auth: db-oauth2 - Fail login if active_attribute is missing

author Steve Mokris <steve@kosada.com>

Tue, 17 May 2022 19:19:49 +0000 (15:19 -0400)

committer aki.tuomi <aki.tuomi@open-xchange.com>

Tue, 29 Aug 2023 07:08:45 +0000 (07:08 +0000)
author Steve Mokris <steve@kosada.com>
Tue, 17 May 2022 19:19:49 +0000 (15:19 -0400)
committer aki.tuomi <aki.tuomi@open-xchange.com>
Tue, 29 Aug 2023 07:08:45 +0000 (07:08 +0000)
diff --git a/src/auth/db-oauth2.c b/src/auth/db-oauth2.c

index d56abeeb1bcd8407648f5cae8d5522400b71cb6a..f794cf46481156cbe18dab775fbc7e9b6f453776 100644 (file)
--- a/src/auth/db-oauth2.c
+++ b/src/auth/db-oauth2.c
@@ -609,12 +609,31 @@ db_oauth2_user_is_enabled(struct db_oauth2_request *req,
             *req->db->set.active_value != '\0') {
                 const char *active_value =
                         auth_fields_find(req->fields, req->db->set.active_attribute);
-               if (active_value != NULL &&
-                   strcmp(req->db->set.active_value, active_value) != 0) {
-                       *error_r = "Provided token is not valid";
+               if (active_value != NULL) {
+                       if (strcmp(req->db->set.active_value, active_value) == 0) {
+                               e_debug(authdb_event(req->auth_request),
+                                       "oauth2 active_attribute check succeeded");
+                       } else {
+                               e_debug(authdb_event(req->auth_request),
+                                       "oauth2 active_attribute check failed: expected %s=\"%s\" but got \"%s\"",
+                                       req->db->set.active_attribute,
+                                       req->db->set.active_value,
+                                       active_value);
+                               *error_r = "Provided token is not valid";
+                               *result_r = PASSDB_RESULT_PASSWORD_MISMATCH;
+                               return FALSE;
+                       }
+               } else {
+                       e_debug(authdb_event(req->auth_request),
+                               "oauth2 active_attribute \"%s\" not found in oauth2 server's response",
+                               req->db->set.active_attribute);
+                       *error_r = "Missing active_attribute from token";
                         *result_r = PASSDB_RESULT_PASSWORD_MISMATCH;
                         return FALSE;
                 }
+       } else {
+               e_debug(authdb_event(req->auth_request),
+                       "oauth2 active_attribute is not configured; skipping the check");
         }
         return TRUE;
  }
author	Steve Mokris <steve@kosada.com>
	Tue, 17 May 2022 19:19:49 +0000 (15:19 -0400)
committer	aki.tuomi <aki.tuomi@open-xchange.com>
	Tue, 29 Aug 2023 07:08:45 +0000 (07:08 +0000)