix.branches }}-fix-npm-audit
           title: '[${{ matrix.branches }}] Fix npm audit'
-          body-path: pr-body.md
+          body: ${{ steps.npm-audit.outputs.markdown }}
           labels: |
             dependencies
             3. to review

composer.lock

@@ -51,7 +51,6 @@ OC.L10N.register(
     "Loading activities" : "Caricamento delle attività",
     "This stream will show events like additions, changes & shares" : "Questo flusso mostrerà gli eventi come aggiunte, cambiamenti e condivisioni",
     "No activity yet" : "Ancora nessuna attività",
-    "New activities" : "Nuove attività",
     "Loading more activities" : "Caricamento di altre attività",
     "No more activities." : "Nessun'altra attività.",
     "Could not enable RSS link" : "Impossibile attivare il collegamento RSS",

l10n/it.js

@@ -49,7 +49,6 @@
     "Loading activities" : "Caricamento delle attività",
     "This stream will show events like additions, changes & shares" : "Questo flusso mostrerà gli eventi come aggiunte, cambiamenti e condivisioni",
     "No activity yet" : "Ancora nessuna attività",
-    "New activities" : "Nuove attività",
     "Loading more activities" : "Caricamento di altre attività",
     "No more activities." : "Nessun'altra attività.",
     "Could not enable RSS link" : "Impossibile attivare il collegamento RSS",

l10n/it.json

@@ -31,6 +31,7 @@
 use OCP\AppFramework\Bootstrap\IBootstrap;
 use OCP\AppFramework\Bootstrap\IRegistrationContext;
 use OCP\DB\Events\AddMissingIndicesEvent;
+use OCP\IAppConfig;
 use OCP\IConfig;
 use OCP\IDateTimeFormatter;
 use OCP\IDBConnection;
@@ -117,6 +118,7 @@ public function register(IRegistrationContext $context): void {
 				$c->get(IFactory::class),
 				$c->get(IManager::class),
 				$c->get(IValidator::class),
+				$c->get(IAppConfig::class),
 				$c->get(IConfig::class),
 				$c->get(LoggerInterface::class),
 				$c->get(Data::class),

lib/AppInfo/Application.php

@@ -28,14 +28,29 @@
 use OCP\Notification\IManager as INotificationManager;
 
 class APIv2Controller extends OCSController {
-	protected string $filter = 'all';
-	protected int $since = 0;
-	protected int $limit = 50;
-	protected string $sort = 'desc';
-	protected string $objectType = '';
-	protected int $objectId = 0;
-	protected string $user = '';
-	protected bool $loadPreviews = false;
+	/** @var string */
+	protected $filter;
+
+	/** @var int */
+	protected $since;
+
+	/** @var int */
+	protected $limit;
+
+	/** @var string */
+	protected $sort;
+
+	/** @var string */
+	protected $objectType;
+
+	/** @var int */
+	protected $objectId;
+
+	/** @var string */
+	protected $user;
+
+	/** @var bool */
+	protected $loadPreviews;
 
 	public function __construct(
 		$appName,
@@ -56,19 +71,26 @@ public function __construct(
 	}
 
 	/**
+	 * @param string $filter
+	 * @param int $since
+	 * @param int $limit
+	 * @param bool $previews
+	 * @param string $objectType
+	 * @param int $objectId
+	 * @param string $sort
 	 * @throws InvalidFilterException when the filter is invalid
 	 * @throws \OutOfBoundsException when no user is given
 	 */
-	protected function validateParameters(string $filter, int $since, int $limit, bool $previews, string $objectType, int $objectId, string $sort): void {
-		$this->filter = $filter;
+	protected function validateParameters($filter, $since, $limit, $previews, $objectType, $objectId, $sort) {
+		$this->filter = \is_string($filter) ? $filter : 'all';
 		if ($this->filter !== $this->data->validateFilter($this->filter)) {
 			throw new InvalidFilterException('Invalid filter');
 		}
-		$this->since = $since;
-		$this->limit = $limit;
-		$this->loadPreviews = $previews;
-		$this->objectType = $objectType;
-		$this->objectId = $objectId;
+		$this->since = (int)$since;
+		$this->limit = (int)$limit;
+		$this->loadPreviews = (bool)$previews;
+		$this->objectType = (string)$objectType;
+		$this->objectId = (int)$objectId;
 		$this->sort = \in_array($sort, ['asc', 'desc'], true) ? $sort : 'desc';
 
 		if (($this->objectType !== '' && $this->objectId === 0) || ($this->objectType === '' && $this->objectId !== 0)) {
@@ -88,15 +110,32 @@ protected function validateParameters(string $filter, int $since, int $limit, bo
 
