@paskal Initially, I've tried to add this verification as a part of token.ValidatorFunc with smth like this:

func (s *ServerCommand) isAllowedProvider(userID string) bool {
	p := strings.Split(userID, "_")[0] // user id has "provider_" suffix
	switch p {
	case "anonymous":
		return s.Auth.Anonymous
	case "email":
		return s.Auth.Email.Enable
	case "telegram":
		return s.Auth.Telegram
	case "github":
		return s.Auth.Github.CID != "" && s.Auth.Github.CSEC != ""
	case "google":
		return s.Auth.Google.CID != "" && s.Auth.Google.CSEC != ""
	case "facebook":
		return s.Auth.Facebook.CID != "" && s.Auth.Facebook.CSEC != ""
	case "microsoft":
		return s.Auth.Microsoft.CID != "" && s.Auth.Microsoft.CSEC != ""
	case "yandex":
		return s.Auth.Yandex.CID != "" && s.Auth.Yandex.CSEC != ""
	case "twitter":
		return s.Auth.Twitter.CID != "" && s.Auth.Twitter.CSEC != ""
	case "patreon":
		return s.Auth.Patreon.CID != "" && s.Auth.Patreon.CSEC != ""
	case "apple":
		return s.Auth.Apple.CID != "" && s.Auth.Apple.TID != "" && s.Auth.Apple.KID != ""
	default:
		return true
	}
}

This code is clear and easy to read; however, I didn't like it as it adds another place to maintain as we add a new provider. So, the final approach I picked is to add this check directly to auth library which is based on the list of all the active/registered providers.

Uh oh!

Do not allow commenting from disabled auth provider #1660

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions