forked from GNUsocial/gnu-social
[SECURITY] Wrap getUser in a try catch, in case the user doesn't exist
This commit is contained in:
parent
fd7e06bf18
commit
4945a1342f
@ -23,6 +23,7 @@ use App\Core\DB\DB;
|
|||||||
use function App\Core\I18n\_m;
|
use function App\Core\I18n\_m;
|
||||||
use App\Entity\User;
|
use App\Entity\User;
|
||||||
use App\Util\Nickname;
|
use App\Util\Nickname;
|
||||||
|
use Exception;
|
||||||
use Symfony\Component\HttpFoundation\RedirectResponse;
|
use Symfony\Component\HttpFoundation\RedirectResponse;
|
||||||
use Symfony\Component\HttpFoundation\Request;
|
use Symfony\Component\HttpFoundation\Request;
|
||||||
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
|
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
|
||||||
@ -90,8 +91,10 @@ class Authenticator extends AbstractFormLoginAuthenticator
|
|||||||
}
|
}
|
||||||
|
|
||||||
$nick = Nickname::normalize($credentials['nickname']);
|
$nick = Nickname::normalize($credentials['nickname']);
|
||||||
|
$user = null;
|
||||||
|
try {
|
||||||
$user = DB::findOneBy('local_user', ['or' => ['nickname' => $nick, 'outgoing_email' => $nick]]);
|
$user = DB::findOneBy('local_user', ['or' => ['nickname' => $nick, 'outgoing_email' => $nick]]);
|
||||||
if (!$user) {
|
} catch (Exception $e) {
|
||||||
throw new CustomUserMessageAuthenticationException(
|
throw new CustomUserMessageAuthenticationException(
|
||||||
_m('\'{nickname}\' doesn\'t match any registered nickname or email.', ['{nickname}' => $credentials['nickname']]));
|
_m('\'{nickname}\' doesn\'t match any registered nickname or email.', ['{nickname}' => $credentials['nickname']]));
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user