45 Verify if the username is an e-mail and avoid big usernames

Author: henriquejsfj

classes/BadpwFailedLoginsDAO.php

@@ -10,6 +10,7 @@
 
 use PKP\db\DAO;
 use APP\plugins\generic\betterPassword\classes\BadpwFailedLogins as BadpwFailedLogins;
+use APP\facades\Repo;
 
 class BadpwFailedLoginsDAO extends DAO {
 	/**
@@ -58,6 +59,17 @@ public function deleteObject(BadpwFailedLogins $badpwObj) : bool {
 	 * @return BadpwFailedLogins object Object matching the username
 	 */
 	public function getByUsername(string $username) : ?BadpwFailedLogins {
+		// Verify if the username is an email
+		if (filter_var($username, FILTER_VALIDATE_EMAIL)) {
+			$user = Repo::user()->getByEmail($username);
+			if (!$user) {
+				return null;
+			}
+			$username = $user->getData('userName');
+		} elseif (strlen($username) > 32) { // Invalid username length
+			return null;
+		}
+
 		$result = $this->retrieve('
 			SELECT *
 			FROM badpw_failedlogins