diff options
| author | Vincent Petry <pvince81@owncloud.com> | 2016-10-07 16:49:57 +0200 |
|---|---|---|
| committer | Roeland Jago Douma <roeland@famdouma.nl> | 2016-10-25 09:34:27 +0200 |
| commit | 6d1e858aa4cf5c35e0396f23144caea68797f42d (patch) | |
| tree | 66550255751580b69e51aff32c10c38cf3e3d5d3 | |
| parent | 1ff328ae659de1d222030d04797442aa7a343a1d (diff) | |
| download | nextcloud-server-6d1e858aa4cf5c35e0396f23144caea68797f42d.tar.gz nextcloud-server-6d1e858aa4cf5c35e0396f23144caea68797f42d.zip | |
Fix logClientIn for non-existing users (#26292)
The check for two factor enforcement would return true for non-existing
users. This fix makes it return false in order to be able to perform
the regular login which will then fail and return false.
This prevents throwing PasswordLoginForbidden for non-existing users.
| -rw-r--r-- | lib/private/User/Session.php | 3 | ||||
| -rw-r--r-- | tests/lib/User/SessionTest.php | 26 |
2 files changed, 29 insertions, 0 deletions
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index 4b56609ccfc..a213ee48c2a 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -362,6 +362,9 @@ class Session implements IUserSession, Emitter { $user = $this->manager->get($username); if (is_null($user)) { $users = $this->manager->getByEmail($username); + if (empty($users)) { + return false; + } if (count($users) !== 1) { return true; } diff --git a/tests/lib/User/SessionTest.php b/tests/lib/User/SessionTest.php index 21ac1b655b9..614ed3d015a 100644 --- a/tests/lib/User/SessionTest.php +++ b/tests/lib/User/SessionTest.php @@ -401,6 +401,32 @@ class SessionTest extends \Test\TestCase { $userSession->logClientIn('john', 'doe', $request, $this->throttler); } + public function testLogClientInUnexist() { + $manager = $this->getMockBuilder('\OC\User\Manager') + ->disableOriginalConstructor() + ->getMock(); + $session = $this->createMock('\OCP\ISession'); + $request = $this->createMock('\OCP\IRequest'); + $user = $this->createMock('\OCP\IUser'); + + /** @var \OC\User\Session $userSession */ + $userSession = $this->getMockBuilder('\OC\User\Session') + ->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config]) + ->setMethods(['login', 'supportsCookies', 'createSessionToken', 'getUser']) + ->getMock(); + + $this->tokenProvider->expects($this->once()) + ->method('getToken') + ->with('doe') + ->will($this->throwException(new \OC\Authentication\Exceptions\InvalidTokenException())); + $this->config->expects($this->once()) + ->method('getSystemValue') + ->with('token_auth_enforced', false) + ->will($this->returnValue(false)); + + $this->assertFalse($userSession->logClientIn('unexist', 'doe', $request)); + } + public function testLogClientInWithTokenPassword() { $manager = $this->getMockBuilder('\OC\User\Manager') ->disableOriginalConstructor() |