From 67bf2ca956a23cfc01a2bc14f22251325fa70850 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julius=20H=C3=A4rtl?= Date: Thu, 30 Nov 2023 11:46:54 +0100 Subject: [PATCH 1/2] perf: Use more performant way to obtain and check the email as a login name with token login MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Julius Härtl --- lib/private/User/Session.php | 13 +++++++++++-- tests/lib/User/SessionTest.php | 2 +- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index baf516beba45a..ab80767908ddf 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -455,8 +455,17 @@ public function logClientIn($user, $this->handleLoginFailed($throttler, $currentDelay, $remoteAddress, $user, $password); return false; } - $users = $this->manager->getByEmail($user); - if (!(\count($users) === 1 && $this->login($users[0]->getUID(), $password))) { + + if ($isTokenPassword) { + $dbToken = $this->tokenProvider->getToken($password); + $userFromToken = $this->manager->get($dbToken->getUID()); + $isValidEmailLogin = $userFromToken->getEMailAddress() === $user; + } else { + $users = $this->manager->getByEmail($user); + $isValidEmailLogin = (\count($users) === 1 && $this->login($users[0]->getUID(), $password)); + } + + if (!$isValidEmailLogin) { $this->handleLoginFailed($throttler, $currentDelay, $remoteAddress, $user, $password); return false; } diff --git a/tests/lib/User/SessionTest.php b/tests/lib/User/SessionTest.php index bc916b2e5747c..4923584fbfa12 100644 --- a/tests/lib/User/SessionTest.php +++ b/tests/lib/User/SessionTest.php @@ -1118,7 +1118,7 @@ public function testLogClientInThrottlerEmail() { $userSession->expects($this->once()) ->method('isTokenPassword') - ->willReturn(true); + ->willReturn(false); $userSession->expects($this->once()) ->method('login') ->with('john@foo.bar', 'I-AM-AN-PASSWORD') From 926b3ce1f7bb044b4bf027ee1b8ab9c93b81b834 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julius=20H=C3=A4rtl?= Date: Thu, 30 Nov 2023 13:41:20 +0100 Subject: [PATCH 2/2] fix: Only apply cast if needed when searching users for value MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Julius Härtl --- lib/private/AllConfig.php | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/lib/private/AllConfig.php b/lib/private/AllConfig.php index 2a0e8f53b1494..92178d646352b 100644 --- a/lib/private/AllConfig.php +++ b/lib/private/AllConfig.php @@ -32,6 +32,7 @@ */ namespace OC; +use Doctrine\DBAL\Platforms\OraclePlatform; use OCP\Cache\CappedMemoryCache; use OCP\DB\QueryBuilder\IQueryBuilder; use OCP\IConfig; @@ -490,12 +491,15 @@ public function getUsersForUserValue($appName, $key, $value) { $this->fixDIInit(); $qb = $this->connection->getQueryBuilder(); + $configValueColumn = ($this->connection->getDatabasePlatform() instanceof OraclePlatform) + ? $qb->expr()->castColumn('configvalue', IQueryBuilder::PARAM_STR) + : 'configvalue'; $result = $qb->select('userid') ->from('preferences') ->where($qb->expr()->eq('appid', $qb->createNamedParameter($appName, IQueryBuilder::PARAM_STR))) ->andWhere($qb->expr()->eq('configkey', $qb->createNamedParameter($key, IQueryBuilder::PARAM_STR))) ->andWhere($qb->expr()->eq( - $qb->expr()->castColumn('configvalue', IQueryBuilder::PARAM_STR), + $configValueColumn, $qb->createNamedParameter($value, IQueryBuilder::PARAM_STR)) )->orderBy('userid') ->executeQuery(); @@ -524,13 +528,18 @@ public function getUsersForUserValueCaseInsensitive($appName, $key, $value) { // Email address is always stored lowercase in the database return $this->getUsersForUserValue($appName, $key, strtolower($value)); } + $qb = $this->connection->getQueryBuilder(); + $configValueColumn = ($this->connection->getDatabasePlatform() instanceof OraclePlatform) + ? $qb->expr()->castColumn('configvalue', IQueryBuilder::PARAM_STR) + : 'configvalue'; + $result = $qb->select('userid') ->from('preferences') ->where($qb->expr()->eq('appid', $qb->createNamedParameter($appName, IQueryBuilder::PARAM_STR))) ->andWhere($qb->expr()->eq('configkey', $qb->createNamedParameter($key, IQueryBuilder::PARAM_STR))) ->andWhere($qb->expr()->eq( - $qb->func()->lower($qb->expr()->castColumn('configvalue', IQueryBuilder::PARAM_STR)), + $qb->func()->lower($configValueColumn), $qb->createNamedParameter(strtolower($value), IQueryBuilder::PARAM_STR)) )->orderBy('userid') ->executeQuery();