New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix logClientIn for non-existing users #26292
Conversation
The check for two factor enforcement would return true for non-existing users. This fix makes it return false in order to be able to perform the regular login which will then fail and return false. This prevents throwing PasswordLoginForbidden for non-existing users.
@PVince81, thanks for your PR! By analyzing the history of the files in this pull request, we identified @ChristophWurst, @icewind1991 and @DeepDiver1975 to be potential reviewers. |
Please review @DeepDiver1975 @jvillafanez @VicDeo |
@@ -384,6 +384,32 @@ public function testLogClientInNoTokenPasswordWith2fa() { | |||
$userSession->logClientIn('john', 'doe', $request); | |||
} | |||
|
|||
public function testLogClientInUnexist() { | |||
$manager = $this->getMockBuilder('\OC\User\Manager') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
general note: I prefer to use \OC\User\Manager::class instead of the string name - helps when searching by type in ide and anyhow looks cleaner to me.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
okay... thing is I just copy-pasted the previous test and adjusted it.
Noted for the future, there's a lot to adjust.
👍 |
backporting .... |
The check for two factor enforcement would return true for non-existing users. This fix makes it return false in order to be able to perform the regular login which will then fail and return false. This prevents throwing PasswordLoginForbidden for non-existing users.
The check for two factor enforcement would return true for non-existing users. This fix makes it return false in order to be able to perform the regular login which will then fail and return false. This prevents throwing PasswordLoginForbidden for non-existing users.
The check for two factor enforcement would return true for non-existing users. This fix makes it return false in order to be able to perform the regular login which will then fail and return false. This prevents throwing PasswordLoginForbidden for non-existing users.
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Description
This prevents throwing PasswordLoginForbidden for non-existing users.
Related Issue
Fixes #26123
Motivation and Context
The check for two factor enforcement would return true for non-existing
users. This fix makes it return false in order to be able to perform
the regular login which will then fail and return false.
How Has This Been Tested?
See original steps.
Also enable two factor auth and check that for existing users the exception is still PasswordLoginForbidden in the DAV response.
Screenshots (if appropriate):
Types of changes
Checklist:
Backports