From c374bbf14d63a68b0f1ae88a8eb91f4ab091dc73 Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Mon, 21 Sep 2020 16:13:09 +0200 Subject: [PATCH 1/2] allow authenticating using urlencoded passwords this allows authenticating with passwords that contain non ascii-characters in contexts that otherwise do not allow it (http basic) Signed-off-by: Robin Appelman --- lib/private/User/Manager.php | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/lib/private/User/Manager.php b/lib/private/User/Manager.php index 1d58c68268..8e441e2e41 100644 --- a/lib/private/User/Manager.php +++ b/lib/private/User/Manager.php @@ -231,6 +231,20 @@ class Manager extends PublicEmitter implements IUserManager { } } + // since http basic auth doesn't provide a standard way of handling non ascii password we allow password to be urlencoded + // we only do this decoding after using the plain password fails to maintain compatibility with any password that happens + // to contains urlencoded patterns by "accident". + $password = urldecode($password); + + foreach ($this->backends as $backend) { + if ($backend->implementsActions(Backend::CHECK_PASSWORD)) { + $uid = $backend->checkPassword($loginName, $password); + if ($uid !== false) { + return $this->getUserObject($uid, $backend); + } + } + } + return false; } From 63dc2df68d3bab2abadc4bd80c63e406ed89887c Mon Sep 17 00:00:00 2001 From: Morris Jobke Date: Fri, 8 Jan 2021 14:21:12 +0100 Subject: [PATCH 2/2] Update baseline.xml Signed-off-by: Morris Jobke --- build/psalm-baseline.xml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/build/psalm-baseline.xml b/build/psalm-baseline.xml index 98f849eb81..63c35a969b 100644 --- a/build/psalm-baseline.xml +++ b/build/psalm-baseline.xml @@ -5171,7 +5171,8 @@ $this->createUserFromBackend($uid, $password, $backend) $this->createUserFromBackend($uid, $password, $backend) - + + checkPassword checkPassword countUsers createUser