From f7f053b101f32efda5059872a4b155aea4d3ea21 Mon Sep 17 00:00:00 2001
From: Lionel Elie Mamane <lionel@mamane.lu>
Date: Sun, 7 Jun 2020 14:15:10 +0200
Subject: [PATCH 1/2] Return correct loginname in credentials,

even when token is invalid or has no password.

Returning the uid as loginname is wrong, and leads to problems when
these differ. E.g. the getapppassword API was creating app token with
the uid as loginname. In a scenario with external authentication (such
as LDAP), these tokens were then invalidated next time their underlying
password was checked, and systematically ceased to function.

Signed-off-by: Lionel Elie Mamane <lionel@mamane.lu>
---
 lib/private/Authentication/LoginCredentials/Store.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/private/Authentication/LoginCredentials/Store.php b/lib/private/Authentication/LoginCredentials/Store.php
index 0ed19a2dd07e3..6fa406042c281 100644
--- a/lib/private/Authentication/LoginCredentials/Store.php
+++ b/lib/private/Authentication/LoginCredentials/Store.php
@@ -109,7 +109,7 @@ public function getLoginCredentials() {
 
 		if ($trySession && $this->session->exists('login_credentials')) {
 			$creds = json_decode($this->session->get('login_credentials'));
-			return new Credentials($creds->uid, $creds->uid, $creds->password);
+			return new Credentials($creds->uid, $this->session->get('loginname'), $creds->password);
 		}
 
 		// If we reach this line, an exception was thrown.

From fa2b111696a85beae9a1ce4e326b9140c8799231 Mon Sep 17 00:00:00 2001
From: Lionel Elie Mamane <lionel@mamane.lu>
Date: Sun, 7 Jun 2020 15:41:09 +0200
Subject: [PATCH 2/2] adapt
 testGetLoginCredentialsInvalidTokenLoginCredentials() unit test to uid !=
 loginname

Signed-off-by: Lionel Elie Mamane <lionel@mamane.lu>
---
 .../lib/Authentication/LoginCredentials/StoreTest.php | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/tests/lib/Authentication/LoginCredentials/StoreTest.php b/tests/lib/Authentication/LoginCredentials/StoreTest.php
index 4588eae35f034..7f5180e5e4563 100644
--- a/tests/lib/Authentication/LoginCredentials/StoreTest.php
+++ b/tests/lib/Authentication/LoginCredentials/StoreTest.php
@@ -142,7 +142,8 @@ public function testGetLoginCredentialsInvalidToken() {
 	}
 
 	public function testGetLoginCredentialsInvalidTokenLoginCredentials() {
-		$uid = 'user987';
+		$uid = 'id987';
+		$user = 'user987';
 		$password = '7389374';
 
 		$this->session->expects($this->once())
@@ -156,11 +157,11 @@ public function testGetLoginCredentialsInvalidTokenLoginCredentials() {
 			->method('exists')
 			->with($this->equalTo('login_credentials'))
 			->willReturn(true);
-		$this->session->expects($this->once())
+		$this->session->expects($this->exactly(2))
 			->method('get')
-			->with($this->equalTo('login_credentials'))
-			->willReturn('{"run":true,"uid":"user987","password":"7389374"}');
-		$expected = new Credentials('user987', 'user987', '7389374');
+			->withConsecutive(['login_credentials'], ['loginname'])
+			->willReturnOnConsecutiveCalls('{"run":true,"uid":"id987","password":"7389374"}', $user);
+		$expected = new Credentials($uid, $user, $password);
 
 		$actual = $this->store->getLoginCredentials();