chore(auth): do not authenticate against external sources on dummy login

src/Foundation/Yesod/Auth.hs

@@ -105,7 +105,6 @@ authenticate creds@Creds{..} = liftHandler . runDB . withReaderT projectBackend
           excRecovery . ServerError $ mr cExc
       ]
 
-    -- | Authenticate already existing ExternalUser entries only
     acceptExisting :: SqlPersistT (HandlerFor UniWorX) (AuthenticationResult UniWorX)
     acceptExisting = do
       res <- maybe (UserError $ IdentifierNotFound credsIdent) (Authenticated . entityKey) <$> getBy uAuth
@@ -121,19 +120,21 @@ authenticate creds@Creds{..} = liftHandler . runDB . withReaderT projectBackend
 
   $logDebugS "Auth" $ tshow Creds{..}
 
-  flip catches excHandlers $ case userAuthConf of
+  flip catches excHandlers $ if
-    UserAuthConfSingleSource (AuthSourceConfAzureAdV2 upsertUserAzureConf)
+    | not isDummy, not isOther
-      | Just upsertMode' <- upsertMode -> do
+    , UserAuthConfSingleSource (AuthSourceConfAzureAdV2 upsertUserAzureConf) <- userAuthConf
-          upsertUserAzureData <- azureUser upsertUserAzureConf Creds{..}
+    , Just upsertMode' <- upsertMode -> do
-          $logDebugS "AuthAzure" $ "Successful Azure lookup: " <> tshow upsertUserAzureData
+        upsertUserAzureData <- azureUser upsertUserAzureConf Creds{..}
-          Authenticated . entityKey <$> upsertUser upsertMode' UpsertUserDataAzure{..}
+        $logDebugS "AuthAzure" $ "Successful Azure lookup: " <> tshow upsertUserAzureData
-    UserAuthConfSingleSource (AuthSourceConfLdap upsertUserLdapConf)
+        Authenticated . entityKey <$> upsertUser upsertMode' UpsertUserDataAzure{..}
-      | Just upsertMode' <- upsertMode -> do
+    | not isDummy, not isOther
-          ldapPool <- fmap (fromMaybe $ error "No LDAP Pool") . getsYesod $ view _appLdapPool
+    , UserAuthConfSingleSource (AuthSourceConfLdap upsertUserLdapConf) <- userAuthConf
-          upsertUserLdapData <- ldapUser ldapPool Creds{..}
+    , Just upsertMode' <- upsertMode -> do
-          $logDebugS "AuthLDAP" $ "Successful LDAP lookup: " <> tshow upsertUserLdapData
+        ldapPool <- fmap (fromMaybe $ error "No LDAP Pool") . getsYesod $ view _appLdapPool
-          Authenticated . entityKey <$> upsertUser upsertMode' UpsertUserDataLdap{..}
+        upsertUserLdapData <- ldapUser ldapPool Creds{..}
-    _other
+        $logDebugS "AuthLDAP" $ "Successful LDAP lookup: " <> tshow upsertUserLdapData
+        Authenticated . entityKey <$> upsertUser upsertMode' UpsertUserDataLdap{..}
+    | otherwise
       -> acceptExisting
 
 
@@ -150,7 +151,6 @@ data UserConversionException
   deriving anyclass (Exception)
 
 
--- TODO: this is probably not a sane traversal anymore...
 _upsertUserMode :: Traversal' (Creds UniWorX) UpsertUserMode
 _upsertUserMode mMode cs@Creds{..}
   | credsPlugin == apDummy = setMode <$> mMode (UpsertUserLoginDummy $ CI.mk credsIdent)
@@ -159,15 +159,15 @@ _upsertUserMode mMode cs@Creds{..}
   | otherwise              = setMode <$> mMode (UpsertUserLoginOther $ CI.mk credsIdent)
   where
     setMode UpsertUserLogin{..} | upsertUserSource `elem` loginAPs
-      = cs{ credsPlugin = upsertUserSource }
+      = cs { credsPlugin = upsertUserSource }
     setMode UpsertUserLoginDummy{..}
-      = cs{ credsPlugin = apDummy
+      = cs { credsPlugin = apDummy
-          , credsIdent  = CI.original upsertUserIdent
+           , credsIdent  = CI.original upsertUserIdent
-          }
+           }
     setMode UpsertUserLoginOther{..}
-      = cs{ credsPlugin = bool defaultOther credsPlugin (credsPlugin `notElem` [apDummy, apLdap, apAzure])
+      = cs { credsPlugin = bool defaultOther credsPlugin (credsPlugin `notElem` [apDummy, apLdap, apAzure])
-          , credsIdent  = CI.original upsertUserIdent
+           , credsIdent  = CI.original upsertUserIdent
-          }
+           }
     setMode _ = cs
 
     loginAPs = [ apAzure, apLdap ]