From: Marco Bettini <marco.bettini@open-xchange.com>
Date: Thu, 1 Jun 2023 10:47:50 +0000 (+0000)
Subject: auth: db-oauth2 - Handle the case for check on attribute presence only
X-Git-Tag: 2.3.21~16
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=bfb698553f14a9075ca33b08232375cbb75f3fe1;p=thirdparty%2Fdovecot%2Fcore.git

auth: db-oauth2 - Handle the case for check on attribute presence only
---

diff --git a/src/auth/db-oauth2.c b/src/auth/db-oauth2.c
index 20418351a2..4ad350d676 100644
--- a/src/auth/db-oauth2.c
+++ b/src/auth/db-oauth2.c
@@ -268,9 +268,6 @@ struct db_oauth2 *db_oauth2_init(const char *config_path)
 	db->oauth2_set.use_grant_password = db->set.use_grant_password;
 	db->oauth2_set.scope = db->set.scope;
 
-	if (*db->set.active_attribute != '\0' &&
-	    *db->set.active_value == '\0')
-		i_fatal("oauth2: Cannot have empty active_value if active_attribute is set");
 	if (*db->set.active_attribute == '\0' &&
 	    *db->set.active_value != '\0')
 		i_fatal("oauth2: Cannot have empty active_attribute is active_value is set");
@@ -605,8 +602,7 @@ static bool
 db_oauth2_user_is_enabled(struct db_oauth2_request *req,
 			  enum passdb_result *result_r, const char **error_r)
 {
-	if (*req->db->set.active_attribute == '\0' ||
-	    *req->db->set.active_value == '\0') {
+	if (*req->db->set.active_attribute == '\0' ) {
 		e_debug(authdb_event(req->auth_request),
 			"oauth2 active_attribute is not configured; skipping the check");
 	    	return TRUE;
@@ -624,6 +620,13 @@ db_oauth2_user_is_enabled(struct db_oauth2_request *req,
 		return FALSE;
 	}
 
+	if (*req->db->set.active_value == '\0') {
+		e_debug(authdb_event(req->auth_request),
+			"oauth2 active_attribute \"%s\" present; skipping the check on value",
+			req->db->set.active_attribute);
+	    	return TRUE;
+	}
+
 	if (strcmp(req->db->set.active_value, active_value) != 0) {
 		e_debug(authdb_event(req->auth_request),
 			"oauth2 active_attribute check failed: expected %s=\"%s\" but got \"%s\"",