diff options
author | Robin Appelman <robin@icewind.nl> | 2022-09-14 15:04:13 +0300 |
---|---|---|
committer | backportbot-nextcloud[bot] <backportbot-nextcloud[bot]@users.noreply.github.com> | 2022-09-16 16:31:53 +0300 |
commit | 35cc27ed2139d4182f43f79f0773d9b2df8e7141 (patch) | |
tree | 3d6a3ec93484768f7c03b2cd90a36aaa5c599cd7 | |
parent | 3fe9fd754d810473e23e61c589b133d54e7a3e74 (diff) |
dont try email login if the provider username is not a valid emailbackport/34073/stable23
Signed-off-by: Robin Appelman <robin@icewind.nl>
-rw-r--r-- | lib/private/User/Session.php | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index 7aea219b608..8f910113078 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -461,6 +461,9 @@ class Session implements IUserSession, Emitter { if (!$this->login($user, $password)) { // Failed, maybe the user used their email address + if (!filter_var($user, FILTER_VALIDATE_EMAIL)) { + return false; + } $users = $this->manager->getByEmail($user); if (!(\count($users) === 1 && $this->login($users[0]->getUID(), $password))) { $this->logger->warning('Login failed: \'' . $user . '\' (Remote IP: \'' . \OC::$server->getRequest()->getRemoteAddress() . '\')', ['app' => 'core']); |