fix: Move login via email logic to local backendfix/move-email-logic-local-user-backend

Backends can decide which names they accept for login,
e.g. with user_ldap you can configure arbitrary login fields.
This was a hacky approach to allow login via email,
so instead this is now only handled by the local user backend.

This also fixes some other related problems:
Other logic relys on `backend::get()` which was not handling email,
so e.g. password policy could not block users logged in via email
if they use out-dated passwords.
Similar for other integrations, as the user backend was not consistent with
what is a login name and what not.

Co-authored-by: Ferdinand Thiessen <opensource@fthiessen.de>
Co-authored-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>

2 files changed, 0 insertions, 55 deletions

diff --git a/lib/private/Authentication/Login/Chain.php b/lib/private/Authentication/Login/Chain.php
index 09030a154a6..fc90d9225a7 100644
--- a/lib/private/Authentication/Login/Chain.php
+++ b/lib/private/Authentication/Login/Chain.php
@@ -13,7 +13,6 @@ class Chain {
 		private PreLoginHookCommand $preLoginHookCommand,
 		private UserDisabledCheckCommand $userDisabledCheckCommand,
 		private UidLoginCommand $uidLoginCommand,
-		private EmailLoginCommand $emailLoginCommand,
 		private LoggedInCheckCommand $loggedInCheckCommand,
 		private CompleteLoginCommand $completeLoginCommand,
 		private CreateSessionTokenCommand $createSessionTokenCommand,
@@ -31,7 +30,6 @@ class Chain {
 		$chain
 			->setNext($this->userDisabledCheckCommand)
 			->setNext($this->uidLoginCommand)
-			->setNext($this->emailLoginCommand)
 			->setNext($this->loggedInCheckCommand)
 			->setNext($this->completeLoginCommand)
 			->setNext($this->flowV2EphemeralSessionsCommand)
diff --git a/lib/private/Authentication/Login/EmailLoginCommand.php b/lib/private/Authentication/Login/EmailLoginCommand.php
deleted file mode 100644
index 96cb39277fd..00000000000
--- a/lib/private/Authentication/Login/EmailLoginCommand.php
+++ /dev/null
@@ -1,53 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-/**
- * SPDX-FileCopyrightText: 2019 Nextcloud GmbH and Nextcloud contributors
- * SPDX-License-Identifier: AGPL-3.0-or-later
- */
-namespace OC\Authentication\Login;
-
-use OCP\IUserManager;
-
-class EmailLoginCommand extends ALoginCommand {
-	/** @var IUserManager */
-	private $userManager;
-
-	public function __construct(IUserManager $userManager) {
-		$this->userManager = $userManager;
-	}
-
-	public function process(LoginData $loginData): LoginResult {
-		if ($loginData->getUser() === false) {
-			if (!filter_var($loginData->getUsername(), FILTER_VALIDATE_EMAIL)) {
-				return $this->processNextOrFinishSuccessfully($loginData);
-			}
-
-			$users = $this->userManager->getByEmail($loginData->getUsername());
-			// we only allow login by email if unique
-			if (count($users) === 1) {
-				// FIXME: This is a workaround to still stick to configured LDAP login filters
-				// this can be removed once the email login is properly implemented in the local user backend
-				// as described in https://github.com/nextcloud/server/issues/5221
-				if ($users[0]->getBackendClassName() === 'LDAP') {
-					return $this->processNextOrFinishSuccessfully($loginData);
-				}
-
-				$username = $users[0]->getUID();
-				if ($username !== $loginData->getUsername()) {
-					$user = $this->userManager->checkPassword(
-						$username,
-						$loginData->getPassword()
-					);
-					if ($user !== false) {
-						$loginData->setUser($user);
-						$loginData->setUsername($username);
-					}
-				}
-			}
-		}
-
-		return $this->processNextOrFinishSuccessfully($loginData);
-	}
-}