diff options
author | Christopher Speller <crspeller@gmail.com> | 2016-06-05 02:38:36 -0400 |
---|---|---|
committer | enahum <nahumhbl@gmail.com> | 2016-06-05 03:38:36 -0300 |
commit | 919eea73b6134e6bc0277b7a29d8dc687ff52bf7 (patch) | |
tree | 17c22acf282a4b39ba51c23aaf60b1d870814e07 /api/authentication.go | |
parent | 8936d67044fc04476ec8e542bf9835f35ad39a0a (diff) | |
download | chat-919eea73b6134e6bc0277b7a29d8dc687ff52bf7.tar.gz chat-919eea73b6134e6bc0277b7a29d8dc687ff52bf7.tar.bz2 chat-919eea73b6134e6bc0277b7a29d8dc687ff52bf7.zip |
LDAP users should not be subject to password guess limits or email verification (#3245)
Diffstat (limited to 'api/authentication.go')
-rw-r--r-- | api/authentication.go | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/api/authentication.go b/api/authentication.go index d30fc0a1f..42a395253 100644 --- a/api/authentication.go +++ b/api/authentication.go @@ -56,9 +56,12 @@ func checkLdapUserPasswordAndAllCriteria(ldapId *string, password string, mfaTok user = ldapUser } - if err := checkUserAdditionalAuthenticationCriteria(user, mfaToken); err != nil { - err.StatusCode = http.StatusUnauthorized - return user, err + if err := checkUserMfa(user, mfaToken); err != nil { + return nil, err + } + + if err := checkUserNotDisabled(user); err != nil { + return nil, err } // user successfully authenticated |