 	/**
 	 * @NoAdminRequired
+	 *
+	 * @param int $since
+	 * @param int $limit
+	 * @param bool $previews
+	 * @param string $object_type
+	 * @param int $object_id
+	 * @param string $sort
+	 * @return DataResponse
 	 */
-	public function getDefault(int $since = 0, int $limit = 50, bool $previews = false, string $object_type = '', int $object_id = 0, string $sort = 'desc'): DataResponse {
+	public function getDefault($since = 0, $limit = 50, $previews = false, $object_type = '', $object_id = 0, $sort = 'desc'): DataResponse {
 		return $this->get('all', $since, $limit, $previews, $object_type, $object_id, $sort);
 	}
 
 	/**
 	 * @NoAdminRequired
+	 *
+	 * @param string $filter
+	 * @param int $since
+	 * @param int $limit
+	 * @param bool $previews
+	 * @param string $object_type
+	 * @param int $object_id
+	 * @param string $sort
+	 * @return DataResponse
 	 */
-	public function getFilter(string $filter, int $since = 0, int $limit = 50, bool $previews = false, string $object_type = '', int $object_id = 0, string $sort = 'desc'): DataResponse {
+	public function getFilter($filter, $since = 0, $limit = 50, $previews = false, $object_type = '', $object_id = 0, $sort = 'desc'): DataResponse {
 		return $this->get($filter, $since, $limit, $previews, $object_type, $object_id, $sort);
 	}
 
@@ -152,7 +191,17 @@ public function listFilters(): DataResponse {
 		return new DataResponse($filters);
 	}
 
-	protected function get(string $filter, int $since, int $limit, bool $previews, string $filterObjectType, int $filterObjectId, string $sort): DataResponse {
+	/**
+	 * @param string $filter
+	 * @param int $since
+	 * @param int $limit
+	 * @param bool $previews
+	 * @param string $filterObjectType
+	 * @param int $filterObjectId
+	 * @param string $sort
+	 * @return DataResponse
+	 */
+	protected function get($filter, $since, $limit, $previews, $filterObjectType, $filterObjectId, $sort): DataResponse {
 		try {
 			$this->validateParameters($filter, $since, $limit, $previews, $filterObjectType, $filterObjectId, $sort);
 		} catch (InvalidFilterException $e) {

lib/Controller/APIv2Controller.php

@@ -226,7 +226,7 @@ public function storeMail(IEvent $event, int $latestSendTime): bool {
 	 * @return array
 	 *
 	 */
-	public function get(GroupHelper $groupHelper, UserSettings $userSettings, string $user, int $since, int $limit, string $sort, string $filter, string $objectType = '', int $objectId = 0, bool $returnEvents = false): array {
+	public function get(GroupHelper $groupHelper, UserSettings $userSettings, $user, $since, $limit, $sort, $filter, $objectType = '', $objectId = 0, bool $returnEvents = false) {
 		// get current user
 		if ($user === '') {
 			throw new \OutOfBoundsException('Invalid user', 1);
@@ -323,39 +323,36 @@ public function get(GroupHelper $groupHelper, UserSettings $userSettings, string
 	 *
 	 * @throws \OutOfBoundsException If $since is not owned by $user
 	 */
-	protected function setOffsetFromSince(IQueryBuilder $query, string $user, int $since, string $sort): array {
-		if (!$since) {
-			return $this->getFirstKnownActivityHeader($user, $sort);
-		}
-
-		$queryBuilder = $this->connection->getQueryBuilder();
-		$queryBuilder->select(['affecteduser', 'timestamp'])
-			->from('activity')
-			->where($queryBuilder->expr()->eq('activity_id', $queryBuilder->createNamedParameter($since)));
-		$result = $queryBuilder->executeQuery();
-		$activity = $result->fetch();
-		$result->closeCursor();
-
-		if (!$activity) {
-			return $this->getFirstKnownActivityHeader($user, $sort);
-		}
-
-		if ($activity['affecteduser'] !== $user) {
-			throw new \OutOfBoundsException('Invalid since', 2);
-		}
-
-		$timestamp = (int)$activity['timestamp'];
-		if ($sort === 'DESC') {
-			$query->andWhere($query->expr()->lte('timestamp', $query->createNamedParameter($timestamp)));
-			$query->andWhere($query->expr()->lt('activity_id', $query->createNamedParameter($since)));
-		} else {
-			$query->andWhere($query->expr()->gte('timestamp', $query->createNamedParameter($timestamp)));
-			$query->andWhere($query->expr()->gt('activity_id', $query->createNamedParameter($since)));
+	protected function setOffsetFromSince(IQueryBuilder $query, $user, $since, $sort) {
+		if ($since) {
+			$queryBuilder = $this->connection->getQueryBuilder();
+			$queryBuilder->select(['affecteduser', 'timestamp'])
+				->from('activity')
+				->where($queryBuilder->expr()->eq('activity_id', $queryBuilder->createNamedParameter((int)$since)));
+			$result = $queryBuilder->executeQuery();
+			$activity = $result->fetch();
+			$result->closeCursor();
+
+			if ($activity) {
+				if ($activity['affecteduser'] !== $user) {
+					throw new \OutOfBoundsException('Invalid since', 2);
+				}
+				$timestamp = (int)$activity['timestamp'];
+
+				if ($sort === 'DESC') {
+					$query->andWhere($query->expr()->lte('timestamp', $query->createNamedParameter($timestamp)));
+					$query->andWhere($query->expr()->lt('activity_id', $query->createNamedParameter($since)));
+				} else {
+					$query->andWhere($query->expr()->gte('timestamp', $query->createNamedParameter($timestamp)));
+					$query->andWhere($query->expr()->gt('activity_id', $query->createNamedParameter($since)));
+				}
+				return [];
+			}
 		}
-		return [];
-	}
 
