From 042e4b070c5d6c18941e7cb98fb2a59b36e31fe3 Mon Sep 17 00:00:00 2001
From: Alexei Sorokin <sor.alexei@meowr.ru>
Date: Sun, 9 Aug 2020 20:35:31 +0300
Subject: [PATCH] [EmailAuthentication] Check if e-mail with filter_var

---
 .../EmailAuthenticationPlugin.php             | 58 ++++++++++---------
 1 file changed, 32 insertions(+), 26 deletions(-)

diff --git a/plugins/EmailAuthentication/EmailAuthenticationPlugin.php b/plugins/EmailAuthentication/EmailAuthenticationPlugin.php
index 02c7ac0a51..1b02416266 100644
--- a/plugins/EmailAuthentication/EmailAuthenticationPlugin.php
+++ b/plugins/EmailAuthentication/EmailAuthenticationPlugin.php
@@ -1,47 +1,53 @@
 <?php
+// This file is part of GNU social - https://www.gnu.org/software/social
+//
+// GNU social is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// GNU social is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with GNU social.  If not, see <http://www.gnu.org/licenses/>.
+
 /**
- * StatusNet, the distributed open-source microblogging tool
- *
  * Plugin that uses the email address as a username, and checks the password as normal
  *
- * PHP version 5
- *
- * LICENCE: This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- *
  * @category  Plugin
- * @package   StatusNet
+ * @package   GNUsocial
  * @author    Craig Andrews <candrews@integralblue.com>
  * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org
- * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
- * @link      http://status.net/
+ * @license   https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later
  */
 
-if (!defined('GNUSOCIAL')) { exit(1); }
+defined('GNUSOCIAL') || die();
 
 class EmailAuthenticationPlugin extends Plugin
 {
     const PLUGIN_VERSION = '2.0.0';
 
     // $nickname for this plugin is the user's email address
-    function onStartCheckPassword($nickname, $password, &$authenticatedUser)
-    {
-        if (!strpos($nickname, '@')) {
+    public function onStartCheckPassword(
+        string $nickname,
+        string $password,
+        string &$authenticatedUser
+    ): bool {
+        $email = filter_var(
+            $nickname,
+            FILTER_VALIDATE_EMAIL,
+            ['flags' => FILTER_FLAG_EMAIL_UNICODE]
+        );
+
+        if ($email === false) {
             return true;
         }
 
-        $user = User::getKV('email', $nickname);
-        if ($user instanceof User && $user->email === $nickname) {
+        $user = User::getKV('email', $email);
+        if ($user instanceof User && $user->email === $email) {
             if (common_check_user($user->nickname, $password)) {
                 $authenticatedUser = $user;
                 return false;