fix: abort if we don't have a password for the account, assume its pubkey only

2023-06-06 22:05:49 -04:00 · 2023-06-06 22:05:49 -04:00 · c20dec0204
parent def1b50cfc
commit c20dec0204
1 changed files with 7 additions and 0 deletions
--- a/controller/auth.go
+++ b/controller/auth.go
@ -160,6 +160,13 @@ func (a *AuthController) PostLogin() {
 		return
 	}

+	if account.Password == nil || len(*account.Password) == 0 {
+		msg := "only pubkey login is supported"
+		logger.Get().Debug(msg)
+		a.Ctx.StopWithError(iris.StatusBadRequest, errors.New(msg))
+		return
+	}
+
 	// Verify the provided password against the hashed password stored in the database.
 	if err := verifyPassword(*account.Password, r.Password); err != nil {
 		msg := "invalid email or password"