From 298d2b9b58724dea3ef595c52fc8b1dd24873cdd Mon Sep 17 00:00:00 2001 From: =?utf8?q?Julius=20H=C3=A4rtl?= Date: Tue, 25 Oct 2022 15:38:31 +0200 Subject: [PATCH] Skip general login with email for non-valid addresses and LDAP MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Signed-off-by: Julius Härtl --- .../Authentication/Login/EmailLoginCommand.php | 12 ++++++++++++ .../Authentication/Login/EmailLoginCommandTest.php | 5 +++-- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/lib/private/Authentication/Login/EmailLoginCommand.php b/lib/private/Authentication/Login/EmailLoginCommand.php index e2e55cc12c8..7145ab9e14f 100644 --- a/lib/private/Authentication/Login/EmailLoginCommand.php +++ b/lib/private/Authentication/Login/EmailLoginCommand.php @@ -38,9 +38,21 @@ class EmailLoginCommand extends ALoginCommand { public function process(LoginData $loginData): LoginResult { if ($loginData->getUser() === false) { + if (!filter_var($loginData->getUsername(), FILTER_VALIDATE_EMAIL)) { + return $this->processNextOrFinishSuccessfully($loginData); + } + $users = $this->userManager->getByEmail($loginData->getUsername()); // we only allow login by email if unique if (count($users) === 1) { + + // FIXME: This is a workaround to still stick to configured LDAP login filters + // this can be removed once the email login is properly implemented in the local user backend + // as described in https://github.com/nextcloud/server/issues/5221 + if ($users[0]->getBackendClassName() === 'LDAP') { + return $this->processNextOrFinishSuccessfully($loginData); + } + $username = $users[0]->getUID(); if ($username !== $loginData->getUsername()) { $user = $this->userManager->checkPassword( diff --git a/tests/lib/Authentication/Login/EmailLoginCommandTest.php b/tests/lib/Authentication/Login/EmailLoginCommandTest.php index 9de372148b9..0e70c40a1df 100644 --- a/tests/lib/Authentication/Login/EmailLoginCommandTest.php +++ b/tests/lib/Authentication/Login/EmailLoginCommandTest.php @@ -55,7 +55,7 @@ class EmailLoginCommandTest extends ALoginCommandTest { public function testProcessNotAnEmailLogin() { $data = $this->getFailedLoginData(); - $this->userManager->expects($this->once()) + $this->userManager->expects($this->never()) ->method('getByEmail') ->with($this->username) ->willReturn([]); @@ -67,9 +67,10 @@ class EmailLoginCommandTest extends ALoginCommandTest { public function testProcessDuplicateEmailLogin() { $data = $this->getFailedLoginData(); + $data->setUsername('user@example.com'); $this->userManager->expects($this->once()) ->method('getByEmail') - ->with($this->username) + ->with('user@example.com') ->willReturn([ $this->createMock(IUser::class), $this->createMock(IUser::class), -- 2.39.5