Bug fix: allow authentication addons to create users again.

This commit is contained in:
very-ape 2021-05-20 00:16:08 -07:00
parent 9ddaabc22d
commit 9ab57de356

View file

@ -515,7 +515,20 @@ class User
*/ */
public static function getIdFromPasswordAuthentication($user_info, $password, $third_party = false) public static function getIdFromPasswordAuthentication($user_info, $password, $third_party = false)
{ {
// Addons registered with the "authenticate" hook may create the user on the
// fly. `getAuthenticationInfo` will fail if the user doesn't exist yet. If
// the user doesn't exist, we should give the addons a chance to create the
// user in our database, if applicable, before re-throwing the exception if
// they fail.
try {
$user = self::getAuthenticationInfo($user_info); $user = self::getAuthenticationInfo($user_info);
} catch (Exception $e) {
if (is_string($user_info)) {
return self::getIdFromAuthenticateHooks($user_info, $password);
} else {
throw $e;
}
}
if ($third_party && DI::pConfig()->get($user['uid'], '2fa', 'verified')) { if ($third_party && DI::pConfig()->get($user['uid'], '2fa', 'verified')) {
// Third-party apps can't verify two-factor authentication, we use app-specific passwords instead // Third-party apps can't verify two-factor authentication, we use app-specific passwords instead
@ -545,8 +558,25 @@ class User
return $user['uid']; return $user['uid'];
} else { } else {
return self::getIdFromAuthenticateHooks($user['nickname'], $password); // throws
}
throw new HTTPException\ForbiddenException(DI::l10n()->t('Login failed'));
}
/**
* Try to obtain a user ID via "authenticate" hook addons
*
* Returns the user id associated with a successful password authentication
*
* @param string $username
* @param string $password
* @return int User Id if authentication is successful
* @throws HTTPException\ForbiddenException
*/
public static function getIdFromAuthenticateHooks($username, $password) {
$addon_auth = [ $addon_auth = [
'username' => $user['nickname'], 'username' => $username,
'password' => $password, 'password' => $password,
'authenticated' => 0, 'authenticated' => 0,
'user_record' => null 'user_record' => null
@ -562,7 +592,6 @@ class User
if ($addon_auth['authenticated'] && $addon_auth['user_record']) { if ($addon_auth['authenticated'] && $addon_auth['user_record']) {
return $user['uid']; return $user['uid'];
} }
}
throw new HTTPException\ForbiddenException(DI::l10n()->t('Login failed')); throw new HTTPException\ForbiddenException(DI::l10n()->t('Login failed'));
} }