fix(caldav): make sure the caldav tokens of non-local accounts are properly checked

2022-07-04 18:08:41 +02:00
parent db1ccff0de
commit 4429ba2da1
3 changed files with 37 additions and 5 deletions
--- a/pkg/user/error.go
+++ b/pkg/user/error.go
@ -452,3 +452,30 @@ func (err *ErrAccountDisabled) HTTPError() web.HTTPError {
 		Message:  "This account is disabled. Check your emails or ask your administrator.",
 	}
 }
+
+// ErrAccountIsNotLocal represents a "AccountIsNotLocal" kind of error.
+type ErrAccountIsNotLocal struct {
+	UserID int64
+}
+
+// IsErrAccountIsNotLocal checks if an error is a ErrAccountIsNotLocal.
+func IsErrAccountIsNotLocal(err error) bool {
+	_, ok := err.(*ErrAccountIsNotLocal)
+	return ok
+}
+
+func (err *ErrAccountIsNotLocal) Error() string {
+	return "Account is not local"
+}
+
+// ErrCodeAccountIsNotLocal holds the unique world-error code of this error
+const ErrCodeAccountIsNotLocal = 1021
+
+// HTTPError holds the http error description
+func (err *ErrAccountIsNotLocal) HTTPError() web.HTTPError {
+	return web.HTTPError{
+		HTTPCode: http.StatusPreconditionFailed,
+		Code:     ErrCodeAccountIsNotLocal,
+		Message:  "This account is managed by a third-party authentication provider.",
+	}
+}
--- a/pkg/user/user.go
+++ b/pkg/user/user.go
@ -314,6 +314,10 @@ func CheckUserCredentials(s *xorm.Session, u *Login) (*User, error) {
 		return nil, ErrWrongUsernameOrPassword{}
 	}

+	if user.Issuer != IssuerLocal {
+		return user, &ErrAccountIsNotLocal{UserID: user.ID}
+	}
+
 	// The user is invalid if they need to verify their email address
 	if user.Status == StatusEmailConfirmationRequired {
 		return &User{}, ErrEmailNotConfirmed{UserID: user.ID}