allow login with prefix of "<domain>\" for selected domains

schlimmchen · schlimmchen · commit f32b6c060926 · 2021-04-21T21:17:15.000+02:00
Some WebDAV clients force to use a domain name for authentication. That
domain name is prepended to the username and separated from it using a
backslash.

This commit allows any user to login with a prefix of "NC\",
"NEXTCLOUD\" or "WORKGROUP\" to their username. The respective prefix is
removed from the given username when trying to login if the login failed
and also interpreting the given username as an email address failed.

In particular, this can help allowing access to Nextcloud for devices
with an interface to SharePoint that forces to specify a domain name for
authentication. As an example, HP LaserJet M428/M429 (and many others)
can then "Scan to Nextcloud" by using the "Scan to SharePoint" feature
(wich is essentially WebDav) and configuring a domain name of "NC",
"NEXTCLOUD" or "WORKGROUP".
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
@@ -464,16 +464,21 @@ public function logClientIn($user,
 			// Failed, maybe the user used their email address
 			$users = $this->manager->getByEmail($user);
 			if (!(\count($users) === 1 && $this->login($users[0]->getUID(), $password))) {
-				$this->logger->warning('Login failed: \'' . $user . '\' (Remote IP: \'' . \OC::$server->getRequest()->getRemoteAddress() . '\')', ['app' => 'core']);
 
-				$throttler->registerAttempt('login', $request->getRemoteAddress(), ['user' => $user]);
+				// Failed, try username from DOMAIN\USERNAME syntax, if applicable
+				$nonDomainUser = preg_replace("/^(?:NC|NEXTCLOUD|WORKGROUP)\\\(.*)/", "\${1}", $user);
+				if ($nonDomainUser === $user || !$this->login($nonDomainUser, $password)) {
+					$this->logger->warning('Login failed: \'' . $user . '\' (Remote IP: \'' . \OC::$server->getRequest()->getRemoteAddress() . '\')', ['app' => 'core']);
 
-				$this->dispatcher->dispatchTyped(new OC\Authentication\Events\LoginFailed($user));
+					$throttler->registerAttempt('login', $request->getRemoteAddress(), ['user' => $user]);
 
-				if ($currentDelay === 0) {
-					$throttler->sleepDelay($request->getRemoteAddress(), 'login');
+					$this->dispatcher->dispatchTyped(new OC\Authentication\Events\LoginFailed($user));
+
+					if ($currentDelay === 0) {
+						$throttler->sleepDelay($request->getRemoteAddress(), 'login');
+					}
+					return false;
 				}
-				return false;
 			}
 		}
 
