From b63fc4eb0f1be2864d2ad9615e0f1a6c0c3b0ee7 Mon Sep 17 00:00:00 2001 From: Mauro Mura Date: Fri, 5 Dec 2025 13:40:55 +0100 Subject: [PATCH 1/2] Simplify email login validation logic --- lib/private/User/Session.php | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index e7bfcf56407be..ea1779557319d 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -410,15 +410,8 @@ public function logClientIn($user, return false; } - if ($isTokenPassword) { - $dbToken = $this->tokenProvider->getToken($password); - $userFromToken = $this->manager->get($dbToken->getUID()); - $isValidEmailLogin = $userFromToken->getEMailAddress() === $user - && $this->validateTokenLoginName($userFromToken->getEMailAddress(), $dbToken); - } else { - $users = $this->manager->getByEmail($user); - $isValidEmailLogin = (\count($users) === 1 && $this->login($users[0]->getUID(), $password)); - } + $users = $this->manager->getByEmail($user); + $isValidEmailLogin = (\count($users) === 1 && $this->login($users[0]->getUID(), $password)); if (!$isValidEmailLogin) { $this->handleLoginFailed($throttler, $currentDelay, $remoteAddress, $user, $password); From b5751ea575791d99ff2b65e333ed56d0225bb626 Mon Sep 17 00:00:00 2001 From: Mauro Mura Date: Thu, 11 Dec 2025 08:21:01 +0100 Subject: [PATCH 2/2] Add email login validation in Session.php --- lib/private/User/Session.php | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index ea1779557319d..7e0c645753eda 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -411,6 +411,7 @@ public function logClientIn($user, } $users = $this->manager->getByEmail($user); + $isValidEmailLogin = (\count($users) === 1 && $this->login($users[0]->getUID(), $password)); if (!$isValidEmailLogin) {