Make stricter distinction between password and app tokens

2025-12-14 01:12:24 +00:00 · 2025-04-14 18:00:07 +02:00
parent 34b20d4ead
commit 93b967093c
6 changed files with 37 additions and 22 deletions
--- a/crates/frontend/src/routes/login.rs
+++ b/crates/frontend/src/routes/login.rs
@@ -70,10 +70,7 @@ pub async fn route_post_login<AP: AuthenticationProvider>(
        .and_then(|uri| req.full_url().make_relative(&uri))
        .unwrap_or(default_redirect);

-    if let Ok(Some(user)) = auth_provider
-        .validate_user_token(&username, &password)
-        .await
-    {
+    if let Ok(Some(user)) = auth_provider.validate_password(&username, &password).await {
        session.insert("user", user.id).unwrap();
        Redirect::to(redirect_uri)
            .see_other()