From 36b6362974aa891c08f5e50b5ea11fe0b4437e16 Mon Sep 17 00:00:00 2001
From: Max Peintner <peintnerm@gmail.com>
Date: Thu, 9 Jan 2025 09:47:58 +0100
Subject: [PATCH] recheck settings

---
 apps/login/src/lib/server/loginname.ts | 34 ++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/apps/login/src/lib/server/loginname.ts b/apps/login/src/lib/server/loginname.ts
index 704c01b9..10d9501b 100644
--- a/apps/login/src/lib/server/loginname.ts
+++ b/apps/login/src/lib/server/loginname.ts
@@ -154,6 +154,40 @@ export async function sendLoginname(command: SendLoginnameCommand) {
       user.details?.resourceOwner,
     );
 
+    // recheck login settings after user discovery, as the search might have been done without org scope
+    if (
+      userLoginSettings?.disableLoginWithEmail &&
+      userLoginSettings?.disableLoginWithPhone
+    ) {
+      if (user.username !== command.loginName) {
+        return { error: "User not found in the system!" };
+      }
+    } else if (userLoginSettings?.disableLoginWithEmail) {
+      const humanUser =
+        potentialUsers[0].type.case === "human"
+          ? potentialUsers[0].type.value
+          : undefined;
+
+      if (
+        user.username !== command.loginName ||
+        humanUser?.phone?.phone !== command.loginName
+      ) {
+        return { error: "User not found in the system!" };
+      }
+    } else if (userLoginSettings?.disableLoginWithPhone) {
+      const humanUser =
+        potentialUsers[0].type.case === "human"
+          ? potentialUsers[0].type.value
+          : undefined;
+
+      if (
+        user.username !== command.loginName ||
+        humanUser?.email?.email !== command.loginName
+      ) {
+        return { error: "User not found in the system!" };
+      }
+    }
+
     const checks = create(ChecksSchema, {
       user: { search: { case: "userId", value: userId } },
     });