GNUsocial/gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity

[SECURITY] Wrap getUser in a try catch, in case the user doesn't exist

Browse Source
This commit is contained in:
Hugo Sales 2020-08-14 00:18:31 +00:00 committed by Hugo Sales
parent 213cfe5285
commit 95a1938d0f
Signed by: someonewithpc
GPG Key ID: 7D0C7EAFC9D835A0
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/Security/Authenticator.php
View File

@ -23,6 +23,7 @@ use App\Core\DB\DB;
use function App\Core\I18n\_m;
use App\Entity\User;
use App\Util\Nickname;
use Exception;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
@ -90,8 +91,10 @@ class Authenticator extends AbstractFormLoginAuthenticator
}
$nick = Nickname::normalize($credentials['nickname']);
$user = null;
try {
$user = DB::findOneBy('local_user', ['or' => ['nickname' => $nick, 'outgoing_email' => $nick]]);
if (!$user) {
} catch (Exception $e) {
throw new CustomUserMessageAuthenticationException(
_m('\'{nickname}\' doesn\'t match any registered nickname or email.', ['{nickname}' => $credentials['nickname']]));
}