Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Move login via email logic to local backend #47686

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix: Move login via email logic to local backend #47686

wants to merge 1 commit into from
+138 −332

Conversation

susnux
Copy link
Contributor

@susnux susnux commented Sep 2, 2024

Summary

Backends can decide which names they accept for login, e.g. with user_ldap you can configure arbitrary login fields. This was a hacky approach to allow login via email, so instead this is now only handled by the local user backend.

This also fixes some other related problems:
Other logic relys on backend::get() which was not handling email, so e.g. password policy could not block users logged in via email if they use out-dated passwords.
Similar for other integrations, as the user backend was not consistent with what is a login name and what not.

Checklist

@susnux susnux added feature: users and groups technical debt php Pull requests that update Php code 2. developing Work in progress labels Sep 2, 2024
@susnux susnux added this to the Nextcloud 31 milestone Sep 2, 2024
github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 2, 2024
View reviewed changes
lib/private/User/Database.php Outdated
private function loadUser($uid) {
$this->fixDI();
private function loadUser(string $loginName, bool $tryEmail = true): bool {
$uid = (string)$loginName;

Check failure

Code scanning / Psalm

RedundantCast

Redundant cast to string
lib/private/User/Database.php Outdated
if ($result) {
// Also add cache result for the email
$this->cache[$uid] = [
...$this->cache[$emailUId],

Check failure

Code scanning / Psalm

InvalidOperand

Cannot use spread operator on non-iterable type mixed
@susnux susnux force-pushed the fix/move-email-logic-local-user-backend branch 4 times, most recently from e7fc0bd to 5536284 Compare January 18, 2025 16:14
@susnux susnux marked this pull request as ready for review January 18, 2025 16:47
@susnux susnux added 3. to review Waiting for reviews and removed 2. developing Work in progress labels Jan 18, 2025
@nickvergessen
Copy link
Member

This could log out people from their instance unexpectedly when they log in with email instead of user id with LDAP. Similarly it breaks the https://github.com/nextcloud/user_external/ app users that logged in with email.

@susnux
Copy link
Contributor Author

susnux commented Jan 20, 2025

when they log in with email instead of user id with LDAP.

For LDAP we use the login attribute filter, so this should not be affected see the workaround in the removed login flow file.

it breaks the https://github.com/nextcloud/user_external/ app users that logged in with email.

This could be true but in that case we should fix that app, no?
Because it would currently only allow email login after the first UID login.
Similar as it was discussed here, though that discussion is quite old ("planned for NC14") I would still agree with the reasoning here.

But maybe we need to pause this for 32 instead?

@nickvergessen
Copy link
Member

But maybe we need to pause this for 32 instead?

Sound like a good idea to merge next week after stable31 is branched off, and then leave the user_external app an issue what they need to do

@susnux susnux modified the milestones: Nextcloud 31, Nextcloud 32 Jan 20, 2025
come-nc
come-nc reviewed Jan 20, 2025
View reviewed changes
lib/private/User/Database.php Show resolved Hide resolved
lib/private/User/Database.php Outdated Show resolved Hide resolved
lib/private/User/Database.php Outdated Show resolved Hide resolved
lib/private/User/Database.php Outdated Show resolved Hide resolved
lib/private/User/Database.php Outdated Show resolved Hide resolved
susnux
susnux commented Jan 25, 2025
View reviewed changes
lib/private/User/Database.php Outdated Show resolved Hide resolved
@susnux susnux requested a review from come-nc January 25, 2025 10:14
@susnux susnux force-pushed the fix/move-email-logic-local-user-backend branch from ce85a63 to 9099865 Compare January 25, 2025 10:46
@susnux @come-nc
fix: Move login via email logic to local backend
7c2354d 
Backends can decide which names they accept for login,
e.g. with user_ldap you can configure arbitrary login fields.
This was a hacky approach to allow login via email,
so instead this is now only handled by the local user backend.

This also fixes some other related problems:
Other logic relys on `backend::get()` which was not handling email,
so e.g. password policy could not block users logged in via email
if they use out-dated passwords.
Similar for other integrations, as the user backend was not consistent with
what is a login name and what not.

Co-authored-by: Ferdinand Thiessen <[email protected]>
Co-authored-by: Côme Chilliet <[email protected]>
Signed-off-by: Ferdinand Thiessen <[email protected]>
@susnux susnux force-pushed the fix/move-email-logic-local-user-backend branch from 9099865 to 7c2354d Compare January 27, 2025 20:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nickvergessen nickvergessen Awaiting requested review from nickvergessen

@ChristophWurst ChristophWurst Awaiting requested review from ChristophWurst

@blizzz blizzz Awaiting requested review from blizzz

@come-nc come-nc Awaiting requested review from come-nc

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
3. to review Waiting for reviews feature: users and groups php Pull requests that update Php code technical debt
Projects
None yet
Milestone
Nextcloud 32
3 participants
@susnux @nickvergessen @come-nc