letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

use of login_with_email_allowed at caller level

Browse Source
This commit is contained in:
mcalinghee
2025-07-30 15:15:40 +02:00
parent 0e79ed5268
commit 70cf833f0d
2 changed files with 19 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
crates/data-model/src/oauth2/authorization_grant.rs
View File

@@ -179,28 +179,22 @@ impl AuthorizationGrant {
/// ///
/// Returns `LoginHint::MXID` for valid mxid 'mxid:@john.doe:example.com' /// Returns `LoginHint::MXID` for valid mxid 'mxid:@john.doe:example.com'
/// ///
/// Returns `LoginHint::Email` for valid email 'john.doe@example.com' if /// Returns `LoginHint::Email` for valid email 'john.doe@example.com'
/// email supports is enabled
/// ///
/// Otherwise returns `LoginHint::None` /// Otherwise returns `LoginHint::None`
#[must_use] #[must_use]
pub fn parse_login_hint(&self, homeserver: &str, login_with_email_allowed: bool) -> LoginHint { pub fn parse_login_hint(&self, homeserver: &str) -> LoginHint {
let Some(login_hint) = &self.login_hint else { let Some(login_hint) = &self.login_hint else {
return LoginHint::None; return LoginHint::None;
}; };
let Some((prefix, value)) = login_hint.split_once(':') else { let Some((prefix, value)) = login_hint.split_once(':') else {
// If email supports for login_hint is enabled // Validate the email
if login_with_email_allowed { let Ok(address) = lettre::Address::from_str(login_hint) else {
// Validate the email // Return none if the format is incorrect
let Ok(address) = lettre::Address::from_str(login_hint) else { return LoginHint::None;
// Return none if the format is incorrect };
return LoginHint::None; return LoginHint::Email(address);
};
return LoginHint::Email(address);
}
// Unknown hint type, treat as none
return LoginHint::None;
}; };
match prefix { match prefix {
@@ -308,7 +302,7 @@ mod tests {
..AuthorizationGrant::sample(now, &mut rng) ..AuthorizationGrant::sample(now, &mut rng)
}; };
let hint = grant.parse_login_hint("example.com", false); let hint = grant.parse_login_hint("example.com");
assert!(matches!(hint, LoginHint::None)); assert!(matches!(hint, LoginHint::None));
} }
@@ -326,7 +320,7 @@ mod tests {
..AuthorizationGrant::sample(now, &mut rng) ..AuthorizationGrant::sample(now, &mut rng)
}; };
let hint = grant.parse_login_hint("example.com", false); let hint = grant.parse_login_hint("example.com");
assert!(matches!(hint, LoginHint::MXID(mxid) if mxid.localpart() == "example-user")); assert!(matches!(hint, LoginHint::MXID(mxid) if mxid.localpart() == "example-user"));
} }
@@ -344,29 +338,11 @@ mod tests {
..AuthorizationGrant::sample(now, &mut rng) ..AuthorizationGrant::sample(now, &mut rng)
}; };
let hint = grant.parse_login_hint("example.com", true); let hint = grant.parse_login_hint("example.com");
assert!(matches!(hint, LoginHint::Email(email) if email.to_string() == "example@user")); assert!(matches!(hint, LoginHint::Email(email) if email.to_string() == "example@user"));
} }
#[test]
fn valid_login_hint_with_email_when_login_with_email_not_allowed() {
#[allow(clippy::disallowed_methods)]
let mut rng = thread_rng();
#[allow(clippy::disallowed_methods)]
let now = Utc::now();
let grant = AuthorizationGrant {
login_hint: Some(String::from("example@user")),
..AuthorizationGrant::sample(now, &mut rng)
};
let hint = grant.parse_login_hint("example.com", false);
assert!(matches!(hint, LoginHint::None));
}
#[test] #[test]
fn invalid_login_hint() { fn invalid_login_hint() {
#[allow(clippy::disallowed_methods)] #[allow(clippy::disallowed_methods)]
@@ -380,7 +356,7 @@ mod tests {
..AuthorizationGrant::sample(now, &mut rng) ..AuthorizationGrant::sample(now, &mut rng)
}; };
let hint = grant.parse_login_hint("example.com", false); let hint = grant.parse_login_hint("example.com");
assert!(matches!(hint, LoginHint::None)); assert!(matches!(hint, LoginHint::None));
} }
@@ -398,7 +374,7 @@ mod tests {
..AuthorizationGrant::sample(now, &mut rng) ..AuthorizationGrant::sample(now, &mut rng)
}; };
let hint = grant.parse_login_hint("example.com", false); let hint = grant.parse_login_hint("example.com");
assert!(matches!(hint, LoginHint::None)); assert!(matches!(hint, LoginHint::None));
} }
@@ -416,7 +392,7 @@ mod tests {
..AuthorizationGrant::sample(now, &mut rng) ..AuthorizationGrant::sample(now, &mut rng)
}; };
let hint = grant.parse_login_hint("example.com", false); let hint = grant.parse_login_hint("example.com");
assert!(matches!(hint, LoginHint::None)); assert!(matches!(hint, LoginHint::None));
} }

11
crates/handlers/src/views/login.rs
View File

@@ -387,13 +387,12 @@ fn handle_login_hint(
} }
if let PostAuthContextInner::ContinueAuthorizationGrant { ref grant } = next.ctx { if let PostAuthContextInner::ContinueAuthorizationGrant { ref grant } = next.ctx {
let value = match grant.parse_login_hint( let value = match grant.parse_login_hint(homeserver.homeserver()) {
homeserver.homeserver(),
site_config.login_with_email_allowed,
) {
LoginHint::MXID(mxid) => Some(mxid.localpart().to_owned()), LoginHint::MXID(mxid) => Some(mxid.localpart().to_owned()),
LoginHint::Email(email) => Some(email.to_string()), LoginHint::Email(email) if site_config.login_with_email_allowed => {
LoginHint::None => None, Some(email.to_string())
}
_ => None,
}; };
form_state.set_value(LoginFormField::Username, value); form_state.set_value(LoginFormField::Username, value);
} }