From a22a5e3cb924869e32cb9ed71dab3e03d91c018f Mon Sep 17 00:00:00 2001
From: Thomas Citharel <tcit@tcit.fr>
Date: Tue, 2 May 2023 17:04:35 +0200
Subject: [PATCH] fix(auth): Handle logging-in with disabled auth provider

When only MobilizonAuthenticator provider is available, user can be found, but isn't valid for auth. We need to reject those users as well.

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
---
 lib/service/auth/mobilizon_authenticator.ex | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/service/auth/mobilizon_authenticator.ex b/lib/service/auth/mobilizon_authenticator.ex
index 4e5985a7a..cc2e5aa58 100644
--- a/lib/service/auth/mobilizon_authenticator.ex
+++ b/lib/service/auth/mobilizon_authenticator.ex
@@ -13,8 +13,6 @@ defmodule Mobilizon.Service.Auth.MobilizonAuthenticator do
 
   @impl Authenticator
   def login(email, password) do
-    require Logger
-
     with {:user, %User{password_hash: password_hash, provider: nil} = user}
          when not is_nil(password_hash) <-
            {:user, fetch_user(email)},
@@ -23,6 +21,10 @@ defmodule Mobilizon.Service.Auth.MobilizonAuthenticator do
          {:checkpw, true} <- {:checkpw, Argon2.verify_pass(password, password_hash)} do
       {:ok, user}
     else
+      {:user, %User{}} ->
+        # User from a 3rd-party provider, doesn't have a password
+        {:error, :user_not_found}
+
       {:user, {:error, :user_not_found}} ->
         {:error, :user_not_found}