Bug fix: add missing changes.
This commit is contained in:
parent
9ab57de356
commit
c89241dbd8
1 changed files with 12 additions and 4 deletions
|
@ -523,11 +523,19 @@ class User
|
||||||
try {
|
try {
|
||||||
$user = self::getAuthenticationInfo($user_info);
|
$user = self::getAuthenticationInfo($user_info);
|
||||||
} catch (Exception $e) {
|
} catch (Exception $e) {
|
||||||
if (is_string($user_info)) {
|
// Addons can create users, and creating a numeric username would create
|
||||||
return self::getIdFromAuthenticateHooks($user_info, $password);
|
// abiguity with user IDs, possibly opening up an attack vector.
|
||||||
} else {
|
// So let's be very careful about that.
|
||||||
|
if (is_numeric($user_info) || is_numeric($user_info['nickname'] ?? '')) {
|
||||||
throw $e;
|
throw $e;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$username = (is_string($user_info) ? $user_info : $user_info['nickname'] ?? '');
|
||||||
|
|
||||||
|
if (!$username) {
|
||||||
|
throw $e;
|
||||||
|
}
|
||||||
|
return self::getIdFromAuthenticateHooks($user_info, $password);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($third_party && DI::pConfig()->get($user['uid'], '2fa', 'verified')) {
|
if ($third_party && DI::pConfig()->get($user['uid'], '2fa', 'verified')) {
|
||||||
|
@ -590,7 +598,7 @@ class User
|
||||||
Hook::callAll('authenticate', $addon_auth);
|
Hook::callAll('authenticate', $addon_auth);
|
||||||
|
|
||||||
if ($addon_auth['authenticated'] && $addon_auth['user_record']) {
|
if ($addon_auth['authenticated'] && $addon_auth['user_record']) {
|
||||||
return $user['uid'];
|
return $addon_auth['user_record']['uid'];
|
||||||
}
|
}
|
||||||
|
|
||||||
throw new HTTPException\ForbiddenException(DI::l10n()->t('Login failed'));
|
throw new HTTPException\ForbiddenException(DI::l10n()->t('Login failed'));
|
||||||
|
|
Loading…
Reference in a new issue