From c20dec020437d91cf2728852b8bed5c4a0c481e9 Mon Sep 17 00:00:00 2001
From: Derrick Hammer <derrick@derrickhammer.com>
Date: Tue, 6 Jun 2023 22:05:49 -0400
Subject: [PATCH] fix: abort if we don't have a password for the account,
 assume its pubkey only

---
 controller/auth.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/controller/auth.go b/controller/auth.go
index ce2c3a4..15a9672 100644
--- a/controller/auth.go
+++ b/controller/auth.go
@@ -160,6 +160,13 @@ func (a *AuthController) PostLogin() {
 		return
 	}
 
+	if account.Password == nil || len(*account.Password) == 0 {
+		msg := "only pubkey login is supported"
+		logger.Get().Debug(msg)
+		a.Ctx.StopWithError(iris.StatusBadRequest, errors.New(msg))
+		return
+	}
+
 	// Verify the provided password against the hashed password stored in the database.
 	if err := verifyPassword(*account.Password, r.Password); err != nil {
 		msg := "invalid email or password"