Browse Source
don't try login with the same name that just failed
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
pull/8499/head
Arthur Schiwon
8 years ago
No known key found for this signature in database
GPG Key ID: 7424F1874854DF23
1 changed files with
5 additions and
3 deletions
-
core/Controller/LoginController.php
|
|
|
@ -264,13 +264,15 @@ class LoginController extends Controller { |
|
|
|
$users = $this->userManager->getByEmail($user); |
|
|
|
// we only allow login by email if unique
|
|
|
|
if (count($users) === 1) { |
|
|
|
$previousUser = $user; |
|
|
|
$user = $users[0]->getUID(); |
|
|
|
$loginResult = $this->userManager->checkPassword($user, $password); |
|
|
|
} else { |
|
|
|
$this->logger->warning('Login failed: \''. $user .'\' (Remote IP: \''. $this->request->getRemoteAddress(). '\')', ['app' => 'core']); |
|
|
|
if($user !== $previousUser) { |
|
|
|
$loginResult = $this->userManager->checkPassword($user, $password); |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
if ($loginResult === false) { |
|
|
|
$this->logger->warning('Login failed: \''. $user .'\' (Remote IP: \''. $this->request->getRemoteAddress(). '\')', ['app' => 'core']); |
|
|
|
// Read current user and append if possible - we need to return the unmodified user otherwise we will leak the login name
|
|
|
|
$args = !is_null($user) ? ['user' => $originalUser] : []; |
|
|
|
if (!is_null($redirect_url)) { |
|
|
|
|
