[SECURITY] Wrap getUser in a try catch, in case the user doesn't exist

This commit is contained in:
Hugo Sales 2020-08-14 00:18:31 +00:00 committed by Hugo Sales
parent fd7e06bf18
commit 4945a1342f

View File

@ -23,6 +23,7 @@ use App\Core\DB\DB;
use function App\Core\I18n\_m; use function App\Core\I18n\_m;
use App\Entity\User; use App\Entity\User;
use App\Util\Nickname; use App\Util\Nickname;
use Exception;
use Symfony\Component\HttpFoundation\RedirectResponse; use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Routing\Generator\UrlGeneratorInterface; use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
@ -90,8 +91,10 @@ class Authenticator extends AbstractFormLoginAuthenticator
} }
$nick = Nickname::normalize($credentials['nickname']); $nick = Nickname::normalize($credentials['nickname']);
$user = null;
try {
$user = DB::findOneBy('local_user', ['or' => ['nickname' => $nick, 'outgoing_email' => $nick]]); $user = DB::findOneBy('local_user', ['or' => ['nickname' => $nick, 'outgoing_email' => $nick]]);
if (!$user) { } catch (Exception $e) {
throw new CustomUserMessageAuthenticationException( throw new CustomUserMessageAuthenticationException(
_m('\'{nickname}\' doesn\'t match any registered nickname or email.', ['{nickname}' => $credentials['nickname']])); _m('\'{nickname}\' doesn\'t match any registered nickname or email.', ['{nickname}' => $credentials['nickname']]));
} }