From 2f75ba1adb2b943a554abc2302b40dbce0b332a6 Mon Sep 17 00:00:00 2001
From: Lionel Elie Mamane <lionel@mamane.lu>
Date: Sun, 7 Jun 2020 14:15:10 +0200
Subject: [PATCH 1/2] Return correct loginname in credentials,

even when token is invalid or has no password.

Returning the uid as loginname is wrong, and leads to problems when
these differ. E.g. the getapppassword API was creating app token with
the uid as loginname. In a scenario with external authentication (such
as LDAP), these tokens were then invalidated next time their underlying
password was checked, and systematically ceased to function.

Signed-off-by: Lionel Elie Mamane <lionel@mamane.lu>
---
 lib/private/Authentication/LoginCredentials/Store.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/private/Authentication/LoginCredentials/Store.php b/lib/private/Authentication/LoginCredentials/Store.php
index f4bedd88a1..24ce917a24 100644
--- a/lib/private/Authentication/LoginCredentials/Store.php
+++ b/lib/private/Authentication/LoginCredentials/Store.php
@@ -112,7 +112,7 @@ class Store implements IStore {
 
 		if ($trySession && $this->session->exists('login_credentials')) {
 			$creds = json_decode($this->session->get('login_credentials'));
-			return new Credentials($creds->uid, $creds->uid, $creds->password);
+			return new Credentials($creds->uid, $this->session->get('loginname'), $creds->password);
 		}
 
 		// If we reach this line, an exception was thrown.

From ae036b4dfa3f6b8df7366de396b6a337b1dcf0a2 Mon Sep 17 00:00:00 2001
From: Lionel Elie Mamane <lionel@mamane.lu>
Date: Sun, 7 Jun 2020 15:41:09 +0200
Subject: [PATCH 2/2] adapt
 testGetLoginCredentialsInvalidTokenLoginCredentials() unit test to uid !=
 loginname

Signed-off-by: Lionel Elie Mamane <lionel@mamane.lu>
---
 .../lib/Authentication/LoginCredentials/StoreTest.php | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/tests/lib/Authentication/LoginCredentials/StoreTest.php b/tests/lib/Authentication/LoginCredentials/StoreTest.php
index e7b9cb5996..3a0f0d325a 100644
--- a/tests/lib/Authentication/LoginCredentials/StoreTest.php
+++ b/tests/lib/Authentication/LoginCredentials/StoreTest.php
@@ -142,7 +142,8 @@ class StoreTest extends TestCase {
 	}
 
 	public function testGetLoginCredentialsInvalidTokenLoginCredentials() {
-		$uid = 'user987';
+		$uid = 'id987';
+		$user = 'user987';
 		$password = '7389374';
 
 		$this->session->expects($this->once())
@@ -156,11 +157,11 @@ class StoreTest extends TestCase {
 			->method('exists')
 			->with($this->equalTo('login_credentials'))
 			->willReturn(true);
-		$this->session->expects($this->once())
+		$this->session->expects($this->exactly(2))
 			->method('get')
-			->with($this->equalTo('login_credentials'))
-			->willReturn('{"run":true,"uid":"user987","password":"7389374"}');
-		$expected = new Credentials('user987', 'user987', '7389374');
+			->withConsecutive(['login_credentials'], ['loginname'])
+			->willReturnOnConsecutiveCalls('{"run":true,"uid":"id987","password":"7389374"}', $user);
+		$expected = new Credentials($uid, $user, $password);
 
 		$actual = $this->store->getLoginCredentials();