mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #8533 from nextcloud/8499-stable12 

[stable12] don't try login with the same name that just failed
This commit is contained in:
Morris Jobke 2018-02-26 12:28:01 +01:00 committed by GitHub
parent 4bf292b112 cef195fc48
commit 1489474ee5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
core/Controller/LoginController.php
View File

@ -233,13 +233,15 @@ class LoginController extends Controller {
$users = $this->userManager->getByEmail($user); $users = $this->userManager->getByEmail($user);
// we only allow login by email if unique // we only allow login by email if unique
if (count($users) === 1) { if (count($users) === 1) {
$previousUser = $user;
$user = $users[0]->getUID(); $user = $users[0]->getUID();
$loginResult = $this->userManager->checkPassword($user, $password); if($user !== $previousUser) {
} else { $loginResult = $this->userManager->checkPassword($user, $password);
$this->logger->warning('Login failed: \''. $user .'\' (Remote IP: \''. $this->request->getRemoteAddress(). '\')', ['app' => 'core']); }
} }
} }
if ($loginResult === false) { if ($loginResult === false) {
$this->logger->warning('Login failed: \''. $user .'\' (Remote IP: \''. $this->request->getRemoteAddress(). '\')', ['app' => 'core']);
// Read current user and append if possible - we need to return the unmodified user otherwise we will leak the login name // Read current user and append if possible - we need to return the unmodified user otherwise we will leak the login name
$args = !is_null($user) ? ['user' => $originalUser] : []; $args = !is_null($user) ? ['user' => $originalUser] : [];
if (!is_null($redirect_url)) { if (!is_null($redirect_url)) {