auth: db-oauth2 - Handle the case for check on attribute presence only

diff --git a/src/auth/db-oauth2.c b/src/auth/db-oauth2.c
index 20418351a26b64f23174b202cd3c8ef44ea629d9..4ad350d676e200175f2b33e50aee00f75b3bdccb 100644 (file)
--- a/src/auth/db-oauth2.c
+++ b/src/auth/db-oauth2.c
@@ -268,9 +268,6 @@ struct db_oauth2 *db_oauth2_init(const char *config_path)
        db->oauth2_set.use_grant_password = db->set.use_grant_password;
        db->oauth2_set.scope = db->set.scope;
 
-       if (*db->set.active_attribute != '\0' &&
-           *db->set.active_value == '\0')
-               i_fatal("oauth2: Cannot have empty active_value if active_attribute is set");
        if (*db->set.active_attribute == '\0' &&
            *db->set.active_value != '\0')
                i_fatal("oauth2: Cannot have empty active_attribute is active_value is set");
@@ -605,8 +602,7 @@ static bool
 db_oauth2_user_is_enabled(struct db_oauth2_request *req,
                          enum passdb_result *result_r, const char **error_r)
 {
-       if (*req->db->set.active_attribute == '\0' ||
-           *req->db->set.active_value == '\0') {
+       if (*req->db->set.active_attribute == '\0' ) {
                e_debug(authdb_event(req->auth_request),
                        "oauth2 active_attribute is not configured; skipping the check");
                return TRUE;
@@ -624,6 +620,13 @@ db_oauth2_user_is_enabled(struct db_oauth2_request *req,
                return FALSE;
        }
 
+       if (*req->db->set.active_value == '\0') {
+               e_debug(authdb_event(req->auth_request),
+                       "oauth2 active_attribute \"%s\" present; skipping the check on value",
+                       req->db->set.active_attribute);
+               return TRUE;
+       }
+
        if (strcmp(req->db->set.active_value, active_value) != 0) {
                e_debug(authdb_event(req->auth_request),
                        "oauth2 active_attribute check failed: expected %s=\"%s\" but got \"%s\"",