dont try email login if the provider username is not a valid email

author Robin Appelman <robin@icewind.nl>

Wed, 14 Sep 2022 12:04:13 +0000 (14:04 +0200)

committer backportbot-nextcloud[bot] <backportbot-nextcloud[bot]@users.noreply.github.com>

Fri, 16 Sep 2022 13:31:53 +0000 (13:31 +0000)
author Robin Appelman <robin@icewind.nl>
Wed, 14 Sep 2022 12:04:13 +0000 (14:04 +0200)
committer backportbot-nextcloud[bot] <backportbot-nextcloud[bot]@users.noreply.github.com>
Fri, 16 Sep 2022 13:31:53 +0000 (13:31 +0000)
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php

index 7aea219b6089e42bb350f8bc5e9d687d929e228b..8f9101130780d249f2608aa6f4ed6ffee68007ff 100644 (file)
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -461,6 +461,9 @@ class Session implements IUserSession, Emitter {
                 if (!$this->login($user, $password)) {
  
                         // Failed, maybe the user used their email address
+                       if (!filter_var($user, FILTER_VALIDATE_EMAIL)) {
+                               return false;
+                       }
                         $users = $this->manager->getByEmail($user);
                         if (!(\count($users) === 1 && $this->login($users[0]->getUID(), $password))) {
                                 $this->logger->warning('Login failed: \'' . $user . '\' (Remote IP: \'' . \OC::$server->getRequest()->getRemoteAddress() . '\')', ['app' => 'core']);
author	Robin Appelman <robin@icewind.nl>
	Wed, 14 Sep 2022 12:04:13 +0000 (14:04 +0200)
committer	backportbot-nextcloud[bot] <backportbot-nextcloud[bot]@users.noreply.github.com>
	Fri, 16 Sep 2022 13:31:53 +0000 (13:31 +0000)