summaryrefslogtreecommitdiffstats
path: root/app/authentication.go
diff options
context:
space:
mode:
Diffstat (limited to 'app/authentication.go')
-rw-r--r--app/authentication.go19
1 files changed, 6 insertions, 13 deletions
diff --git a/app/authentication.go b/app/authentication.go
index 7aae48b97..809c2e6c7 100644
--- a/app/authentication.go
+++ b/app/authentication.go
@@ -25,7 +25,7 @@ func (a *App) CheckPasswordAndAllCriteria(user *model.User, password string, mfa
// This to be used for places we check the users password when they are already logged in
func (a *App) doubleCheckPassword(user *model.User, password string) *model.AppError {
- if err := checkUserLoginAttempts(user); err != nil {
+ if err := checkUserLoginAttempts(user, *a.Config().ServiceSettings.MaximumLoginAttempts); err != nil {
return err
}
@@ -83,15 +83,15 @@ func (a *App) CheckUserAdditionalAuthenticationCriteria(user *model.User, mfaTok
return err
}
- if err := checkEmailVerified(user); err != nil {
- return err
+ if !user.EmailVerified && a.Config().EmailSettings.RequireEmailVerification {
+ return model.NewAppError("Login", "api.user.login.not_verified.app_error", nil, "user_id="+user.Id, http.StatusUnauthorized)
}
if err := checkUserNotDisabled(user); err != nil {
return err
}
- if err := checkUserLoginAttempts(user); err != nil {
+ if err := checkUserLoginAttempts(user, *a.Config().ServiceSettings.MaximumLoginAttempts); err != nil {
return err
}
@@ -116,21 +116,14 @@ func (a *App) CheckUserMfa(user *model.User, token string) *model.AppError {
return nil
}
-func checkUserLoginAttempts(user *model.User) *model.AppError {
- if user.FailedAttempts >= *utils.Cfg.ServiceSettings.MaximumLoginAttempts {
+func checkUserLoginAttempts(user *model.User, max int) *model.AppError {
+ if user.FailedAttempts >= max {
return model.NewAppError("checkUserLoginAttempts", "api.user.check_user_login_attempts.too_many.app_error", nil, "user_id="+user.Id, http.StatusUnauthorized)
}
return nil
}
-func checkEmailVerified(user *model.User) *model.AppError {
- if !user.EmailVerified && utils.Cfg.EmailSettings.RequireEmailVerification {
- return model.NewAppError("Login", "api.user.login.not_verified.app_error", nil, "user_id="+user.Id, http.StatusUnauthorized)
- }
- return nil
-}
-
func checkUserNotDisabled(user *model.User) *model.AppError {
if user.DeleteAt > 0 {
return model.NewAppError("Login", "api.user.login.inactive.app_error", nil, "user_id="+user.Id, http.StatusUnauthorized)
generated by cgit v1.2.3-1-g7c22 (git 2.25.1) at 2024-05-05 16:24:19 +0000