mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

allow authenticating using urlencoded passwords 

this allows authenticating with passwords that contain non ascii-characters in contexts that otherwise do not allow it (http basic)

Signed-off-by: Robin Appelman <robin@icewind.nl>
This commit is contained in:
Robin Appelman 2020-09-21 16:13:09 +02:00 committed by Roeland Jago Douma
parent 2dd04f76d2
commit c374bbf14d
No known key found for this signature in database
GPG Key ID: F941078878347C0C
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
lib/private/User/Manager.php
View File

@ -231,6 +231,20 @@ class Manager extends PublicEmitter implements IUserManager {
} }
} }
// since http basic auth doesn't provide a standard way of handling non ascii password we allow password to be urlencoded
// we only do this decoding after using the plain password fails to maintain compatibility with any password that happens
// to contains urlencoded patterns by "accident".
$password = urldecode($password);
foreach ($this->backends as $backend) {
if ($backend->implementsActions(Backend::CHECK_PASSWORD)) {
$uid = $backend->checkPassword($loginName, $password);
if ($uid !== false) {
return $this->getUserObject($uid, $backend);
}
}
}
return false; return false;
} }