From 2c2dd52a61bb6ef8280a9e8384aa5c70dd999ab8 Mon Sep 17 00:00:00 2001 From: mdecimus Date: Sun, 26 Oct 2025 16:16:22 +0100 Subject: [PATCH] Auth: Keep OTP Auth and AppPasswords unless the remote directory provides new ones (fixes #2319) --- crates/directory/src/core/principal.rs | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/crates/directory/src/core/principal.rs b/crates/directory/src/core/principal.rs index 31982910..e1a749e2 100644 --- a/crates/directory/src/core/principal.rs +++ b/crates/directory/src/core/principal.rs @@ -308,6 +308,8 @@ impl Principal { let mut has_role = false; let mut has_member_of = false; let mut has_quota = false; + let mut has_otp_auth = false; + let mut has_app_password = false; for item in external.data { match item { @@ -323,9 +325,15 @@ impl Principal { has_role = true; external_data.insert(item); } + PrincipalData::OtpAuth(_) => { + has_otp_auth = true; + external_data.insert(item); + } + PrincipalData::AppPassword(_) => { + has_app_password = true; + external_data.insert(item); + } PrincipalData::Password(_) - | PrincipalData::AppPassword(_) - | PrincipalData::OtpAuth(_) | PrincipalData::Description(_) | PrincipalData::PrimaryEmail(_) | PrincipalData::EmailAlias(_) => { @@ -352,6 +360,8 @@ impl Principal { if external_data.remove(&item) || match item { PrincipalData::EmailAlias(_) => true, + PrincipalData::AppPassword(_) => !has_app_password, + PrincipalData::OtpAuth(_) => !has_otp_auth, PrincipalData::Role(_) => !has_role, PrincipalData::MemberOf(_) => !has_member_of, PrincipalData::DiskQuota(_) => !has_quota,