From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Thu, 22 Oct 2020 08:41:16 +0000 (+0300)
Subject: auth: db-oauth2 - Allow active:false without username
X-Git-Tag: 2.3.13~57
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=bec575990c37254724a9c6ea8f0e8e3e74d87dac;p=thirdparty%2Fdovecot%2Fcore.git

auth: db-oauth2 - Allow active:false without username
---

diff --git a/src/auth/db-oauth2.c b/src/auth/db-oauth2.c
index 2e2f73aa58..0b63fea95d 100644
--- a/src/auth/db-oauth2.c
+++ b/src/auth/db-oauth2.c
@@ -588,8 +588,8 @@ static void db_oauth2_process_fields(struct db_oauth2_request *req,
 {
 	*error_r = NULL;
 
-	if (db_oauth2_validate_username(req, result_r, error_r) &&
-	    db_oauth2_user_is_enabled(req, result_r, error_r) &&
+	if (db_oauth2_user_is_enabled(req, result_r, error_r) &&
+	    db_oauth2_validate_username(req, result_r, error_r) &&
 	    db_oauth2_token_in_scope(req, result_r, error_r) &&
 	    db_oauth2_template_export(req, result_r, error_r)) {
 		*result_r = PASSDB_RESULT_OK;
@@ -690,6 +690,8 @@ db_oauth2_lookup_continue(struct oauth2_request_result *result,
 		} else if (req->db->oauth2_set.introspection_mode == INTROSPECTION_MODE_LOCAL) {
 			db_oauth2_local_validation(req, req->token);
 			return;
+		} else if (!db_oauth2_user_is_enabled(req, &passdb_result, &error)) {
+			db_oauth2_callback(req, passdb_result, error);
 		} else if (*req->db->set.introspection_url != '\0') {
 			db_oauth2_lookup_introspect(req);
 			return;