Bug fix: allow authentication addons to create users again.
This commit is contained in:
parent
9ddaabc22d
commit
9ab57de356
1 changed files with 45 additions and 16 deletions
|
@ -515,7 +515,20 @@ class User
|
|||
*/
|
||||
public static function getIdFromPasswordAuthentication($user_info, $password, $third_party = false)
|
||||
{
|
||||
// Addons registered with the "authenticate" hook may create the user on the
|
||||
// fly. `getAuthenticationInfo` will fail if the user doesn't exist yet. If
|
||||
// the user doesn't exist, we should give the addons a chance to create the
|
||||
// user in our database, if applicable, before re-throwing the exception if
|
||||
// they fail.
|
||||
try {
|
||||
$user = self::getAuthenticationInfo($user_info);
|
||||
} catch (Exception $e) {
|
||||
if (is_string($user_info)) {
|
||||
return self::getIdFromAuthenticateHooks($user_info, $password);
|
||||
} else {
|
||||
throw $e;
|
||||
}
|
||||
}
|
||||
|
||||
if ($third_party && DI::pConfig()->get($user['uid'], '2fa', 'verified')) {
|
||||
// Third-party apps can't verify two-factor authentication, we use app-specific passwords instead
|
||||
|
@ -545,8 +558,25 @@ class User
|
|||
|
||||
return $user['uid'];
|
||||
} else {
|
||||
return self::getIdFromAuthenticateHooks($user['nickname'], $password); // throws
|
||||
}
|
||||
|
||||
throw new HTTPException\ForbiddenException(DI::l10n()->t('Login failed'));
|
||||
}
|
||||
|
||||
/**
|
||||
* Try to obtain a user ID via "authenticate" hook addons
|
||||
*
|
||||
* Returns the user id associated with a successful password authentication
|
||||
*
|
||||
* @param string $username
|
||||
* @param string $password
|
||||
* @return int User Id if authentication is successful
|
||||
* @throws HTTPException\ForbiddenException
|
||||
*/
|
||||
public static function getIdFromAuthenticateHooks($username, $password) {
|
||||
$addon_auth = [
|
||||
'username' => $user['nickname'],
|
||||
'username' => $username,
|
||||
'password' => $password,
|
||||
'authenticated' => 0,
|
||||
'user_record' => null
|
||||
|
@ -562,7 +592,6 @@ class User
|
|||
if ($addon_auth['authenticated'] && $addon_auth['user_record']) {
|
||||
return $user['uid'];
|
||||
}
|
||||
}
|
||||
|
||||
throw new HTTPException\ForbiddenException(DI::l10n()->t('Login failed'));
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue