-
-
Notifications
You must be signed in to change notification settings - Fork 931
/
address_verifier.go
52 lines (38 loc) · 1.25 KB
/
address_verifier.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
// Copyright © 2022 Ory Corp
// SPDX-License-Identifier: Apache-2.0
package hook
import (
"net/http"
"github.com/pkg/errors"
"github.com/ory/kratos/ui/node"
"github.com/ory/herodot"
"github.com/ory/kratos/identity"
"github.com/ory/kratos/selfservice/flow/login"
"github.com/ory/kratos/session"
)
var _ login.PostHookExecutor = new(AddressVerifier)
type AddressVerifier struct{}
func NewAddressVerifier() *AddressVerifier {
return &AddressVerifier{}
}
func (e *AddressVerifier) ExecuteLoginPostHook(_ http.ResponseWriter, _ *http.Request, _ node.UiNodeGroup, f *login.Flow, s *session.Session) error {
// if the login happens using the password method, there must be at least one verified address
if f.Active != identity.CredentialsTypePassword {
return nil
}
// TODO: can this happen at all?
if len(s.Identity.VerifiableAddresses) == 0 {
return errors.WithStack(herodot.ErrInternalServerError.WithReason("A misconfiguration prevents login. Expected to find a verification address but this identity does not have one assigned."))
}
addressVerified := false
for _, va := range s.Identity.VerifiableAddresses {
if va.Verified {
addressVerified = true
break
}
}
if !addressVerified {
return login.ErrAddressNotVerified
}
return nil
}