From c374bbf14d63a68b0f1ae88a8eb91f4ab091dc73 Mon Sep 17 00:00:00 2001
From: Robin Appelman <robin@icewind.nl>
Date: Mon, 21 Sep 2020 16:13:09 +0200
Subject: [PATCH] allow authenticating using urlencoded passwords

this allows authenticating with passwords that contain non ascii-characters in contexts that otherwise do not allow it (http basic)

Signed-off-by: Robin Appelman <robin@icewind.nl>
---
 lib/private/User/Manager.php | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/lib/private/User/Manager.php b/lib/private/User/Manager.php
index 1d58c68268c..8e441e2e419 100644
--- a/lib/private/User/Manager.php
+++ b/lib/private/User/Manager.php
@@ -231,6 +231,20 @@ class Manager extends PublicEmitter implements IUserManager {
 			}
 		}
 
+		// since http basic auth doesn't provide a standard way of handling non ascii password we allow password to be urlencoded
+		// we only do this decoding after using the plain password fails to maintain compatibility with any password that happens
+		// to contains urlencoded patterns by "accident".
+		$password = urldecode($password);
+
+		foreach ($this->backends as $backend) {
+			if ($backend->implementsActions(Backend::CHECK_PASSWORD)) {
+				$uid = $backend->checkPassword($loginName, $password);
+				if ($uid !== false) {
+					return $this->getUserObject($uid, $backend);
+				}
+			}
+		}
+
 		return false;
 	}
 
-- 
GitLab