From 91a4444c2b231814190951d5a66815e8eec69e55 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Julius=20H=C3=A4rtl?= <jus@bitgrid.net>
Date: Tue, 25 Oct 2022 15:38:31 +0200
Subject: [PATCH] Skip general login with email for non-valid addresses and
 LDAP
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Julius Härtl <jus@bitgrid.net>
---
 .../Authentication/Login/EmailLoginCommand.php       | 12 ++++++++++++
 .../Authentication/Login/EmailLoginCommandTest.php   |  5 +++--
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/lib/private/Authentication/Login/EmailLoginCommand.php b/lib/private/Authentication/Login/EmailLoginCommand.php
index e2e55cc12c86c..7145ab9e14f34 100644
--- a/lib/private/Authentication/Login/EmailLoginCommand.php
+++ b/lib/private/Authentication/Login/EmailLoginCommand.php
@@ -38,9 +38,21 @@ public function __construct(IUserManager $userManager) {
 
 	public function process(LoginData $loginData): LoginResult {
 		if ($loginData->getUser() === false) {
+			if (!filter_var($loginData->getUsername(), FILTER_VALIDATE_EMAIL)) {
+				return $this->processNextOrFinishSuccessfully($loginData);
+			}
+
 			$users = $this->userManager->getByEmail($loginData->getUsername());
 			// we only allow login by email if unique
 			if (count($users) === 1) {
+
+				// FIXME: This is a workaround to still stick to configured LDAP login filters
+				// this can be removed once the email login is properly implemented in the local user backend
+				// as described in https://github.com/nextcloud/server/issues/5221
+				if ($users[0]->getBackendClassName() === 'LDAP') {
+					return $this->processNextOrFinishSuccessfully($loginData);
+				}
+
 				$username = $users[0]->getUID();
 				if ($username !== $loginData->getUsername()) {
 					$user = $this->userManager->checkPassword(
diff --git a/tests/lib/Authentication/Login/EmailLoginCommandTest.php b/tests/lib/Authentication/Login/EmailLoginCommandTest.php
index 9de372148b96b..0e70c40a1dfcf 100644
--- a/tests/lib/Authentication/Login/EmailLoginCommandTest.php
+++ b/tests/lib/Authentication/Login/EmailLoginCommandTest.php
@@ -55,7 +55,7 @@ public function testProcessAlreadyLoggedIn() {
 
 	public function testProcessNotAnEmailLogin() {
 		$data = $this->getFailedLoginData();
-		$this->userManager->expects($this->once())
+		$this->userManager->expects($this->never())
 			->method('getByEmail')
 			->with($this->username)
 			->willReturn([]);
@@ -67,9 +67,10 @@ public function testProcessNotAnEmailLogin() {
 
 	public function testProcessDuplicateEmailLogin() {
 		$data = $this->getFailedLoginData();
+		$data->setUsername('user@example.com');
 		$this->userManager->expects($this->once())
 			->method('getByEmail')
-			->with($this->username)
+			->with('user@example.com')
 			->willReturn([
 				$this->createMock(IUser::class),
 				$this->createMock(IUser::class),