diff options
author | Vincent Petry <vincent@nextcloud.com> | 2022-09-16 15:54:24 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-09-16 15:54:24 +0300 |
commit | 25888a3d42f67e9320781095ce246f090af34059 (patch) | |
tree | 7fee7ba7c5c7088c15f113a66ed0fdc6a00cfc8e /lib | |
parent | 8880fe3fd1f4a02a65f1f3080feb7c08bb69cb47 (diff) | |
parent | 1fbb951691468c33dc1171731bcd9826b0064609 (diff) |
Merge pull request #34073 from nextcloud/login-email-filter
dont try email login if the provider username is not a valid email
Diffstat (limited to 'lib')
-rw-r--r-- | lib/private/User/Session.php | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index 65a213d4bf8..5117812db31 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -450,6 +450,9 @@ class Session implements IUserSession, Emitter { if (!$this->login($user, $password)) { // Failed, maybe the user used their email address + if (!filter_var($user, FILTER_VALIDATE_EMAIL)) { + return false; + } $users = $this->manager->getByEmail($user); if (!(\count($users) === 1 && $this->login($users[0]->getUID(), $password))) { $this->logger->warning('Login failed: \'' . $user . '\' (Remote IP: \'' . \OC::$server->getRequest()->getRemoteAddress() . '\')', ['app' => 'core']); |