summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJulius Härtl <jus@bitgrid.net>2024-01-11 11:53:13 +0100
committerGitHub <noreply@github.com>2024-01-11 11:53:13 +0100
commit84df0c33a2c5ba29d5b994ba71a1a5af6a0bad65 (patch)
tree1604b8ac3bacf2e9a3606c71da74b83ab1c8acac
parent6200c281e319dac917759271a76a9f35bac4201a (diff)
parent5fc6fb0d20d22d750b53b19ef54e3dc5d79489c5 (diff)
downloadnextcloud-server-84df0c33a2c5ba29d5b994ba71a1a5af6a0bad65.tar.gz
nextcloud-server-84df0c33a2c5ba29d5b994ba71a1a5af6a0bad65.zip
Merge pull request #42652 from nextcloud/backport/42651/stable27
[stable27] perf: Use more performant way to obtain and check the email as a login name with token login
-rw-r--r--lib/private/AllConfig.php13
-rw-r--r--lib/private/User/Session.php13
-rw-r--r--tests/lib/User/SessionTest.php2
3 files changed, 23 insertions, 5 deletions
diff --git a/lib/private/AllConfig.php b/lib/private/AllConfig.php
index 2a0e8f53b14..92178d64635 100644
--- a/lib/private/AllConfig.php
+++ b/lib/private/AllConfig.php
@@ -32,6 +32,7 @@
*/
namespace OC;
+use Doctrine\DBAL\Platforms\OraclePlatform;
use OCP\Cache\CappedMemoryCache;
use OCP\DB\QueryBuilder\IQueryBuilder;
use OCP\IConfig;
@@ -490,12 +491,15 @@ class AllConfig implements IConfig {
$this->fixDIInit();
$qb = $this->connection->getQueryBuilder();
+ $configValueColumn = ($this->connection->getDatabasePlatform() instanceof OraclePlatform)
+ ? $qb->expr()->castColumn('configvalue', IQueryBuilder::PARAM_STR)
+ : 'configvalue';
$result = $qb->select('userid')
->from('preferences')
->where($qb->expr()->eq('appid', $qb->createNamedParameter($appName, IQueryBuilder::PARAM_STR)))
->andWhere($qb->expr()->eq('configkey', $qb->createNamedParameter($key, IQueryBuilder::PARAM_STR)))
->andWhere($qb->expr()->eq(
- $qb->expr()->castColumn('configvalue', IQueryBuilder::PARAM_STR),
+ $configValueColumn,
$qb->createNamedParameter($value, IQueryBuilder::PARAM_STR))
)->orderBy('userid')
->executeQuery();
@@ -524,13 +528,18 @@ class AllConfig implements IConfig {
// Email address is always stored lowercase in the database
return $this->getUsersForUserValue($appName, $key, strtolower($value));
}
+
$qb = $this->connection->getQueryBuilder();
+ $configValueColumn = ($this->connection->getDatabasePlatform() instanceof OraclePlatform)
+ ? $qb->expr()->castColumn('configvalue', IQueryBuilder::PARAM_STR)
+ : 'configvalue';
+
$result = $qb->select('userid')
->from('preferences')
->where($qb->expr()->eq('appid', $qb->createNamedParameter($appName, IQueryBuilder::PARAM_STR)))
->andWhere($qb->expr()->eq('configkey', $qb->createNamedParameter($key, IQueryBuilder::PARAM_STR)))
->andWhere($qb->expr()->eq(
- $qb->func()->lower($qb->expr()->castColumn('configvalue', IQueryBuilder::PARAM_STR)),
+ $qb->func()->lower($configValueColumn),
$qb->createNamedParameter(strtolower($value), IQueryBuilder::PARAM_STR))
)->orderBy('userid')
->executeQuery();
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index b607a6441a4..de4d1f63b9e 100644
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -455,8 +455,17 @@ class Session implements IUserSession, Emitter {
$this->handleLoginFailed($throttler, $currentDelay, $remoteAddress, $user, $password);
return false;
}
- $users = $this->manager->getByEmail($user);
- if (!(\count($users) === 1 && $this->login($users[0]->getUID(), $password))) {
+
+ if ($isTokenPassword) {
+ $dbToken = $this->tokenProvider->getToken($password);
+ $userFromToken = $this->manager->get($dbToken->getUID());
+ $isValidEmailLogin = $userFromToken->getEMailAddress() === $user;
+ } else {
+ $users = $this->manager->getByEmail($user);
+ $isValidEmailLogin = (\count($users) === 1 && $this->login($users[0]->getUID(), $password));
+ }
+
+ if (!$isValidEmailLogin) {
$this->handleLoginFailed($throttler, $currentDelay, $remoteAddress, $user, $password);
return false;
}
diff --git a/tests/lib/User/SessionTest.php b/tests/lib/User/SessionTest.php
index 2af48d8330c..7bf93e68518 100644
--- a/tests/lib/User/SessionTest.php
+++ b/tests/lib/User/SessionTest.php
@@ -1118,7 +1118,7 @@ class SessionTest extends \Test\TestCase {
$userSession->expects($this->once())
->method('isTokenPassword')
- ->willReturn(true);
+ ->willReturn(false);
$userSession->expects($this->once())
->method('login')
->with('john@foo.bar', 'I-AM-AN-PASSWORD')