Merge pull request #34114 from nextcloud/backport/34073/stable23

[stable23] dont try email login if the provider username is not a valid email
author: blizzz <blizzz@arthur-schiwon.de> 2022-09-27 09:37:23 +0300
committer: GitHub <noreply@github.com> 2022-09-27 09:37:23 +0300
commit: 8205f9770e7897912c296699db27edee12d31229 (patch)
tree: 0b839a01859b93ddca386ce942e9910f21c0e531
parent: 19603fe1e07b4cc43c76220ad42c995cfd743489 (diff)
parent: 35cc27ed2139d4182f43f79f0773d9b2df8e7141 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index 7aea219b608..8f910113078 100644
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -461,6 +461,9 @@ class Session implements IUserSession, Emitter {
 		if (!$this->login($user, $password)) {
 
 			// Failed, maybe the user used their email address
+			if (!filter_var($user, FILTER_VALIDATE_EMAIL)) {
+				return false;
+			}
 			$users = $this->manager->getByEmail($user);
 			if (!(\count($users) === 1 && $this->login($users[0]->getUID(), $password))) {
 				$this->logger->warning('Login failed: \'' . $user . '\' (Remote IP: \'' . \OC::$server->getRequest()->getRemoteAddress() . '\')', ['app' => 'core']);
author	blizzz <blizzz@arthur-schiwon.de>	2022-09-27 09:37:23 +0300
committer	GitHub <noreply@github.com>	2022-09-27 09:37:23 +0300
commit	8205f9770e7897912c296699db27edee12d31229 (patch)
tree	0b839a01859b93ddca386ce942e9910f21c0e531
parent	19603fe1e07b4cc43c76220ad42c995cfd743489 (diff)
parent	35cc27ed2139d4182f43f79f0773d9b2df8e7141 (diff)