diff options
| -rw-r--r-- | lib/private/User/Session.php | 13 | ||||
| -rw-r--r-- | tests/lib/User/SessionTest.php | 2 |
2 files changed, 12 insertions, 3 deletions
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index f3282009a4d..5689de3995f 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -456,8 +456,17 @@ class Session implements IUserSession, Emitter { $this->handleLoginFailed($throttler, $currentDelay, $remoteAddress, $user, $password); return false; } - $users = $this->manager->getByEmail($user); - if (!(\count($users) === 1 && $this->login($users[0]->getUID(), $password))) { + + if ($isTokenPassword) { + $dbToken = $this->tokenProvider->getToken($password); + $userFromToken = $this->manager->get($dbToken->getUID()); + $isValidEmailLogin = $userFromToken->getEMailAddress() === $user; + } else { + $users = $this->manager->getByEmail($user); + $isValidEmailLogin = (\count($users) === 1 && $this->login($users[0]->getUID(), $password)); + } + + if (!$isValidEmailLogin) { $this->handleLoginFailed($throttler, $currentDelay, $remoteAddress, $user, $password); return false; } diff --git a/tests/lib/User/SessionTest.php b/tests/lib/User/SessionTest.php index d6db17d9d45..3b8d75f694c 100644 --- a/tests/lib/User/SessionTest.php +++ b/tests/lib/User/SessionTest.php @@ -1110,7 +1110,7 @@ class SessionTest extends \Test\TestCase { $userSession->expects($this->once()) ->method('isTokenPassword') - ->willReturn(true); + ->willReturn(false); $userSession->expects($this->once()) ->method('login') ->with('john@foo.bar', 'I-AM-AN-PASSWORD') |