Merge pull request #34947 from nextcloud/backport/34804/stable24

[stable24] Skip general login with email for non-valid addresses and LDAP

Author: PVince81

lib/private/Authentication/Login/EmailLoginCommand.php

@@ -38,9 +38,21 @@ public function __construct(IUserManager $userManager) {
 
 	public function process(LoginData $loginData): LoginResult {
 		if ($loginData->getUser() === false) {
+			if (!filter_var($loginData->getUsername(), FILTER_VALIDATE_EMAIL)) {
+				return $this->processNextOrFinishSuccessfully($loginData);
+			}
+
 			$users = $this->userManager->getByEmail($loginData->getUsername());
 			// we only allow login by email if unique
 			if (count($users) === 1) {
+
+				// FIXME: This is a workaround to still stick to configured LDAP login filters
+				// this can be removed once the email login is properly implemented in the local user backend
+				// as described in https://github.com/nextcloud/server/issues/5221
+				if ($users[0]->getBackendClassName() === 'LDAP') {
+					return $this->processNextOrFinishSuccessfully($loginData);
+				}
+
 				$username = $users[0]->getUID();
 				if ($username !== $loginData->getUsername()) {
 					$user = $this->userManager->checkPassword(

tests/lib/Authentication/Login/EmailLoginCommandTest.php

@@ -55,7 +55,7 @@ public function testProcessAlreadyLoggedIn() {
 
 	public function testProcessNotAnEmailLogin() {
 		$data = $this->getFailedLoginData();
-		$this->userManager->expects($this->once())
+		$this->userManager->expects($this->never())
 			->method('getByEmail')
 			->with($this->username)
 			->willReturn([]);
@@ -67,9 +67,10 @@ public function testProcessNotAnEmailLogin() {
 
 	public function testProcessDuplicateEmailLogin() {
 		$data = $this->getFailedLoginData();
+		$data->setUsername('user@example.com');
 		$this->userManager->expects($this->once())
 			->method('getByEmail')
-			->with($this->username)
+			->with('user@example.com')
 			->willReturn([
 				$this->createMock(IUser::class),
 				$this->createMock(IUser::class),