*/
public static function getIdForURL(string $url)
{
- // Avoid any database requests when the hostname isn't even part of the url.
- if (!strpos($url, DI::baseUrl()->getHostname())) {
+ // Avoid database queries when the local node hostname isn't even part of the url.
+ if (!Contact::isLocal($url)) {
return 0;
}
try {
$user = self::getAuthenticationInfo($user_info);
} catch (Exception $e) {
- // Addons can create users, and creating a numeric username would create
+ $username = (is_string($user_info) ? $user_info : $user_info['nickname'] ?? '');
+
+ // Addons can create users, and since this 'catch' branch should only
+ // execute if getAuthenticationInfo can't find an existing user, that's
+ // exactly what will happen here. Creating a numeric username would create
// abiguity with user IDs, possibly opening up an attack vector.
// So let's be very careful about that.
- if (is_numeric($user_info) || is_numeric($user_info['nickname'] ?? '')) {
+ if (empty($username) || is_numeric($username)) {
throw $e;
}
- $username = (is_string($user_info) ? $user_info : $user_info['nickname'] ?? '');
-
- if (!$username) {
- throw $e;
- }
- return self::getIdFromAuthenticateHooks($user_info, $password);
+ return self::getIdFromAuthenticateHooks($username, $password);
}
if ($third_party && DI::pConfig()->get($user['uid'], '2fa', 'verified')) {
* @return int User Id if authentication is successful
* @throws HTTPException\ForbiddenException
*/
- public static function getIdFromAuthenticateHooks($username, $password) {
+ public static function getIdFromAuthenticateHooks($username, $password)
+ {
$addon_auth = [
'username' => $username,
'password' => $password,
Photo::update(['profile' => 1], ['resource-id' => $resource_id]);
}
}
+
+ Contact::updateSelfFromUserID($uid, true);
}
Hook::callAll('register_account', $uid);