Commit 14931fa2 authored by Vincent Petry's avatar Vincent Petry Committed by Thomas Müller
Browse files

Fix logClientIn for non-existing users (#26292)

The check for two factor enforcement would return true for non-existing
users. This fix makes it return false in order to be able to perform
the regular login which will then fail and return false.

This prevents throwing PasswordLoginForbidden for non-existing users.
parent c06f9dc4
......@@ -348,6 +348,9 @@ class Session implements IUserSession, Emitter {
$user = $this->manager->get($username);
if (is_null($user)) {
$users = $this->manager->getByEmail($username);
if (empty($users)) {
return false;
if (count($users) !== 1) {
return true;
......@@ -384,6 +384,32 @@ class SessionTest extends \Test\TestCase {
$userSession->logClientIn('john', 'doe', $request);
public function testLogClientInUnexist() {
$manager = $this->getMockBuilder('\OC\User\Manager')
$session = $this->createMock('\OCP\ISession');
$request = $this->createMock('\OCP\IRequest');
$user = $this->createMock('\OCP\IUser');
/** @var \OC\User\Session $userSession */
$userSession = $this->getMockBuilder('\OC\User\Session')
->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config])
->setMethods(['login', 'supportsCookies', 'createSessionToken', 'getUser'])
->will($this->throwException(new \OC\Authentication\Exceptions\InvalidTokenException()));
->with('token_auth_enforced', false)
$this->assertFalse($userSession->logClientIn('unexist', 'doe', $request));
public function testLogClientInWithTokenPassword() {
$manager = $this->getMockBuilder('\OC\User\Manager')
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment