diff options
| author | Arthur Schiwon <blizzz@arthur-schiwon.de> | 2018-02-22 14:46:06 +0300 |
|---|---|---|
| committer | Arthur Schiwon <blizzz@arthur-schiwon.de> | 2018-02-26 12:32:38 +0300 |
| commit | fb2ebbd23266a54b2430046913bda88996df40d4 (patch) | |
| tree | 4c12de84a24be9e043e2083f2b3b7f83b0cb7407 /core | |
| parent | f015d38a89eedef02c713a8623ad2b03c2b3e728 (diff) | |
don't try login with the same name that just failed
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
Diffstat (limited to 'core')
| -rw-r--r-- | core/Controller/LoginController.php | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php index e53095a7de7..9b9c5bcd4ee 100644 --- a/core/Controller/LoginController.php +++ b/core/Controller/LoginController.php @@ -256,13 +256,15 @@ class LoginController extends Controller { $users = $this->userManager->getByEmail($user); // we only allow login by email if unique if (count($users) === 1) { + $previousUser = $user; $user = $users[0]->getUID(); - $loginResult = $this->userManager->checkPassword($user, $password); - } else { - $this->logger->warning('Login failed: \''. $user .'\' (Remote IP: \''. $this->request->getRemoteAddress(). '\')', ['app' => 'core']); + if($user !== $previousUser) { + $loginResult = $this->userManager->checkPassword($user, $password); + } } } if ($loginResult === false) { + $this->logger->warning('Login failed: \''. $user .'\' (Remote IP: \''. $this->request->getRemoteAddress(). '\')', ['app' => 'core']); // Read current user and append if possible - we need to return the unmodified user otherwise we will leak the login name $args = !is_null($user) ? ['user' => $originalUser] : []; if (!is_null($redirect_url)) { |