perf: Use more performant way to obtain and check the email as a login name with...

Signed-off-by: Julius Härtl <jus@bitgrid.net>

diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index f3282009a4dfe8b265dac8e828aad46f68604ce4..5689de3995f76a9819a33024dd4f675d0b9a545b 100644 (file)
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -456,8 +456,17 @@ class Session implements IUserSession, Emitter {
                                $this->handleLoginFailed($throttler, $currentDelay, $remoteAddress, $user, $password);
                                return false;
                        }
-                       $users = $this->manager->getByEmail($user);
-                       if (!(\count($users) === 1 && $this->login($users[0]->getUID(), $password))) {
+
+                       if ($isTokenPassword) {
+                               $dbToken = $this->tokenProvider->getToken($password);
+                               $userFromToken = $this->manager->get($dbToken->getUID());
+                               $isValidEmailLogin = $userFromToken->getEMailAddress() === $user;
+                       } else {
+                               $users = $this->manager->getByEmail($user);
+                               $isValidEmailLogin = (\count($users) === 1 && $this->login($users[0]->getUID(), $password));
+                       }
+
+                       if (!$isValidEmailLogin) {
                                $this->handleLoginFailed($throttler, $currentDelay, $remoteAddress, $user, $password);
                                return false;
                        }

diff --git a/tests/lib/User/SessionTest.php b/tests/lib/User/SessionTest.php
index d6db17d9d45cd0e466b2bb0a8b865cf2d07bce9d..3b8d75f694c0593223301af22deecf782845cb69 100644 (file)
--- a/tests/lib/User/SessionTest.php
+++ b/tests/lib/User/SessionTest.php
@@ -1110,7 +1110,7 @@ class SessionTest extends \Test\TestCase {
 
                $userSession->expects($this->once())
                        ->method('isTokenPassword')
-                       ->willReturn(true);
+                       ->willReturn(false);
                $userSession->expects($this->once())
                        ->method('login')
                        ->with('john@foo.bar', 'I-AM-AN-PASSWORD')