diff options
author | Robin Appelman <robin@icewind.nl> | 2020-09-21 16:13:09 +0200 |
---|---|---|
committer | Roeland Jago Douma <roeland@famdouma.nl> | 2021-01-07 10:43:43 +0100 |
commit | c374bbf14d63a68b0f1ae88a8eb91f4ab091dc73 (patch) | |
tree | 2a10d9911e2c88523b8690270da2ffe1122ef6f0 /lib/private/User | |
parent | 2dd04f76d2b56fc71729d773e011515096b0b1d3 (diff) | |
download | nextcloud-server-c374bbf14d63a68b0f1ae88a8eb91f4ab091dc73.tar.gz nextcloud-server-c374bbf14d63a68b0f1ae88a8eb91f4ab091dc73.zip |
allow authenticating using urlencoded passwords
this allows authenticating with passwords that contain non ascii-characters in contexts that otherwise do not allow it (http basic)
Signed-off-by: Robin Appelman <robin@icewind.nl>
Diffstat (limited to 'lib/private/User')
-rw-r--r-- | lib/private/User/Manager.php | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/lib/private/User/Manager.php b/lib/private/User/Manager.php index 1d58c68268c..8e441e2e419 100644 --- a/lib/private/User/Manager.php +++ b/lib/private/User/Manager.php @@ -231,6 +231,20 @@ class Manager extends PublicEmitter implements IUserManager { } } + // since http basic auth doesn't provide a standard way of handling non ascii password we allow password to be urlencoded + // we only do this decoding after using the plain password fails to maintain compatibility with any password that happens + // to contains urlencoded patterns by "accident". + $password = urldecode($password); + + foreach ($this->backends as $backend) { + if ($backend->implementsActions(Backend::CHECK_PASSWORD)) { + $uid = $backend->checkPassword($loginName, $password); + if ($uid !== false) { + return $this->getUserObject($uid, $backend); + } + } + } + return false; } |