From 5b95c1172a90e3a64f01c44aa98063d9d541eec8 Mon Sep 17 00:00:00 2001 From: Alexei Sorokin Date: Sun, 9 Aug 2020 20:35:31 +0300 Subject: [PATCH] [EmailAuthentication] Check if e-mail with filter_var --- .../EmailAuthenticationPlugin.php | 58 ++++++++++--------- 1 file changed, 32 insertions(+), 26 deletions(-) diff --git a/plugins/EmailAuthentication/EmailAuthenticationPlugin.php b/plugins/EmailAuthentication/EmailAuthenticationPlugin.php index 02c7ac0a51..1b02416266 100644 --- a/plugins/EmailAuthentication/EmailAuthenticationPlugin.php +++ b/plugins/EmailAuthentication/EmailAuthenticationPlugin.php @@ -1,47 +1,53 @@ . + /** - * StatusNet, the distributed open-source microblogging tool - * * Plugin that uses the email address as a username, and checks the password as normal * - * PHP version 5 - * - * LICENCE: This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - * * @category Plugin - * @package StatusNet + * @package GNUsocial * @author Craig Andrews * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org - * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 - * @link http://status.net/ + * @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later */ -if (!defined('GNUSOCIAL')) { exit(1); } +defined('GNUSOCIAL') || die(); class EmailAuthenticationPlugin extends Plugin { const PLUGIN_VERSION = '2.0.0'; // $nickname for this plugin is the user's email address - function onStartCheckPassword($nickname, $password, &$authenticatedUser) - { - if (!strpos($nickname, '@')) { + public function onStartCheckPassword( + string $nickname, + string $password, + string &$authenticatedUser + ): bool { + $email = filter_var( + $nickname, + FILTER_VALIDATE_EMAIL, + ['flags' => FILTER_FLAG_EMAIL_UNICODE] + ); + + if ($email === false) { return true; } - $user = User::getKV('email', $nickname); - if ($user instanceof User && $user->email === $nickname) { + $user = User::getKV('email', $email); + if ($user instanceof User && $user->email === $email) { if (common_check_user($user->nickname, $password)) { $authenticatedUser = $user; return false;