mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-13 03:24:26 +00:00
fix(login): check user state before ignoreUnknownUsernames setting (#4759)
Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>
This commit is contained in:
parent
7e2666153e
commit
062887269b
@ -668,7 +668,15 @@ func (repo *AuthRequestRepo) checkLoginName(ctx context.Context, request *domain
|
|||||||
if repo.checkDomainDiscovery(ctx, request, loginName) {
|
if repo.checkDomainDiscovery(ctx, request, loginName) {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
// let's just check for if unknown usernames are ignored
|
// let's once again check if the user was just inactive
|
||||||
|
if user != nil && user.State == int32(domain.UserStateInactive) {
|
||||||
|
return errors.ThrowPreconditionFailed(nil, "AUTH-2n8fs", "Errors.User.Inactive")
|
||||||
|
}
|
||||||
|
// or locked
|
||||||
|
if user != nil && user.State == int32(domain.UserStateLocked) {
|
||||||
|
return errors.ThrowPreconditionFailed(nil, "AUTH-SF3gb", "Errors.User.Locked")
|
||||||
|
}
|
||||||
|
// let's just check if unknown usernames are ignored
|
||||||
if request.LoginPolicy != nil && request.LoginPolicy.IgnoreUnknownUsernames {
|
if request.LoginPolicy != nil && request.LoginPolicy.IgnoreUnknownUsernames {
|
||||||
if request.LabelPolicy != nil && request.LabelPolicy.HideLoginNameSuffix {
|
if request.LabelPolicy != nil && request.LabelPolicy.HideLoginNameSuffix {
|
||||||
preferredLoginName = loginName
|
preferredLoginName = loginName
|
||||||
@ -685,14 +693,6 @@ func (repo *AuthRequestRepo) checkLoginName(ctx context.Context, request *domain
|
|||||||
if !user.MachineView.IsZero() {
|
if !user.MachineView.IsZero() {
|
||||||
return errors.ThrowPreconditionFailed(nil, "AUTH-DGV4g", "Errors.User.NotHuman")
|
return errors.ThrowPreconditionFailed(nil, "AUTH-DGV4g", "Errors.User.NotHuman")
|
||||||
}
|
}
|
||||||
// let's once again check if the user was just inactive
|
|
||||||
if user != nil && user.State == int32(domain.UserStateInactive) {
|
|
||||||
return errors.ThrowPreconditionFailed(nil, "AUTH-2n8fs", "Errors.User.Inactive")
|
|
||||||
}
|
|
||||||
// or locked
|
|
||||||
if user != nil && user.State == int32(domain.UserStateLocked) {
|
|
||||||
return errors.ThrowPreconditionFailed(nil, "AUTH-SF3gb", "Errors.User.Locked")
|
|
||||||
}
|
|
||||||
// everything should be handled by now
|
// everything should be handled by now
|
||||||
logging.WithFields("authRequest", request.ID, "loginName", loginName).Error("unhandled state for checkLoginName")
|
logging.WithFields("authRequest", request.ID, "loginName", loginName).Error("unhandled state for checkLoginName")
|
||||||
return errors.ThrowInternal(nil, "AUTH-asf3df", "Errors.Internal")
|
return errors.ThrowInternal(nil, "AUTH-asf3df", "Errors.Internal")
|
||||||
|
Loading…
Reference in New Issue
Block a user