From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Thu, 29 Oct 2020 09:37:22 +0000 (+0200)
Subject: auth: db-oauth2 - If active attribute is present in request, check it
X-Git-Tag: 2.3.13~54
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0ce1f349579ee9b30748af01960163aa883b188f;p=thirdparty%2Fdovecot%2Fcore.git

auth: db-oauth2 - If active attribute is present in request, check it

If the attribute is missing, do not assume it's false.
---

diff --git a/src/auth/db-oauth2.c b/src/auth/db-oauth2.c
index 7a3a8ed461..463e4555c8 100644
--- a/src/auth/db-oauth2.c
+++ b/src/auth/db-oauth2.c
@@ -540,11 +540,12 @@ static bool
 db_oauth2_user_is_enabled(struct db_oauth2_request *req,
 			  enum passdb_result *result_r, const char **error_r)
 {
-	if (*req->db->set.active_attribute != '\0') {
-		const char *active_value = auth_fields_find(req->fields, req->db->set.active_attribute);
-		if (active_value == NULL ||
-		    (*req->db->set.active_value != '\0' &&
-		     strcmp(req->db->set.active_value, active_value) != 0)) {
+	if (*req->db->set.active_attribute != '\0' &&
+	    *req->db->set.active_value != '\0') {
+		const char *active_value =
+			auth_fields_find(req->fields, req->db->set.active_attribute);
+		if (active_value != NULL &&
+		    strcmp(req->db->set.active_value, active_value) != 0) {
 			*error_r = "Provided token is not valid";
 			*result_r = PASSDB_RESULT_PASSWORD_MISMATCH;
 			return FALSE;