D1618.1775228293.diff
No OneTemporary
Actions

Authored By

Unknown

Size

1 KB

Referenced Files

None

Subscribers

None

D1618.1775228293.diff
View Options

	diff --git a/src/app/Auth/LDAPUserProvider.php b/src/app/Auth/LDAPUserProvider.php
	--- a/src/app/Auth/LDAPUserProvider.php
	+++ b/src/app/Auth/LDAPUserProvider.php
	@@ -22,7 +22,7 @@
	*/
	public function retrieveByCredentials(array $credentials)
	{
	- $entries = User::where('email', '=', $credentials['email'])->get();
	+ $entries = User::where('email', \strtolower($credentials['email']))->get();

	$count = $entries->count();

	@@ -51,7 +51,7 @@
	{
	$authenticated = false;

	- if ($user->email == $credentials['email']) {
	+ if ($user->email === \strtolower($credentials['email'])) {
	if (!empty($user->password)) {
	if (Hash::check($credentials['password'], $user->password)) {
	$authenticated = true;
	diff --git a/src/tests/Feature/Controller/AuthTest.php b/src/tests/Feature/Controller/AuthTest.php
	--- a/src/tests/Feature/Controller/AuthTest.php
	+++ b/src/tests/Feature/Controller/AuthTest.php
	@@ -110,6 +110,16 @@
	$this->assertEquals(\config('jwt.ttl') * 60, $json['expires_in']);
	$this->assertEquals('bearer', $json['token_type']);

	+ // Valid user+password (upper-case)
	+ $post = ['email' => 'John@Kolab.org', 'password' => 'simple123'];
	+ $response = $this->post("api/auth/login", $post);
	+ $json = $response->json();
	+
	+ $response->assertStatus(200);
	+ $this->assertTrue(!empty($json['access_token']));
	+ $this->assertEquals(\config('jwt.ttl') * 60, $json['expires_in']);
	+ $this->assertEquals('bearer', $json['token_type']);
	+
	// TODO: We have browser tests for 2FA but we should probably also test it here

	return $json['access_token'];