From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Thu, 22 Oct 2020 08:42:23 +0000 (+0300)
Subject: auth: db-oauth2 - Change active:false to mean invalid token
X-Git-Tag: 2.3.13~56
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fd8ae5027a03f64c14c0cf47c511cdb3137e4e42;p=thirdparty%2Fdovecot%2Fcore.git

auth: db-oauth2 - Change active:false to mean invalid token

Specifications say that invalid token, expired token and any other
reason why the token can be considered invalid should return
{"active":false} reply with no other fields.

Thus, we need to consider this as invalid token.
---

diff --git a/src/auth/db-oauth2.c b/src/auth/db-oauth2.c
index 0b63fea95d..ddbe336b35 100644
--- a/src/auth/db-oauth2.c
+++ b/src/auth/db-oauth2.c
@@ -545,8 +545,8 @@ db_oauth2_user_is_enabled(struct db_oauth2_request *req,
 		if (active_value == NULL ||
 		    (*req->db->set.active_value != '\0' &&
 		     strcmp(req->db->set.active_value, active_value) != 0)) {
-			*error_r = "User account is not active";
-			*result_r = PASSDB_RESULT_USER_DISABLED;
+			*error_r = "Provided token is not valid";
+			*result_r = PASSDB_RESULT_PASSWORD_MISMATCH;
 			return FALSE;
 		}
 	}