fix email as 2fa provider (#6473)

src/api/core/two_factor/email.rs

@@ -10,7 +10,7 @@ use crate::{
     auth::Headers,
     crypto,
     db::{
-        models::{DeviceId, EventType, TwoFactor, TwoFactorType, User, UserId},
+        models::{EventType, TwoFactor, TwoFactorType, User, UserId},
         DbConn,
     },
     error::{Error, MapResult},
@@ -24,16 +24,10 @@ pub fn routes() -> Vec<Route> {
 #[derive(Deserialize)]
 #[serde(rename_all = "camelCase")]
 struct SendEmailLoginData {
-    #[serde(alias = "DeviceIdentifier")]
-    device_identifier: DeviceId,
-
-    #[allow(unused)]
     #[serde(alias = "Email")]
-    email: Option<String>,
-
-    #[allow(unused)]
+    email: String,
     #[serde(alias = "MasterPasswordHash")]
-    master_password_hash: Option<String>,
+    master_password_hash: String,
 }
 
 /// User is trying to login and wants to use email 2FA.
@@ -45,14 +39,19 @@ async fn send_email_login(data: Json<SendEmailLoginData>, conn: DbConn) -> Empty
     use crate::db::models::User;
 
     // Get the user
-    let Some(user) = User::find_by_device_id(&data.device_identifier, &conn).await else {
-        err!("Cannot find user. Try again.")
+    let Some(user) = User::find_by_mail(&data.email, &conn).await else {
+        err!("Username or password is incorrect. Try again.")
     };
 
     if !CONFIG._enable_email_2fa() {
         err!("Email 2FA is disabled")
     }
 
+    // Check password
+    if !user.check_valid_password(&data.master_password_hash) {
+        err!("Username or password is incorrect. Try again.")
+    }
+
     send_token(&user.uuid, &conn).await?;
 
     Ok(())