fix(caldav): no failed login emails for tokens #1252
No reviewers
Labels
No Label
dependencies
duplicate
help wanted
invalid
kind/bug
kind/feature
needs reproduction
question
security
wontfix
No Milestone
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: vikunja/vikunja#1252
Loading…
Reference in New Issue
No description provided.
Delete Branch "LucaBernstein/api:fix-auth-mail-notifications-for-caldav-token-use"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Description
Prevent Vikunja from sending mail notifications for failed login attempts if CalDav token is used.
Before, as the provided password value was tested against the user password regardless of whether it was a CalDav token, it triggered a failed login attempt email every three times.
Checklist
I added or improved testsI added or improved docs for my featureSwagger (includingmage do-the-swag
)Error codesNew config options (including adding them toconfig.yml.saml
and runningmage generate-docs
)@ -56,2 +56,2 @@
for _, token := range tokens {
err = bcrypt.CompareHashAndPassword([]byte(token.Token), []byte(password))
func checkUserCaldavTokens(s *xorm.Session, login *user.Login) *user.User {
users, err := user.GetUsersByUsername(s, []string{login.Username}, false)
Please use
GetUserByUsername
. There will never be a case where more than one user is returned for one username.@ -58,0 +57,4 @@
users, err := user.GetUsersByUsername(s, []string{login.Username}, false)
if err != nil || len(users) != 1 {
log.Warningf("Error while retrieving users from database: %v", err)
return nil
This should return an error.
Already not bad, a few comments.
c584da40d7
to6f0939cbbf
6f0939cbbf
tod468c0cbef
d468c0cbef
to0c31aca607