fix: abort if we don't have a password for the account, assume its pubkey only

This commit is contained in:
Derrick Hammer 2023-06-06 22:05:49 -04:00
parent def1b50cfc
commit c20dec0204
Signed by: pcfreak30
GPG Key ID: C997C339BE476FF2
1 changed files with 7 additions and 0 deletions

View File

@ -160,6 +160,13 @@ func (a *AuthController) PostLogin() {
return
}
if account.Password == nil || len(*account.Password) == 0 {
msg := "only pubkey login is supported"
logger.Get().Debug(msg)
a.Ctx.StopWithError(iris.StatusBadRequest, errors.New(msg))
return
}
// Verify the provided password against the hashed password stored in the database.
if err := verifyPassword(*account.Password, r.Password); err != nil {
msg := "invalid email or password"