-	private function getFirstKnownActivityHeader(string $user, string $sort): array {
+		/**
+		 * Couldn't find the since, so find the oldest one and set the header
+		 */
 		$fetchQuery = $this->connection->getQueryBuilder();
 		$fetchQuery->select('activity_id')
 			->from('activity')
@@ -367,8 +364,11 @@ private function getFirstKnownActivityHeader(string $user, string $sort): array
 		$result->closeCursor();
 
 		if ($activity !== false) {
-			return ['X-Activity-First-Known' => (int)$activity['activity_id']];
+			return [
+				'X-Activity-First-Known' => (int)$activity['activity_id'],
+			];
 		}
+
 		return [];
 	}
 

lib/Data.php

@@ -82,10 +82,10 @@ public function fileCreate($path) {
 			return;
 		}
 
-		if ($this->currentUser->getUserIdentifier() === '' && $this->currentUser->isPublicShareToken()) {
-			$this->addNotificationsForFileAction($path, Files_Sharing::TYPE_PUBLIC_UPLOAD, '', 'created_public');
-		} else {
+		if ($this->currentUser->getUserIdentifier() !== '' || !$this->currentUser->isPublicShareToken()) {
 			$this->addNotificationsForFileAction($path, Files::TYPE_SHARE_CREATED, 'created_self', 'created_by');
+		} else {
+			$this->addNotificationsForFileAction($path, Files_Sharing::TYPE_PUBLIC_UPLOAD, '', 'created_public');
 		}
 	}
 
@@ -807,15 +807,14 @@ protected function shareWithTeam(string $shareWith, Node $fileSource, string $fi
 	 * @throws \OCP\Files\NotFoundException
 	 */
 	public function unShare(IShare $share) {
-		if (!in_array($share->getNodeType(), ['file', 'folder'], true) || $this->isDeletedNode($share->getShareOwner(), $share->getNodeId())) {
-			return;
-		}
-		if ($share->getShareType() === IShare::TYPE_USER) {
-			$this->unshareFromUser($share);
-		} elseif ($share->getShareType() === IShare::TYPE_GROUP) {
-			$this->unshareFromGroup($share);
-		} elseif ($share->getShareType() === IShare::TYPE_LINK) {
-			$this->unshareLink($share);
+		if (in_array($share->getNodeType(), ['file', 'folder'], true) && !$this->isDeletedNode($share->getShareOwner(), $share->getNodeId())) {
+			if ($share->getShareType() === IShare::TYPE_USER) {
+				$this->unshareFromUser($share);
+			} elseif ($share->getShareType() === IShare::TYPE_GROUP) {
+				$this->unshareFromGroup($share);
+			} elseif ($share->getShareType() === IShare::TYPE_LINK) {
+				$this->unshareLink($share);
+			}
 		}
 	}
 
@@ -826,13 +825,12 @@ public function unShare(IShare $share) {
 	 * @throws \OCP\Files\NotFoundException
 	 */
 	public function unShareSelf(IShare $share) {
-		if (!in_array($share->getNodeType(), ['file', 'folder'], true)) {
-			return;
-		}
-		if ($share->getShareType() === IShare::TYPE_GROUP) {
-			$this->unshareFromSelfGroup($share);
-		} elseif ($share->getShareType() === IShare::TYPE_USER) {
-			$this->unshareFromUser($share);
+		if (in_array($share->getNodeType(), ['file', 'folder'], true)) {
+			if ($share->getShareType() === IShare::TYPE_GROUP) {
+				$this->unshareFromSelfGroup($share);
+			} elseif ($share->getShareType() === IShare::TYPE_USER) {
+				$this->unshareFromUser($share);
+			}
 		}
 	}