diff options
Diffstat (limited to 'app/authentication.go')
-rw-r--r-- | app/authentication.go | 30 |
1 files changed, 25 insertions, 5 deletions
diff --git a/app/authentication.go b/app/authentication.go index 140bffd5a..0b3659449 100644 --- a/app/authentication.go +++ b/app/authentication.go @@ -43,7 +43,7 @@ func (a *App) IsPasswordValid(password string) *model.AppError { } func (a *App) CheckPasswordAndAllCriteria(user *model.User, password string, mfaToken string) *model.AppError { - if err := a.CheckUserAdditionalAuthenticationCriteria(user, mfaToken); err != nil { + if err := a.CheckUserPreflightAuthenticationCriteria(user, mfaToken); err != nil { return err } @@ -51,6 +51,10 @@ func (a *App) CheckPasswordAndAllCriteria(user *model.User, password string, mfa return err } + if err := a.CheckUserPostflightAuthenticationCriteria(user); err != nil { + return err + } + return nil } @@ -109,13 +113,21 @@ func (a *App) checkLdapUserPasswordAndAllCriteria(ldapId *string, password strin return user, nil } -func (a *App) CheckUserAdditionalAuthenticationCriteria(user *model.User, mfaToken string) *model.AppError { - if err := a.CheckUserMfa(user, mfaToken); err != nil { +func (a *App) CheckUserAllAuthenticationCriteria(user *model.User, mfaToken string) *model.AppError { + if err := a.CheckUserPreflightAuthenticationCriteria(user, mfaToken); err != nil { return err } - if !user.EmailVerified && a.Config().EmailSettings.RequireEmailVerification { - return model.NewAppError("Login", "api.user.login.not_verified.app_error", nil, "user_id="+user.Id, http.StatusUnauthorized) + if err := a.CheckUserPostflightAuthenticationCriteria(user); err != nil { + return err + } + + return nil +} + +func (a *App) CheckUserPreflightAuthenticationCriteria(user *model.User, mfaToken string) *model.AppError { + if err := a.CheckUserMfa(user, mfaToken); err != nil { + return err } if err := checkUserNotDisabled(user); err != nil { @@ -129,6 +141,14 @@ func (a *App) CheckUserAdditionalAuthenticationCriteria(user *model.User, mfaTok return nil } +func (a *App) CheckUserPostflightAuthenticationCriteria(user *model.User) *model.AppError { + if !user.EmailVerified && a.Config().EmailSettings.RequireEmailVerification { + return model.NewAppError("Login", "api.user.login.not_verified.app_error", nil, "user_id="+user.Id, http.StatusUnauthorized) + } + + return nil +} + func (a *App) CheckUserMfa(user *model.User, token string) *model.AppError { if !user.MfaActive || !utils.IsLicensed() || !*utils.License().Features.MFA || !*a.Config().ServiceSettings.EnableMultifactorAuthentication { return nil |