don't try login with the same name that just failed

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
This commit is contained in:
Arthur Schiwon 2018-02-22 12:46:06 +01:00
parent 4bf292b112
commit cef195fc48
No known key found for this signature in database
GPG Key ID: 7424F1874854DF23
1 changed files with 5 additions and 3 deletions

View File

@ -233,13 +233,15 @@ class LoginController extends Controller {
$users = $this->userManager->getByEmail($user);
// we only allow login by email if unique
if (count($users) === 1) {
$previousUser = $user;
$user = $users[0]->getUID();
$loginResult = $this->userManager->checkPassword($user, $password);
} else {
$this->logger->warning('Login failed: \''. $user .'\' (Remote IP: \''. $this->request->getRemoteAddress(). '\')', ['app' => 'core']);
if($user !== $previousUser) {
$loginResult = $this->userManager->checkPassword($user, $password);
}
}
}
if ($loginResult === false) {
$this->logger->warning('Login failed: \''. $user .'\' (Remote IP: \''. $this->request->getRemoteAddress(). '\')', ['app' => 'core']);
// Read current user and append if possible - we need to return the unmodified user otherwise we will leak the login name
$args = !is_null($user) ? ['user' => $originalUser] : [];
if (!is_null($redirect_url)) {