Skip to content
This repository has been archived by the owner on Nov 14, 2018. It is now read-only.

user_external: disabling logins with '@' does not work any more #2223

Open
crysman opened this issue Nov 15, 2017 · 0 comments
Open

user_external: disabling logins with '@' does not work any more #2223

crysman opened this issue Nov 15, 2017 · 0 comments

Comments

@crysman
Copy link

crysman commented Nov 15, 2017

Affected apps

user_external

Expected behaviour

login form should prevent user from logging-in when input contains '@'
(it used to work correctly before)

Actual behaviour

user is logged-in and actually a new user is created (different from the user without @Domain) - see this bug thread: #2219

Steps to reproduce

I've been having this modification of the imap.php file since 2016:

	public function checkPassword($uid, $password) {
		if (!function_exists('imap_open')) {
			OCP\Util::writeLog('user_external', 'ERROR: PHP imap extension is not installed', OCP\Util::ERROR);
			return false;
		}
		$mbox = @imap_open($this->mailbox, $uid, $password, OP_HALFOPEN, 1);
		imap_errors();
		imap_alerts();
		if($mbox !== FALSE) {
			imap_close($mbox);
			$uid = mb_strtolower($uid);
			$this->storeUser($uid);
                /* START added/edited by crysman 2016-05-09 ...*/
                        //protection against whole e-mail input:
                        if( stripos($uid, "@") == false ) {
                                $this->storeUser($uid);
                        } else {
                                return false;
                        }
                        $config = \OC::$server->getConfig();

                        //Set default quota:
                        if($config->getUserValue($uid, 'files', 'quota') === null) {
                          $config->setUserValue($uid, 'files', 'quota', '333 MB');
                        }

                        //Set the IMAP user's email to their login:
                        $config->setUserValue( $uid, 'settings', 'email', $uid.'@mydomain.cz');

                        //Add a new user automatically to "SomeFantasticGroup" group:
                        $user = \OC::$server->getUserSession()->getUser();
                        if($user !== null) {
                          $group = \OC::$server->getGroupManager()->get('SomeFantasticGroup');
                          if(!$group->inGroup($user)) {
                            $group->addUser($user);
                          }
                        }
                /* END crysman*/
			return $uid;
		}else{
			return false;
		}
	}

recently it has stopped working (I do not know since when exactly) - why? As you can see, the piece of code after //protection against whole e-mail input: should prevent the user from logging.
How to modify it to make it work again? Thank you.

Server configuration

Operating system:
Debian 8
Web server:
apache2
Database:
mysql
PHP version:
5.6.30
ownCloud version:
9.1.6
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@crysman