Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix logClientIn for non-existing users #26292

Merged
merged 1 commit into from Oct 7, 2016
Merged

Fix logClientIn for non-existing users #26292

merged 1 commit into from Oct 7, 2016

Conversation

PVince81
Copy link
Contributor

@PVince81 PVince81 commented Oct 6, 2016
edited by DeepDiver1975

Description

This prevents throwing PasswordLoginForbidden for non-existing users.

Related Issue

Fixes #26123

Motivation and Context

The check for two factor enforcement would return true for non-existing
users. This fix makes it return false in order to be able to perform
the regular login which will then fail and return false.

How Has This Been Tested?

See original steps.
Also enable two factor auth and check that for existing users the exception is still PasswordLoginForbidden in the DAV response.

Screenshots (if appropriate):

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have read the CONTRIBUTING document.
  • I have added tests to cover my changes.
  • All new and existing tests passed.

Backports

  • stable9.1

Fix logClientIn for non-existing users
16df779 
The check for two factor enforcement would return true for non-existing
users. This fix makes it return false in order to be able to perform
the regular login which will then fail and return false.

This prevents throwing PasswordLoginForbidden for non-existing users.
@mention-bot
Copy link

@PVince81, thanks for your PR! By analyzing the history of the files in this pull request, we identified @ChristophWurst, @icewind1991 and @DeepDiver1975 to be potential reviewers.

@PVince81 PVince81 mentioned this pull request Oct 6, 2016
Closed
@PVince81
Copy link
Contributor Author

PVince81 commented Oct 6, 2016

Please review @DeepDiver1975 @jvillafanez @VicDeo

@PVince81 PVince81 added this to the 9.2 milestone Oct 7, 2016
DeepDiver1975
DeepDiver1975 approved these changes Oct 7, 2016
View reviewed changes
tests/lib/User/SessionTest.php
@@ -384,6 +384,32 @@ public function testLogClientInNoTokenPasswordWith2fa() {
$userSession->logClientIn('john', 'doe', $request);
}

public function testLogClientInUnexist() {
$manager = $this->getMockBuilder('\OC\User\Manager')
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

general note: I prefer to use \OC\User\Manager::class instead of the string name - helps when searching by type in ide and anyhow looks cleaner to me.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

okay... thing is I just copy-pasted the previous test and adjusted it.

Noted for the future, there's a lot to adjust.

@DeepDiver1975
Copy link
Member

👍

@DeepDiver1975 DeepDiver1975 merged commit 14931fa into master Oct 7, 2016
@DeepDiver1975 DeepDiver1975 deleted the fix-passwordloginforbidden-nonexisting branch October 7, 2016 14:50
@DeepDiver1975 DeepDiver1975 self-assigned this Oct 7, 2016
@DeepDiver1975
Copy link
Member

backporting ....

DeepDiver1975 pushed a commit that referenced this pull request Oct 7, 2016
@DeepDiver1975
[stable9.1] Fix logClientIn for non-existing users (#26292)
7f07988 
The check for two factor enforcement would return true for non-existing
users. This fix makes it return false in order to be able to perform
the regular login which will then fail and return false.

This prevents throwing PasswordLoginForbidden for non-existing users.
@DeepDiver1975 DeepDiver1975 mentioned this pull request Oct 7, 2016
Merged
PVince81 pushed a commit that referenced this pull request Oct 10, 2016
[stable9.1] Fix logClientIn for non-existing users (#26292)
60ac7e5 
The check for two factor enforcement would return true for non-existing
users. This fix makes it return false in order to be able to perform
the regular login which will then fail and return false.

This prevents throwing PasswordLoginForbidden for non-existing users.
DeepDiver1975 added a commit that referenced this pull request Oct 10, 2016
@DeepDiver1975
[stable9.1] Fix logClientIn for non-existing users (#26292) (#26307)
94f7f38 
The check for two factor enforcement would return true for non-existing
users. This fix makes it return false in order to be able to perform
the regular login which will then fail and return false.

This prevents throwing PasswordLoginForbidden for non-existing users.
@MorrisJobke MorrisJobke mentioned this pull request Oct 24, 2016
Merged
@lock
Copy link

lock bot commented Aug 4, 2019

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@lock lock bot locked as resolved and limited conversation to collaborators Aug 4, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@DeepDiver1975 DeepDiver1975 DeepDiver1975 approved these changes

Assignees

@DeepDiver1975 DeepDiver1975

Labels
3 - To Review comp:authentication
Projects
None yet
Milestone
10.0
Development

Successfully merging this pull request may close these issues.

Webdav wrong error PasswordLoginForbidden when specifying non-existing user
3 participants
@PVince81 @mention-bot @DeepDiver1975