fix email as 2fa provider (#6473)

2025-11-24 13:42:34 +02:00 · 2025-11-23 21:55:20 +01:00
parent 35e1a306f3
commit aad1f19b45
2 changed files with 11 additions and 24 deletions
--- a/src/api/core/two_factor/email.rs
+++ b/src/api/core/two_factor/email.rs
@@ -10,7 +10,7 @@ use crate::{
    auth::Headers,
    crypto,
    db::{
-        models::{DeviceId, EventType, TwoFactor, TwoFactorType, User, UserId},
+        models::{EventType, TwoFactor, TwoFactorType, User, UserId},
        DbConn,
    },
    error::{Error, MapResult},
@@ -24,16 +24,10 @@ pub fn routes() -> Vec<Route> {
 #[derive(Deserialize)]
 #[serde(rename_all = "camelCase")]
 struct SendEmailLoginData {
-    #[serde(alias = "DeviceIdentifier")]
-    device_identifier: DeviceId,
-
-    #[allow(unused)]
    #[serde(alias = "Email")]
-    email: Option<String>,
-
-    #[allow(unused)]
+    email: String,
    #[serde(alias = "MasterPasswordHash")]
-    master_password_hash: Option<String>,
+    master_password_hash: String,
 }

 /// User is trying to login and wants to use email 2FA.
@@ -45,14 +39,19 @@ async fn send_email_login(data: Json<SendEmailLoginData>, conn: DbConn) -> Empty
    use crate::db::models::User;

    // Get the user
-    let Some(user) = User::find_by_device_id(&data.device_identifier, &conn).await else {
-        err!("Cannot find user. Try again.")
+    let Some(user) = User::find_by_mail(&data.email, &conn).await else {
+        err!("Username or password is incorrect. Try again.")
    };

    if !CONFIG._enable_email_2fa() {
        err!("Email 2FA is disabled")
    }

+    // Check password
+    if !user.check_valid_password(&data.master_password_hash) {
+        err!("Username or password is incorrect. Try again.")
+    }
+
    send_token(&user.uuid, &conn).await?;

    Ok(())
--- a/src/db/models/user.rs
+++ b/src/db/models/user.rs
@@ -1,4 +1,4 @@
-use crate::db::schema::{devices, invitations, sso_users, users};
+use crate::db::schema::{invitations, sso_users, users};
 use chrono::{NaiveDateTime, TimeDelta, Utc};
 use derive_more::{AsRef, Deref, Display, From};
 use diesel::prelude::*;
@@ -10,7 +10,6 @@ use super::{
 use crate::{
    api::EmptyResult,
    crypto,
-    db::models::DeviceId,
    db::DbConn,
    error::MapResult,
    sso::OIDCIdentifier,
@@ -387,17 +386,6 @@ impl User {
        }}
    }

-    pub async fn find_by_device_id(device_uuid: &DeviceId, conn: &DbConn) -> Option<Self> {
-        db_run! { conn: {
-            users::table
-                .inner_join(devices::table.on(devices::user_uuid.eq(users::uuid)))
-                .filter(devices::uuid.eq(device_uuid))
-                .select(users::all_columns)
-                .first::<Self>(conn)
-                .ok()
-        }}
-    }
-
    pub async fn get_all(conn: &DbConn) -> Vec<(Self, Option<SsoUser>)> {
        db_run! { conn: {
            users::table