summaryrefslogtreecommitdiffstats
path: root/app/authentication.go
diff options
context:
space:
mode:
Diffstat (limited to 'app/authentication.go')
-rw-r--r--app/authentication.go30
1 files changed, 25 insertions, 5 deletions
diff --git a/app/authentication.go b/app/authentication.go
index 140bffd5a..0b3659449 100644
--- a/app/authentication.go
+++ b/app/authentication.go
@@ -43,7 +43,7 @@ func (a *App) IsPasswordValid(password string) *model.AppError {
}
func (a *App) CheckPasswordAndAllCriteria(user *model.User, password string, mfaToken string) *model.AppError {
- if err := a.CheckUserAdditionalAuthenticationCriteria(user, mfaToken); err != nil {
+ if err := a.CheckUserPreflightAuthenticationCriteria(user, mfaToken); err != nil {
return err
}
@@ -51,6 +51,10 @@ func (a *App) CheckPasswordAndAllCriteria(user *model.User, password string, mfa
return err
}
+ if err := a.CheckUserPostflightAuthenticationCriteria(user); err != nil {
+ return err
+ }
+
return nil
}
@@ -109,13 +113,21 @@ func (a *App) checkLdapUserPasswordAndAllCriteria(ldapId *string, password strin
return user, nil
}
-func (a *App) CheckUserAdditionalAuthenticationCriteria(user *model.User, mfaToken string) *model.AppError {
- if err := a.CheckUserMfa(user, mfaToken); err != nil {
+func (a *App) CheckUserAllAuthenticationCriteria(user *model.User, mfaToken string) *model.AppError {
+ if err := a.CheckUserPreflightAuthenticationCriteria(user, mfaToken); err != nil {
return err
}
- if !user.EmailVerified && a.Config().EmailSettings.RequireEmailVerification {
- return model.NewAppError("Login", "api.user.login.not_verified.app_error", nil, "user_id="+user.Id, http.StatusUnauthorized)
+ if err := a.CheckUserPostflightAuthenticationCriteria(user); err != nil {
+ return err
+ }
+
+ return nil
+}
+
+func (a *App) CheckUserPreflightAuthenticationCriteria(user *model.User, mfaToken string) *model.AppError {
+ if err := a.CheckUserMfa(user, mfaToken); err != nil {
+ return err
}
if err := checkUserNotDisabled(user); err != nil {
@@ -129,6 +141,14 @@ func (a *App) CheckUserAdditionalAuthenticationCriteria(user *model.User, mfaTok
return nil
}
+func (a *App) CheckUserPostflightAuthenticationCriteria(user *model.User) *model.AppError {
+ if !user.EmailVerified && a.Config().EmailSettings.RequireEmailVerification {
+ return model.NewAppError("Login", "api.user.login.not_verified.app_error", nil, "user_id="+user.Id, http.StatusUnauthorized)
+ }
+
+ return nil
+}
+
func (a *App) CheckUserMfa(user *model.User, token string) *model.AppError {
if !user.MfaActive || !utils.IsLicensed() || !*utils.License().Features.MFA || !*a.Config().ServiceSettings.EnableMultifactorAuthentication {
return nil
generated by cgit v1.2.3-1-g7c22 (git 2.25.1) at 2024-04-30 14:40:39 +0000