From fdfd372feb039b5dee16c40aa49e50aeaf685809 Mon Sep 17 00:00:00 2001
From: nsfisis <nsfisis@gmail.com>
Date: Tue, 13 Aug 2024 21:12:17 +0900
Subject: feat: disallow login with email address

---
 backend/auth/auth.go | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'backend/auth/auth.go')

diff --git a/backend/auth/auth.go b/backend/auth/auth.go
index 3ede326..4224675 100644
--- a/backend/auth/auth.go
+++ b/backend/auth/auth.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"strings"
 	"time"
 
 	"github.com/jackc/pgx/v5"
@@ -17,6 +18,7 @@ var (
 	ErrInvalidRegistrationToken = errors.New("invalid registration token")
 	ErrNoRegistrationToken      = errors.New("no registration token")
 	ErrForteeLoginTimeout       = errors.New("fortee login timeout")
+	ErrForteeEmailUsed          = errors.New("fortee email used")
 )
 
 const (
@@ -103,6 +105,11 @@ func verifyRegistrationToken(ctx context.Context, queries *db.Queries, registrat
 }
 
 func verifyForteeAccount(ctx context.Context, username string, password string) error {
+	// fortee API allows login with email address, but this system disallows it.
+	if strings.Contains(username, "@") {
+		return ErrForteeEmailUsed
+	}
+
 	ctx, cancel := context.WithTimeout(ctx, forteeAPITimeout)
 	defer cancel()
 
-- 
cgit v1.2.3-70-g09d2