aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private/User
diff options
context:
space:
mode:
authorRobin Appelman <robin@icewind.nl>2020-09-21 16:13:09 +0200
committerRoeland Jago Douma <roeland@famdouma.nl>2021-01-07 10:43:43 +0100
commitc374bbf14d63a68b0f1ae88a8eb91f4ab091dc73 (patch)
tree2a10d9911e2c88523b8690270da2ffe1122ef6f0 /lib/private/User
parent2dd04f76d2b56fc71729d773e011515096b0b1d3 (diff)
downloadnextcloud-server-c374bbf14d63a68b0f1ae88a8eb91f4ab091dc73.tar.gz
nextcloud-server-c374bbf14d63a68b0f1ae88a8eb91f4ab091dc73.zip
allow authenticating using urlencoded passwords
this allows authenticating with passwords that contain non ascii-characters in contexts that otherwise do not allow it (http basic) Signed-off-by: Robin Appelman <robin@icewind.nl>
Diffstat (limited to 'lib/private/User')
-rw-r--r--lib/private/User/Manager.php14
1 files changed, 14 insertions, 0 deletions
diff --git a/lib/private/User/Manager.php b/lib/private/User/Manager.php
index 1d58c68268c..8e441e2e419 100644
--- a/lib/private/User/Manager.php
+++ b/lib/private/User/Manager.php
@@ -231,6 +231,20 @@ class Manager extends PublicEmitter implements IUserManager {
}
}
+ // since http basic auth doesn't provide a standard way of handling non ascii password we allow password to be urlencoded
+ // we only do this decoding after using the plain password fails to maintain compatibility with any password that happens
+ // to contains urlencoded patterns by "accident".
+ $password = urldecode($password);
+
+ foreach ($this->backends as $backend) {
+ if ($backend->implementsActions(Backend::CHECK_PASSWORD)) {
+ $uid = $backend->checkPassword($loginName, $password);
+ if ($uid !== false) {
+ return $this->getUserObject($uid, $backend);
+ }
+ }
+ }
+
return false;
}