From 9151960af0ed421bb729b62a16cfb0cbb0d7f730 Mon Sep 17 00:00:00 2001
From: Julius Härtl <jus@bitgrid.net>
Date: Tue, 25 Oct 2022 15:38:31 +0200
Subject: Skip general login with email for non-valid addresses and LDAP
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Julius Härtl <jus@bitgrid.net>
---
 lib/private/Authentication/Login/EmailLoginCommand.php | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'lib')

diff --git a/lib/private/Authentication/Login/EmailLoginCommand.php b/lib/private/Authentication/Login/EmailLoginCommand.php
index e2e55cc12c8..7145ab9e14f 100644
--- a/lib/private/Authentication/Login/EmailLoginCommand.php
+++ b/lib/private/Authentication/Login/EmailLoginCommand.php
@@ -38,9 +38,21 @@ class EmailLoginCommand extends ALoginCommand {
 
 	public function process(LoginData $loginData): LoginResult {
 		if ($loginData->getUser() === false) {
+			if (!filter_var($loginData->getUsername(), FILTER_VALIDATE_EMAIL)) {
+				return $this->processNextOrFinishSuccessfully($loginData);
+			}
+
 			$users = $this->userManager->getByEmail($loginData->getUsername());
 			// we only allow login by email if unique
 			if (count($users) === 1) {
+
+				// FIXME: This is a workaround to still stick to configured LDAP login filters
+				// this can be removed once the email login is properly implemented in the local user backend
+				// as described in https://github.com/nextcloud/server/issues/5221
+				if ($users[0]->getBackendClassName() === 'LDAP') {
+					return $this->processNextOrFinishSuccessfully($loginData);
+				}
+
 				$username = $users[0]->getUID();
 				if ($username !== $loginData->getUsername()) {
 					$user = $this->userManager->checkPassword(
-- 
cgit v1.2.3