Merge pull request #22992 from nextcloud/password-urlencode

allow authenticating using urlencoded passwords
2021-01-08 14:34:01 +01:00 · 2021-01-08 14:34:01 +01:00 · aeb32e1bc8
parent 08cc9ad496 63dc2df68d
commit aeb32e1bc8
2 changed files with 16 additions and 1 deletions
--- a/build/psalm-baseline.xml
+++ b/build/psalm-baseline.xml
@ -5160,7 +5160,8 @@
      <code>$this-&gt;createUserFromBackend($uid, $password, $backend)</code>
      <code>$this-&gt;createUserFromBackend($uid, $password, $backend)</code>
    </NullableReturnStatement>
-    <UndefinedInterfaceMethod occurrences="4">
+    <UndefinedInterfaceMethod occurrences="5">
+      <code>checkPassword</code>
      <code>checkPassword</code>
      <code>countUsers</code>
      <code>createUser</code>
--- a/lib/private/User/Manager.php
+++ b/lib/private/User/Manager.php
@ -231,6 +231,20 @@ class Manager extends PublicEmitter implements IUserManager {
 			}
 		}

+		// since http basic auth doesn't provide a standard way of handling non ascii password we allow password to be urlencoded
+		// we only do this decoding after using the plain password fails to maintain compatibility with any password that happens
+		// to contains urlencoded patterns by "accident".
+		$password = urldecode($password);
+
+		foreach ($this->backends as $backend) {
+			if ($backend->implementsActions(Backend::CHECK_PASSWORD)) {
+				$uid = $backend->checkPassword($loginName, $password);
+				if ($uid !== false) {
+					return $this->getUserObject($uid, $backend);
+				}
+			}
+		}
+
 		return false;
 	}