Merge pull request #41927 from nextcloud/perf/login-with-email-token

5 files changed, 38 insertions, 5 deletions

diff --git a/core/Application.php b/core/Application.php
index 2ad8b9f2a30..b033ea70871 100644
--- a/core/Application.php
+++ b/core/Application.php
@@ -44,6 +44,7 @@ use OC\Authentication\Listeners\UserDeletedWebAuthnCleanupListener;
 use OC\Authentication\Notifications\Notifier as AuthenticationNotifier;
 use OC\Core\Listener\BeforeTemplateRenderedListener;
 use OC\Core\Notification\CoreNotifier;
+use OC\SystemConfig;
 use OC\TagManager;
 use OCP\AppFramework\App;
 use OCP\AppFramework\Http\Events\BeforeLoginTemplateRenderedEvent;
@@ -81,6 +82,7 @@ class Application extends App {
 		$notificationManager->registerNotifierService(AuthenticationNotifier::class);
 
 		$eventDispatcher->addListener(AddMissingIndicesEvent::class, function (AddMissingIndicesEvent $event) {
+			$dbType = $this->getContainer()->get(SystemConfig::class)->getSystemValue('dbtype', 'sqlite');
 			$event->addMissingIndex(
 				'share',
 				'share_with_index',
@@ -237,6 +239,15 @@ class Application extends App {
 				['appid', 'configkey']
 			);
 
+			if ($dbType !== 'oci') {
+				$event->addMissingIndex(
+					'preferences',
+					'preferences_configvalue',
+					['configvalue'],
+					['lengths' => [80]]
+				);
+			}
+
 			$event->addMissingIndex(
 				'mounts',
 				'mounts_class_index',
diff --git a/core/Migrations/Version13000Date20170718121200.php b/core/Migrations/Version13000Date20170718121200.php
index da83b0732d8..b4968e06397 100644
--- a/core/Migrations/Version13000Date20170718121200.php
+++ b/core/Migrations/Version13000Date20170718121200.php
@@ -31,6 +31,7 @@
  */
 namespace OC\Core\Migrations;
 
+use Doctrine\DBAL\Platforms\OraclePlatform;
 use Doctrine\DBAL\Platforms\PostgreSQL94Platform;
 use OCP\DB\ISchemaWrapper;
 use OCP\DB\Types;
@@ -332,6 +333,9 @@ class Version13000Date20170718121200 extends SimpleMigrationStep {
 			]);
 			$table->setPrimaryKey(['userid', 'appid', 'configkey']);
 			$table->addIndex(['appid', 'configkey'], 'preferences_app_key');
+			if (!$this->connection->getDatabasePlatform() instanceof OraclePlatform) {
+				$table->addIndex(['configvalue'], 'preferences_configvalue', [], ['lengths' => [80]]);
+			}
 		}
 
 		if (!$schema->hasTable('properties')) {
diff --git a/lib/private/AllConfig.php b/lib/private/AllConfig.php
index 2a0e8f53b14..92178d64635 100644
--- a/lib/private/AllConfig.php
+++ b/lib/private/AllConfig.php
@@ -32,6 +32,7 @@
  */
 namespace OC;
 
+use Doctrine\DBAL\Platforms\OraclePlatform;
 use OCP\Cache\CappedMemoryCache;
 use OCP\DB\QueryBuilder\IQueryBuilder;
 use OCP\IConfig;
@@ -490,12 +491,15 @@ class AllConfig implements IConfig {
 		$this->fixDIInit();
 
 		$qb = $this->connection->getQueryBuilder();
+		$configValueColumn = ($this->connection->getDatabasePlatform() instanceof OraclePlatform)
+			? $qb->expr()->castColumn('configvalue', IQueryBuilder::PARAM_STR)
+			: 'configvalue';
 		$result = $qb->select('userid')
 			->from('preferences')
 			->where($qb->expr()->eq('appid', $qb->createNamedParameter($appName, IQueryBuilder::PARAM_STR)))
 			->andWhere($qb->expr()->eq('configkey', $qb->createNamedParameter($key, IQueryBuilder::PARAM_STR)))
 			->andWhere($qb->expr()->eq(
-				$qb->expr()->castColumn('configvalue', IQueryBuilder::PARAM_STR),
+				$configValueColumn,
 				$qb->createNamedParameter($value, IQueryBuilder::PARAM_STR))
 			)->orderBy('userid')
 			->executeQuery();
@@ -524,13 +528,18 @@ class AllConfig implements IConfig {
 			// Email address is always stored lowercase in the database
 			return $this->getUsersForUserValue($appName, $key, strtolower($value));
 		}
+
 		$qb = $this->connection->getQueryBuilder();
+		$configValueColumn = ($this->connection->getDatabasePlatform() instanceof OraclePlatform)
+			? $qb->expr()->castColumn('configvalue', IQueryBuilder::PARAM_STR)
+			: 'configvalue';
+
 		$result = $qb->select('userid')
 			->from('preferences')
 			->where($qb->expr()->eq('appid', $qb->createNamedParameter($appName, IQueryBuilder::PARAM_STR)))
 			->andWhere($qb->expr()->eq('configkey', $qb->createNamedParameter($key, IQueryBuilder::PARAM_STR)))
 			->andWhere($qb->expr()->eq(
-				$qb->func()->lower($qb->expr()->castColumn('configvalue', IQueryBuilder::PARAM_STR)),
+				$qb->func()->lower($configValueColumn),
 				$qb->createNamedParameter(strtolower($value), IQueryBuilder::PARAM_STR))
 			)->orderBy('userid')
 			->executeQuery();
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index f3282009a4d..5689de3995f 100644
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -456,8 +456,17 @@ class Session implements IUserSession, Emitter {
 				$this->handleLoginFailed($throttler, $currentDelay, $remoteAddress, $user, $password);
 				return false;
 			}
-			$users = $this->manager->getByEmail($user);
-			if (!(\count($users) === 1 && $this->login($users[0]->getUID(), $password))) {
+
+			if ($isTokenPassword) {
+				$dbToken = $this->tokenProvider->getToken($password);
+				$userFromToken = $this->manager->get($dbToken->getUID());
+				$isValidEmailLogin = $userFromToken->getEMailAddress() === $user;
+			} else {
+				$users = $this->manager->getByEmail($user);
+				$isValidEmailLogin = (\count($users) === 1 && $this->login($users[0]->getUID(), $password));
+			}
+
+			if (!$isValidEmailLogin) {
 				$this->handleLoginFailed($throttler, $currentDelay, $remoteAddress, $user, $password);
 				return false;
 			}
diff --git a/tests/lib/User/SessionTest.php b/tests/lib/User/SessionTest.php
index d6db17d9d45..3b8d75f694c 100644
--- a/tests/lib/User/SessionTest.php
+++ b/tests/lib/User/SessionTest.php
@@ -1110,7 +1110,7 @@ class SessionTest extends \Test\TestCase {
 
 		$userSession->expects($this->once())
 			->method('isTokenPassword')
-			->willReturn(true);
+			->willReturn(false);
 		$userSession->expects($this->once())
 			->method('login')
 			->with('john@foo.bar', 'I-AM-AN-PASSWORD')