From 1fbb951691468c33dc1171731bcd9826b0064609 Mon Sep 17 00:00:00 2001
From: Robin Appelman <robin@icewind.nl>
Date: Wed, 14 Sep 2022 14:04:13 +0200
Subject: dont try email login if the provider username is not a valid email

Signed-off-by: Robin Appelman <robin@icewind.nl>
---
 lib/private/User/Session.php | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'lib')

diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index 65a213d4bf8..5117812db31 100644
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -450,6 +450,9 @@ class Session implements IUserSession, Emitter {
 		if (!$this->login($user, $password)) {
 
 			// Failed, maybe the user used their email address
+			if (!filter_var($user, FILTER_VALIDATE_EMAIL)) {
+				return false;
+			}
 			$users = $this->manager->getByEmail($user);
 			if (!(\count($users) === 1 && $this->login($users[0]->getUID(), $password))) {
 				$this->logger->warning('Login failed: \'' . $user . '\' (Remote IP: \'' . \OC::$server->getRequest()->getRemoteAddress() . '\')', ['app' => 'core']);
-- 
cgit v1.2.3