Return correct loginname in credentials,

Lionel Elie Mamane · Lionel Elie Mamane · commit ee7f61144308 · 2020-06-20T11:36:46.000+02:00
even when token is invalid or has no password.

Returning the uid as loginname is wrong, and leads to problems when
these differ. E.g. the getapppassword API was creating app token with
the uid as loginname. In a scenario with external authentication (such
as LDAP), these tokens were then invalidated next time their underlying
password was checked, and systematically ceased to function.

Signed-off-by: Lionel Elie Mamane &lt;lionel@mamane.lu&gt;
diff --git a/lib/private/Authentication/LoginCredentials/Store.php b/lib/private/Authentication/LoginCredentials/Store.php
@@ -112,7 +112,7 @@ public function getLoginCredentials(): ICredentials {
 
 		if ($trySession && $this->session->exists('login_credentials')) {
 			$creds = json_decode($this->session->get('login_credentials'));
-			return new Credentials($creds->uid, $creds->uid, $creds->password);
+			return new Credentials($creds->uid, $creds->login_name, $creds->password);
 		}
 
 		// If we reach this line, an exception was thrown.
diff --git a/lib/private/Server.php b/lib/private/Server.php
@@ -557,9 +557,9 @@ public function __construct($webRoot, \OC\Config $config) {
 				$dispatcher = $this->query(IEventDispatcher::class);
 				$dispatcher->dispatchTyped(new BeforeUserLoggedInEvent($uid, $password));
 			});
-			$userSession->listen('\OC\User', 'postLogin', function ($user, $password, $isTokenLogin) {
+			$userSession->listen('\OC\User', 'postLogin', function ($user, $login_name, $password, $isTokenLogin) {
 				/** @var $user \OC\User\User */
-				\OC_Hook::emit('OC_User', 'post_login', ['run' => true, 'uid' => $user->getUID(), 'password' => $password, 'isTokenLogin' => $isTokenLogin]);
+				\OC_Hook::emit('OC_User', 'post_login', ['run' => true, 'uid' => $user->getUID(), 'login_name' => $login_name, 'password' => $password, 'isTokenLogin' => $isTokenLogin]);
 
 				/** @var IEventDispatcher $dispatcher */
 				$dispatcher = $this->query(IEventDispatcher::class);
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
@@ -80,7 +80,7 @@
  * - preUnassignedUserId(string $uid)
  * - postUnassignedUserId(string $uid)
  * - preLogin(string $user, string $password)
- * - postLogin(\OC\User\User $user, string $password)
+ * - postLogin(\OC\User\User $user, string $loginName, string $password, boolean $isTokenLogin)
  * - preRememberedLogin(string $uid)
  * - postRememberedLogin(\OC\User\User $user)
  * - logout()
@@ -400,11 +400,13 @@ public function completeLogin(IUser $user, array $loginDetails, $regenerateSessi
 
 		$this->dispatcher->dispatchTyped(new PostLoginEvent(
 			$user,
+			$loginDetails['loginName'],
 			$loginDetails['password'],
 			$isToken
 		));
 		$this->manager->emit('\OC\User', 'postLogin', [
 			$user,
+			$loginDetails['loginName'],
 			$loginDetails['password'],
 			$isToken,
 		]);
diff --git a/lib/public/User/Events/PostLoginEvent.php b/lib/public/User/Events/PostLoginEvent.php
@@ -38,6 +38,12 @@ class PostLoginEvent extends Event {
 	/** @var IUser */
 	private $user;
 
+	/**
+	 * @since 20.0.0
+	 * @var string
+	 */
+	private $loginName;
+
 	/** @var string */
 	private $password;
 
@@ -47,9 +53,10 @@ class PostLoginEvent extends Event {
 	/**
 	 * @since 18.0.0
 	 */
-	public function __construct(IUser $user, string $password, bool $isTokenLogin) {
+	public function __construct(IUser $user, string $loginName, string $password, bool $isTokenLogin) {
 		parent::__construct();
 		$this->user = $user;
+		$this->loginName = $loginName;
 		$this->password = $password;
 		$this->isTokenLogin = $isTokenLogin;
 	}
@@ -61,6 +68,13 @@ public function getUser(): IUser {
 		return $this->user;
 	}
 
+	/**
+	 * @since 20.0.0
+	 */
+	public function getLoginName(): string {
+		return $this->login_name;
+	}
+
 	/**
 	 * @since 18.0.0
 	 */

Original file line number	Diff line number	Diff line change
`@@ -112,7 +112,7 @@ public function getLoginCredentials(): ICredentials {`
`112`	`112`
`113`	`113`	`if ($trySession && $this->session->exists('login_credentials')) {`
`114`	`114`	`$creds = json_decode($this->session->get('login_credentials'));`
`115`		`- return new Credentials($creds->uid, $creds->uid, $creds->password);`
	`115`	`+ return new Credentials($creds->uid, $creds->login_name, $creds->password);`
`116`	`116`	`}`
`117`	`117`
`118`	`118`	`// If we reach this line, an exception was thrown.`