diff options
| -rw-r--r-- | build/psalm-baseline.xml | 3 | ||||
| -rw-r--r-- | lib/private/User/Manager.php | 14 |
2 files changed, 16 insertions, 1 deletions
diff --git a/build/psalm-baseline.xml b/build/psalm-baseline.xml index d461cdfc706..762f58131b5 100644 --- a/build/psalm-baseline.xml +++ b/build/psalm-baseline.xml @@ -5160,7 +5160,8 @@ <code>$this->createUserFromBackend($uid, $password, $backend)</code> <code>$this->createUserFromBackend($uid, $password, $backend)</code> </NullableReturnStatement> - <UndefinedInterfaceMethod occurrences="4"> + <UndefinedInterfaceMethod occurrences="5"> + <code>checkPassword</code> <code>checkPassword</code> <code>countUsers</code> <code>createUser</code> diff --git a/lib/private/User/Manager.php b/lib/private/User/Manager.php index 1d58c68268c..8e441e2e419 100644 --- a/lib/private/User/Manager.php +++ b/lib/private/User/Manager.php @@ -231,6 +231,20 @@ class Manager extends PublicEmitter implements IUserManager { } } + // since http basic auth doesn't provide a standard way of handling non ascii password we allow password to be urlencoded + // we only do this decoding after using the plain password fails to maintain compatibility with any password that happens + // to contains urlencoded patterns by "accident". + $password = urldecode($password); + + foreach ($this->backends as $backend) { + if ($backend->implementsActions(Backend::CHECK_PASSWORD)) { + $uid = $backend->checkPassword($loginName, $password); + if ($uid !== false) { + return $this->getUserObject($uid, $backend); + } + } + } + return false; } |