Merge pull request #134 from sumedhe/fix-email-otp-for-federated-user

[IS-5.10.0] Check user existence before checking the email otp is disabled for the user
wso2-extensions · Jul 28, 2022 · 78bc6c4 · 78bc6c4
2 parents 328e83f + 584c771
commit 78bc6c4
Showing 1 changed file with 8 additions and 2 deletions.
diff --git a/.../src/main/java/org/wso2/carbon/identity/authenticator/emailotp/EmailOTPAuthenticator.java b/.../src/main/java/org/wso2/carbon/identity/authenticator/emailotp/EmailOTPAuthenticator.java
@@ -2630,8 +2630,14 @@ private void publishPostEmailOTPGeneratedEvent(HttpServletRequest request, Authe
         AuthenticatedUser authenticatedUser = (AuthenticatedUser) context.getProperty(EmailOTPAuthenticatorConstants
                 .AUTHENTICATED_USER);
         Map<String, String> emailOTPParameters = getAuthenticatorConfig().getParameterMap();
-        if (isEmailOTPDisableForUser(authenticatedUser.getAuthenticatedSubjectIdentifier(),
-                context, emailOTPParameters)) {
+        String username = authenticatedUser.getAuthenticatedSubjectIdentifier();
+        boolean isUserExist;
+        try {
+            isUserExist = FederatedAuthenticatorUtil.isUserExistInUserStore(username);
+        } catch (UserStoreException e) {
+            throw new AuthenticationFailedException("Failed to get the user from user store.", e);
+        }
+        if (isUserExist && isEmailOTPDisableForUser(username, context, emailOTPParameters)) {
             // Email OTP is disabled for the user. Hence not going to trigger the event.
             return;
         }