diff options
| author | John Molakvoæ <skjnldsv@users.noreply.github.com> | 2024-08-16 15:17:27 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-08-16 15:17:27 +0200 |
| commit | d63148ee8df07233f91311d4833523292cdd93dd (patch) | |
| tree | 6801999f01e45dac58000bc7cbffd992da966975 | |
| parent | 13a72d0f0e8f9ba12df2a7f2e0f28a02f4b9ce4a (diff) | |
| parent | b1230cd53d666bb71bb87165c8b5246d5be583e4 (diff) | |
| download | nextcloud-server-d63148ee8df07233f91311d4833523292cdd93dd.tar.gz nextcloud-server-d63148ee8df07233f91311d4833523292cdd93dd.zip | |
Merge pull request #35867 from e-foundation/ldap-check-pwd-improvement
| -rw-r--r-- | apps/user_ldap/lib/User_LDAP.php | 20 | ||||
| -rw-r--r-- | apps/user_ldap/tests/User_LDAPTest.php | 4 |
2 files changed, 13 insertions, 11 deletions
diff --git a/apps/user_ldap/lib/User_LDAP.php b/apps/user_ldap/lib/User_LDAP.php index 4273563ff02..7d4cd7ca634 100644 --- a/apps/user_ldap/lib/User_LDAP.php +++ b/apps/user_ldap/lib/User_LDAP.php @@ -76,11 +76,12 @@ class User_LDAP extends BackendUtility implements IUserBackend, UserInterface, I * @return string|false * @throws \Exception */ - public function loginName2UserName($loginName) { + public function loginName2UserName($loginName, bool $forceLdapRefetch = false) { $cacheKey = 'loginName2UserName-' . $loginName; $username = $this->access->connection->getFromCache($cacheKey); - if ($username !== null) { + $ignoreCache = ($username === false && $forceLdapRefetch); + if ($username !== null && !$ignoreCache) { return $username; } @@ -95,6 +96,9 @@ class User_LDAP extends BackendUtility implements IUserBackend, UserInterface, I } $username = $user->getUsername(); $this->access->connection->writeToCache($cacheKey, $username); + if ($forceLdapRefetch) { + $user->processAttributes($ldapRecord); + } return $username; } catch (NotOnLDAP $e) { $this->access->connection->writeToCache($cacheKey, false); @@ -138,16 +142,11 @@ class User_LDAP extends BackendUtility implements IUserBackend, UserInterface, I * @return false|string */ public function checkPassword($uid, $password) { - try { - $ldapRecord = $this->getLDAPUserByLoginName($uid); - } catch (NotOnLDAP $e) { - $this->logger->debug( - $e->getMessage(), - ['app' => 'user_ldap', 'exception' => $e] - ); + $username = $this->loginName2UserName($uid, true); + if ($username === false) { return false; } - $dn = $ldapRecord['dn'][0]; + $dn = $this->access->username2dn($username); $user = $this->access->userManager->get($dn); if (!$user instanceof User) { @@ -165,7 +164,6 @@ class User_LDAP extends BackendUtility implements IUserBackend, UserInterface, I } $this->access->cacheUserExists($user->getUsername()); - $user->processAttributes($ldapRecord); $user->markLogin(); return $user->getUsername(); diff --git a/apps/user_ldap/tests/User_LDAPTest.php b/apps/user_ldap/tests/User_LDAPTest.php index 030e44cc34d..227f13e8538 100644 --- a/apps/user_ldap/tests/User_LDAPTest.php +++ b/apps/user_ldap/tests/User_LDAPTest.php @@ -149,6 +149,10 @@ class User_LDAPTest extends TestCase { ->with($this->equalTo('dnOfRoland,dc=test')) ->willReturn($retVal); $this->access->expects($this->any()) + ->method('username2dn') + ->with($this->equalTo('gunslinger')) + ->willReturn('dnOfRoland,dc=test'); + $this->access->expects($this->any()) ->method('stringResemblesDN') ->with($this->equalTo('dnOfRoland,dc=test')) ->willReturn(true); |