Authentication: fix uid ldap login after email parsing was added to rate limiter

services/web/modules/authentication/ldap/app/src/LDAPRateLimitMiddleware.mjs

@@ -0,0 +1,24 @@
+export function prepareLdapLoginForRateLimitEmail(field = 'email') {
+  return function (req, res, next) {
+    const value = req.body[field]
+    if (!value) return next()
+
+    if (!value.includes('@')) {
+      req._originalLogin = value
+      req.body[field] = `${value}@ldapfake.invalid`
+    }
+
+    next()
+  }
+}
+
+export function restoreLdapLoginAfterRateLimitEmail(field = 'email') {
+  return function (req, res, next) {
+    if (req._originalLogin !== undefined) {
+      req.body[field] = req._originalLogin
+      delete req._originalLogin
+    }
+    next()
+  }
+}
+

services/web/modules/authentication/ldap/app/src/LDAPRouter.mjs

@@ -4,13 +4,16 @@ import CaptchaMiddleware from '../../../../../app/src/Features/Captcha/CaptchaMi
 import AuthenticationController from '../../../../../app/src/Features/Authentication/AuthenticationController.mjs'
 import { overleafLoginRateLimiter } from '../../../../../app/src/infrastructure/RateLimiter.mjs'
 import LDAPAuthenticationController from './LDAPAuthenticationController.mjs'
+import { prepareLdapLoginForRateLimitEmail, restoreLdapLoginAfterRateLimitEmail } from './LDAPRateLimitMiddleware.mjs'
 
 export default {
   apply(webRouter) {
     logger.debug({}, 'Init LDAP router')
     webRouter.post('/login',
       RateLimiterMiddleware.rateLimit(overleafLoginRateLimiter), // rate limit IP (20 / 60s)
-      RateLimiterMiddleware.loginRateLimitEmail(), // rate limit email (10 / 120s)
+      prepareLdapLoginForRateLimitEmail(), // for logins with uid
+      RateLimiterMiddleware.loginRateLimitEmail('email'), // rate limit email (10 / 120s)
+      restoreLdapLoginAfterRateLimitEmail(),
       CaptchaMiddleware.validateCaptcha('login'),
       LDAPAuthenticationController.passportLogin,
       AuthenticationController.passportLogin,