mirrors/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel synced 2024-11-21 16:30:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: only allow domain discovery if no organization was preselected (#8748)

Browse Source 
# Which Problems Are Solved

If an organization was preselected using an orgID or primaryDomain
scope, users could still switch to another organization, if the latter
allowed domain discovery and the entered username / or login_hint
included the corresponding domain suffix.

# How the Problems Are Solved

Domain discovery will only be done in case no org was preselected.

# Additional Changes

None

# Additional Context

- closes https://github.com/zitadel/zitadel/issues/8464
- closes https://github.com/zitadel/zitadel/issues/8588
This commit is contained in:
Livio Spring 2024-10-10 17:29:53 +02:00 committed by GitHub
parent 16171ce3b9
commit df2033253d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
internal/auth/repository/eventsourcing/eventstore/auth_request.go
View File

@ -785,9 +785,12 @@ func (repo *AuthRequestRepo) checkLoginName(ctx context.Context, request *domain
}
// the user was either not found or not active
// so check if the loginname suffix matches a verified org domain
ok, errDomainDiscovery := repo.checkDomainDiscovery(ctx, request, loginNameInput)
if errDomainDiscovery != nil || ok {
return errDomainDiscovery
// but only if no org was requested (by id or domain)
if request.RequestedOrgID == "" {
ok, errDomainDiscovery := repo.checkDomainDiscovery(ctx, request, loginNameInput)
if errDomainDiscovery != nil || ok {
return errDomainDiscovery
}
}
// let's once again check if the user was just inactive
if user != nil && user.State == int32(domain.UserStateInactive) {