fix(caldav): no failed login emails for tokens #1252

LucaBernstein · 2022-09-23T16:18:21Z

LucaBernstein commented

2022-09-23 16:18:21 +00:00

Description

Prevent Vikunja from sending mail notifications for failed login attempts if CalDav token is used.

Before, as the provided password value was tested against the user password regardless of whether it was a CalDav token, it triggered a failed login attempt email every three times.

Checklist

~~I added or improved tests~~
~~I added or improved docs for my feature~~
- ~~Swagger (including mage do-the-swag)~~
- ~~Error codes~~
- ~~New config options (including adding them to config.yml.saml and running mage generate-docs)~~

# Description Prevent Vikunja from sending mail notifications for failed login attempts if CalDav token is used. Before, as the provided password value was tested against the user password regardless of whether it was a CalDav token, it triggered a failed login attempt email every three times. # Checklist * [ ] ~~I added or improved tests~~ * [ ] ~~I added or improved docs for my feature~~ * [ ] ~~Swagger (including `mage do-the-swag`)~~ * [ ] ~~Error codes~~ * [ ] ~~New config options (including adding them to `config.yml.saml` and running `mage generate-docs`)~~

🎉 1

LucaBernstein referenced this pull request

2022-09-24 17:28:55 +00:00

CalDAV not working properly with iOS #753

konrad reviewed 2022-09-26 15:55:47 +00:00

pkg/routes/caldav/auth.go Outdated

						
				@ -56,2 +56,2 @@

					for _, token := range tokens {

						err = bcrypt.CompareHashAndPassword([]byte(token.Token), []byte(password))

				func checkUserCaldavTokens(s *xorm.Session, login *user.Login) *user.User {

					users, err := user.GetUsersByUsername(s, []string{login.Username}, false)

konrad commented

2022-09-26 15:55:47 +00:00

Please use GetUserByUsername. There will never be a case where more than one user is returned for one username.

Please use `GetUserByUsername`. There will never be a case where more than one user is returned for one username.

pkg/routes/caldav/auth.go Outdated

						
				@ -58,0 +57,4 @@

					users, err := user.GetUsersByUsername(s, []string{login.Username}, false)

					if err != nil || len(users) != 1 {

						log.Warningf("Error while retrieving users from database: %v", err)

						return nil