fixed bug in EncryptedUserService:

now allowing to login with real name or email Signed-off-by: Stephan Richter <s.richter@srsoftware.de>
2024-12-03 21:09:27 +01:00
parent a1eb61843b
commit eafea3b4a1
4 changed files with 6 additions and 6 deletions
--- a/de.srsoftware.oidc.datastore.encrypted/src/main/java/de/srsoftware/oidc/datastore/encrypted/EncryptedUserService.java
+++ b/de.srsoftware.oidc.datastore.encrypted/src/main/java/de/srsoftware/oidc/datastore/encrypted/EncryptedUserService.java
@@ -107,8 +107,8 @@ public class EncryptedUserService extends EncryptedConfig implements UserService
 		}
 		for (var encryptedUser : backend.list()) {
 			var decryptedUser = decrypt(encryptedUser);
-			if (!username.equals(decryptedUser.username())) continue;
-			if (hasher.matches(password, decryptedUser.hashedPassword())) {
+			var match	  = List.of(decryptedUser.username(), decryptedUser.realName(), decryptedUser.email()).contains(username);
+			if (match && hasher.matches(password, decryptedUser.hashedPassword())) {
 				this.unlock(username);
 				return Payload.of(decryptedUser);
 			}