From 4ebcd5ac0b810314867c04a8dbbbfd484ff34ed1 Mon Sep 17 00:00:00 2001 From: Sandro Lutz Date: Sun, 11 Dec 2016 00:20:02 +0100 Subject: [PATCH 1/8] Add preLoginValidation hook Signed-off-by: Sandro Lutz --- core/Controller/LoginController.php | 3 +++ lib/private/Server.php | 3 +++ 2 files changed, 6 insertions(+) diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php index b6add48ef6..0d52a19d57 100644 --- a/core/Controller/LoginController.php +++ b/core/Controller/LoginController.php @@ -216,6 +216,9 @@ class LoginController extends Controller { } $originalUser = $user; + + $this->userManager->emit('\OC\User', 'preLoginValidation', array($user, $password)); + // TODO: Add all the insane error handling /* @var $loginResult IUser */ $loginResult = $this->userManager->checkPassword($user, $password); diff --git a/lib/private/Server.php b/lib/private/Server.php index 2c0aac9b43..c940697dfe 100644 --- a/lib/private/Server.php +++ b/lib/private/Server.php @@ -295,6 +295,9 @@ class Server extends ServerContainer implements IServerContainer { /** @var $user \OC\User\User */ \OC_Hook::emit('OC_User', 'post_setPassword', array('run' => true, 'uid' => $user->getUID(), 'password' => $password, 'recoveryPassword' => $recoveryPassword)); }); + $userSession->listen('\OC\User', 'preLoginValidation', function ($uid, $password) { + \OC_Hook::emit('OC_User', 'pre_loginValidation', array('run' => true, 'uid' => $uid, 'password' => $password)); + }); $userSession->listen('\OC\User', 'preLogin', function ($uid, $password) { \OC_Hook::emit('OC_User', 'pre_login', array('run' => true, 'uid' => $uid, 'password' => $password)); }); From e14d50eb1f58578a4dd9c3cd7feb19b426e7ad6c Mon Sep 17 00:00:00 2001 From: Sandro Lutz Date: Sun, 11 Dec 2016 11:24:05 +0100 Subject: [PATCH 2/8] Fix indentation Signed-off-by: Sandro Lutz --- core/Controller/LoginController.php | 2 +- lib/private/Server.php | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php index 0d52a19d57..d30a765907 100644 --- a/core/Controller/LoginController.php +++ b/core/Controller/LoginController.php @@ -217,7 +217,7 @@ class LoginController extends Controller { $originalUser = $user; - $this->userManager->emit('\OC\User', 'preLoginValidation', array($user, $password)); + $this->userManager->emit('\OC\User', 'preLoginValidation', array($user, $password)); // TODO: Add all the insane error handling /* @var $loginResult IUser */ diff --git a/lib/private/Server.php b/lib/private/Server.php index c940697dfe..4a972faaa4 100644 --- a/lib/private/Server.php +++ b/lib/private/Server.php @@ -295,9 +295,9 @@ class Server extends ServerContainer implements IServerContainer { /** @var $user \OC\User\User */ \OC_Hook::emit('OC_User', 'post_setPassword', array('run' => true, 'uid' => $user->getUID(), 'password' => $password, 'recoveryPassword' => $recoveryPassword)); }); - $userSession->listen('\OC\User', 'preLoginValidation', function ($uid, $password) { - \OC_Hook::emit('OC_User', 'pre_loginValidation', array('run' => true, 'uid' => $uid, 'password' => $password)); - }); + $userSession->listen('\OC\User', 'preLoginValidation', function ($uid, $password) { + \OC_Hook::emit('OC_User', 'pre_loginValidation', array('run' => true, 'uid' => $uid, 'password' => $password)); + }); $userSession->listen('\OC\User', 'preLogin', function ($uid, $password) { \OC_Hook::emit('OC_User', 'pre_login', array('run' => true, 'uid' => $uid, 'password' => $password)); }); From 6ab0a3215d4316d461303d7162a12c07720b6648 Mon Sep 17 00:00:00 2001 From: Sandro Lutz Date: Tue, 31 Jan 2017 18:54:31 +0100 Subject: [PATCH 3/8] Remove preLoginValidation hook Signed-off-by: Sandro Lutz --- core/Controller/LoginController.php | 3 --- lib/private/Server.php | 3 --- 2 files changed, 6 deletions(-) diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php index d30a765907..b6add48ef6 100644 --- a/core/Controller/LoginController.php +++ b/core/Controller/LoginController.php @@ -216,9 +216,6 @@ class LoginController extends Controller { } $originalUser = $user; - - $this->userManager->emit('\OC\User', 'preLoginValidation', array($user, $password)); - // TODO: Add all the insane error handling /* @var $loginResult IUser */ $loginResult = $this->userManager->checkPassword($user, $password); diff --git a/lib/private/Server.php b/lib/private/Server.php index 4a972faaa4..2c0aac9b43 100644 --- a/lib/private/Server.php +++ b/lib/private/Server.php @@ -295,9 +295,6 @@ class Server extends ServerContainer implements IServerContainer { /** @var $user \OC\User\User */ \OC_Hook::emit('OC_User', 'post_setPassword', array('run' => true, 'uid' => $user->getUID(), 'password' => $password, 'recoveryPassword' => $recoveryPassword)); }); - $userSession->listen('\OC\User', 'preLoginValidation', function ($uid, $password) { - \OC_Hook::emit('OC_User', 'pre_loginValidation', array('run' => true, 'uid' => $uid, 'password' => $password)); - }); $userSession->listen('\OC\User', 'preLogin', function ($uid, $password) { \OC_Hook::emit('OC_User', 'pre_login', array('run' => true, 'uid' => $uid, 'password' => $password)); }); From e30d28f7eb16b86a147a52a2f0452e5b587ddcb9 Mon Sep 17 00:00:00 2001 From: Sandro Lutz Date: Tue, 31 Jan 2017 20:21:58 +0100 Subject: [PATCH 4/8] Change where preLogin hook gets called Signed-off-by: Sandro Lutz --- core/Controller/LoginController.php | 2 ++ lib/private/User/Session.php | 5 ++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php index b6add48ef6..981e781472 100644 --- a/core/Controller/LoginController.php +++ b/core/Controller/LoginController.php @@ -215,6 +215,8 @@ class LoginController extends Controller { return $this->generateRedirect($redirect_url); } + $this->userManager->emit('\OC\User', 'preLogin', array($user, $password)); + $originalUser = $user; // TODO: Add all the insane error handling /* @var $loginResult IUser */ diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index dcda825b9d..7f7c8182ba 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -319,6 +319,8 @@ class Session implements IUserSession, Emitter { OC\Security\Bruteforce\Throttler $throttler) { $currentDelay = $throttler->sleepDelay($request->getRemoteAddress()); + $this->manager->emit('\OC\User', 'preLogin', array($user, $password)); + $isTokenPassword = $this->isTokenPassword($password); if (!$isTokenPassword && $this->isTokenAuthEnforced()) { throw new PasswordLoginForbiddenException(); @@ -463,7 +465,6 @@ class Session implements IUserSession, Emitter { * @throws LoginException if an app canceld the login process or the user is not enabled */ private function loginWithPassword($uid, $password) { - $this->manager->emit('\OC\User', 'preLogin', array($uid, $password)); $user = $this->manager->checkPassword($uid, $password); if ($user === false) { // Password check failed @@ -513,8 +514,6 @@ class Session implements IUserSession, Emitter { // Ignore and use empty string instead } - $this->manager->emit('\OC\User', 'preLogin', array($uid, $password)); - $user = $this->manager->get($uid); if (is_null($user)) { // user does not exist From 6feff0cebab20b3738bab239aa1f09b5c91d92ef Mon Sep 17 00:00:00 2001 From: Sandro Lutz Date: Wed, 1 Feb 2017 18:13:41 +0100 Subject: [PATCH 5/8] Add check if UserManager is of type PublicEmitter before calling preLogin hook Signed-off-by: Sandro Lutz --- core/Controller/LoginController.php | 4 +++- lib/private/User/Session.php | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php index 981e781472..c53637aaed 100644 --- a/core/Controller/LoginController.php +++ b/core/Controller/LoginController.php @@ -215,7 +215,9 @@ class LoginController extends Controller { return $this->generateRedirect($redirect_url); } - $this->userManager->emit('\OC\User', 'preLogin', array($user, $password)); + if ($this->manager instanceof PublicEmitter) { + $this->userManager->emit('\OC\User', 'preLogin', array($user, $password)); + } $originalUser = $user; // TODO: Add all the insane error handling diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index 7f7c8182ba..36bd45521c 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -319,7 +319,9 @@ class Session implements IUserSession, Emitter { OC\Security\Bruteforce\Throttler $throttler) { $currentDelay = $throttler->sleepDelay($request->getRemoteAddress()); - $this->manager->emit('\OC\User', 'preLogin', array($user, $password)); + if ($this->manager instanceof PublicEmitter) { + $this->manager->emit('\OC\User', 'preLogin', array($user, $password)); + } $isTokenPassword = $this->isTokenPassword($password); if (!$isTokenPassword && $this->isTokenAuthEnforced()) { From 20f878b014aa9d95d6f2f81bc120efe5cf04a33a Mon Sep 17 00:00:00 2001 From: Sandro Lutz Date: Wed, 1 Feb 2017 20:16:51 +0100 Subject: [PATCH 6/8] Fix typo for UserManager variable Signed-off-by: Sandro Lutz --- core/Controller/LoginController.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php index c53637aaed..e19794f2cd 100644 --- a/core/Controller/LoginController.php +++ b/core/Controller/LoginController.php @@ -215,7 +215,7 @@ class LoginController extends Controller { return $this->generateRedirect($redirect_url); } - if ($this->manager instanceof PublicEmitter) { + if ($this->userManager instanceof PublicEmitter) { $this->userManager->emit('\OC\User', 'preLogin', array($user, $password)); } From ff3fa538e43bb38a5ff142b07216b9de79645c01 Mon Sep 17 00:00:00 2001 From: Sandro Lutz Date: Tue, 7 Feb 2017 00:12:19 +0100 Subject: [PATCH 7/8] Add missing use statement for PublicEmitter Signed-off-by: Sandro Lutz --- core/Controller/LoginController.php | 1 + 1 file changed, 1 insertion(+) diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php index e19794f2cd..92ea3014ba 100644 --- a/core/Controller/LoginController.php +++ b/core/Controller/LoginController.php @@ -44,6 +44,7 @@ use OCP\IURLGenerator; use OCP\IUser; use OCP\IUserManager; use OCP\IUserSession; +use OC\Hooks\PublicEmitter; class LoginController extends Controller { /** @var IUserManager */ From 9b6f99ab0824294f2491c3546f55788832634eff Mon Sep 17 00:00:00 2001 From: Sandro Lutz Date: Tue, 7 Feb 2017 01:25:39 +0100 Subject: [PATCH 8/8] Update license header Signed-off-by: Sandro Lutz --- core/Controller/LoginController.php | 2 ++ lib/private/User/Session.php | 2 ++ 2 files changed, 4 insertions(+) diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php index c0e7be280b..1430602d91 100644 --- a/core/Controller/LoginController.php +++ b/core/Controller/LoginController.php @@ -1,8 +1,10 @@ * @copyright Copyright (c) 2016 Joas Schilling * @copyright Copyright (c) 2016, ownCloud, Inc. * + * @author Sandro Lutz * @author Christoph Wurst * @author Joas Schilling * @author Lukas Reschke diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index 2ebe895a59..1486a5b7fe 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -1,7 +1,9 @@ * @copyright Copyright (c) 2016, ownCloud, Inc. * + * @author Sandro Lutz * @author Arthur Schiwon * @author Bernhard Posselt * @author Christoph Wurst