From 1b8ebf2cf1ecdcd977b62cae158b7d9804b2e43e Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Thu, 8 Jul 2021 16:52:59 +0200 Subject: [PATCH] Use cached user backend info for password login Signed-off-by: Joas Schilling --- lib/private/User/Manager.php | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/lib/private/User/Manager.php b/lib/private/User/Manager.php index 3e30861f2a4a6..dbbfc2b53a282 100644 --- a/lib/private/User/Manager.php +++ b/lib/private/User/Manager.php @@ -246,7 +246,13 @@ public function checkPasswordNoLogging($loginName, $password) { $loginName = str_replace("\0", '', $loginName); $password = str_replace("\0", '', $password); - foreach ($this->backends as $backend) { + $cachedBackend = $this->cache->get($loginName); + if ($cachedBackend !== null && isset($this->backends[$cachedBackend])) { + $backends = [$this->backends[$cachedBackend]]; + } else { + $backends = $this->backends; + } + foreach ($backends as $backend) { if ($backend->implementsActions(Backend::CHECK_PASSWORD)) { $uid = $backend->checkPassword($loginName, $password); if ($uid !== false) { @@ -257,10 +263,10 @@ public function checkPasswordNoLogging($loginName, $password) { // since http basic auth doesn't provide a standard way of handling non ascii password we allow password to be urlencoded // we only do this decoding after using the plain password fails to maintain compatibility with any password that happens - // to contains urlencoded patterns by "accident". + // to contain urlencoded patterns by "accident". $password = urldecode($password); - foreach ($this->backends as $backend) { + foreach ($backends as $backend) { if ($backend->implementsActions(Backend::CHECK_PASSWORD)) { $uid = $backend->checkPassword($loginName, $password); if ($uid !== false) {