Return correct loginname in credentials,
even when token is invalid or has no password. Returning the uid as loginname is wrong, and leads to problems when these differ. E.g. the getapppassword API was creating app token with the uid as loginname. In a scenario with external authentication (such as LDAP), these tokens were then invalidated next time their underlying password was checked, and systematically ceased to function. Co-authored-by: kesselb <mail@danielkesselberg.de> for: switch to consistent camelCase Signed-off-by: Lionel Elie Mamane <lionel@mamane.lu>
This commit is contained in:
Lionel Elie Mamane
Morris Jobke
parent
03603db486
commit
ac8b40b8b1
|
|
@ -112,7 +112,7 @@ class Store implements IStore {
|
||||||
|
|
||||||
if ($trySession && $this->session->exists('login_credentials')) {
|
if ($trySession && $this->session->exists('login_credentials')) {
|
||||||
$creds = json_decode($this->session->get('login_credentials'));
|
$creds = json_decode($this->session->get('login_credentials'));
|
||||||
return new Credentials($creds->uid, $creds->uid, $creds->password);
|
return new Credentials($creds->uid, $creds->loginName, $creds->password);
|
||||||
}
|
}
|
||||||
|
|
||||||
// If we reach this line, an exception was thrown.
|
// If we reach this line, an exception was thrown.
|
||||||
|
|
|
||||||
|
|
@ -566,9 +566,9 @@ class Server extends ServerContainer implements IServerContainer {
|
||||||
$dispatcher = $this->query(IEventDispatcher::class);
|
$dispatcher = $this->query(IEventDispatcher::class);
|
||||||
$dispatcher->dispatchTyped(new BeforeUserLoggedInEvent($uid, $password));
|
$dispatcher->dispatchTyped(new BeforeUserLoggedInEvent($uid, $password));
|
||||||
});
|
});
|
||||||
$userSession->listen('\OC\User', 'postLogin', function ($user, $password, $isTokenLogin) {
|
$userSession->listen('\OC\User', 'postLogin', function ($user, $loginName, $password, $isTokenLogin) {
|
||||||
/** @var \OC\User\User $user */
|
/** @var \OC\User\User $user */
|
||||||
\OC_Hook::emit('OC_User', 'post_login', ['run' => true, 'uid' => $user->getUID(), 'password' => $password, 'isTokenLogin' => $isTokenLogin]);
|
\OC_Hook::emit('OC_User', 'post_login', ['run' => true, 'uid' => $user->getUID(), 'loginName' => $loginName, 'password' => $password, 'isTokenLogin' => $isTokenLogin]);
|
||||||
|
|
||||||
/** @var IEventDispatcher $dispatcher */
|
/** @var IEventDispatcher $dispatcher */
|
||||||
$dispatcher = $this->query(IEventDispatcher::class);
|
$dispatcher = $this->query(IEventDispatcher::class);
|
||||||
|
|
|
||||||
|
|
@ -80,7 +80,7 @@ use Symfony\Component\EventDispatcher\GenericEvent;
|
||||||
* - preUnassignedUserId(string $uid)
|
* - preUnassignedUserId(string $uid)
|
||||||
* - postUnassignedUserId(string $uid)
|
* - postUnassignedUserId(string $uid)
|
||||||
* - preLogin(string $user, string $password)
|
* - preLogin(string $user, string $password)
|
||||||
* - postLogin(\OC\User\User $user, string $password)
|
* - postLogin(\OC\User\User $user, string $loginName, string $password, boolean $isTokenLogin)
|
||||||
* - preRememberedLogin(string $uid)
|
* - preRememberedLogin(string $uid)
|
||||||
* - postRememberedLogin(\OC\User\User $user)
|
* - postRememberedLogin(\OC\User\User $user)
|
||||||
* - logout()
|
* - logout()
|
||||||
|
|
@ -400,11 +400,13 @@ class Session implements IUserSession, Emitter {
|
||||||
|
|
||||||
$this->dispatcher->dispatchTyped(new PostLoginEvent(
|
$this->dispatcher->dispatchTyped(new PostLoginEvent(
|
||||||
$user,
|
$user,
|
||||||
|
$loginDetails['loginName'],
|
||||||
$loginDetails['password'],
|
$loginDetails['password'],
|
||||||
$isToken
|
$isToken
|
||||||
));
|
));
|
||||||
$this->manager->emit('\OC\User', 'postLogin', [
|
$this->manager->emit('\OC\User', 'postLogin', [
|
||||||
$user,
|
$user,
|
||||||
|
$loginDetails['loginName'],
|
||||||
$loginDetails['password'],
|
$loginDetails['password'],
|
||||||
$isToken,
|
$isToken,
|
||||||
]);
|
]);
|
||||||
|
|
|
||||||
|
|
@ -38,6 +38,12 @@ class PostLoginEvent extends Event {
|
||||||
/** @var IUser */
|
/** @var IUser */
|
||||||
private $user;
|
private $user;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @since 20.0.0
|
||||||
|
* @var string
|
||||||
|
*/
|
||||||
|
private $loginName;
|
||||||
|
|
||||||
/** @var string */
|
/** @var string */
|
||||||
private $password;
|
private $password;
|
||||||
|
|
||||||
|
|
@ -47,9 +53,10 @@ class PostLoginEvent extends Event {
|
||||||
/**
|
/**
|
||||||
* @since 18.0.0
|
* @since 18.0.0
|
||||||
*/
|
*/
|
||||||
public function __construct(IUser $user, string $password, bool $isTokenLogin) {
|
public function __construct(IUser $user, string $loginName, string $password, bool $isTokenLogin) {
|
||||||
parent::__construct();
|
parent::__construct();
|
||||||
$this->user = $user;
|
$this->user = $user;
|
||||||
|
$this->loginName = $loginName;
|
||||||
$this->password = $password;
|
$this->password = $password;
|
||||||
$this->isTokenLogin = $isTokenLogin;
|
$this->isTokenLogin = $isTokenLogin;
|
||||||
}
|
}
|
||||||
|
|
@ -61,6 +68,13 @@ class PostLoginEvent extends Event {
|
||||||
return $this->user;
|
return $this->user;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @since 20.0.0
|
||||||
|
*/
|
||||||
|
public function getLoginName(): string {
|
||||||
|
return $this->loginName;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @since 18.0.0
|
* @since 18.0.0
|
||||||
*/
|
*/
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue