chore: synchronize workspaces

ory · May 23, 2024 · 705510a · 705510a
1 parent 9484bc6
commit 705510a
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 13 deletions.
diff --git a/selfservice/strategy/multistep/strategy_login.go b/selfservice/strategy/multistep/strategy_login.go
@@ -29,7 +29,7 @@ func (s *Strategy) handleLoginError(w http.ResponseWriter, r *http.Request, f *l
 	return err
 }
 
-func (s *Strategy) Login(w http.ResponseWriter, r *http.Request, f *login.Flow, _ *session.Session) (i *identity.Identity, err error) {
+func (s *Strategy) Login(w http.ResponseWriter, r *http.Request, f *login.Flow, _ *session.Session) (_ *identity.Identity, err error) {
 	if !s.d.Config().SelfServiceLoginFlowTwoStepEnabled(r.Context()) {
 		return nil, errors.WithStack(flow.ErrStrategyNotResponsible)
 	}
@@ -69,23 +69,20 @@ func (s *Strategy) Login(w http.ResponseWriter, r *http.Request, f *login.Flow,
 	} else if err != nil {
 		// An error happened during lookup
 		return nil, s.handleLoginError(w, r, f, &p, err)
-	} else {
+	} else if !s.d.Config().SecurityAccountEnumerationMitigate(r.Context()) {
 		// Hydrate credentials
 		if err := s.d.PrivilegedIdentityPool().HydrateIdentityAssociations(r.Context(), identityHint, identity.ExpandCredentials); err != nil {
 			return nil, s.handleLoginError(w, r, f, &p, err)
 		}
-
-		// Add identity hint
-		opts = append(opts, login.WithIdentityHint(i))
 	}
 
-	strategies := s.d.LoginStrategies(r.Context())
-
 	f.UI.ResetMessages()
 	f.UI.Nodes.SetValueAttribute("identifier", p.Identifier)
 
-	// Get the identifier
-	for _, ls := range strategies {
+	// Add identity hint
+	opts = append(opts, login.WithIdentityHint(identityHint))
+
+	for _, ls := range s.d.LoginStrategies(r.Context()) {
 		populator, ok := ls.(login.FormHydrator)
 		if !ok {
 			continue

diff --git a/selfservice/strategy/passkey/passkey_login.go b/selfservice/strategy/passkey/passkey_login.go
@@ -419,7 +419,7 @@ func (s *Strategy) PopulateLoginMethodMultiStepSelection(r *http.Request, sr *lo
 		count, err := s.CountActiveFirstFactorCredentials(o.IdentityHint.Credentials)
 		if err != nil {
 			return err
-		} else if count == 0 {
+		} else if count == 0 && !s.d.Config().SecurityAccountEnumerationMitigate(r.Context()) {
 			return nil
 		}
 	}

diff --git a/selfservice/strategy/password/login.go b/selfservice/strategy/password/login.go
@@ -184,13 +184,13 @@ func (s *Strategy) PopulateLoginMethodMultiStepSelection(r *http.Request, sr *lo
 
 	if o.IdentityHint == nil {
 		// Identity was not found so add fields
-	} else if o.IdentityHint != nil {
+	} else {
 		// If we have an identity hint we can perform identity credentials discovery and
 		// hide this credential if it should not be included.
 		count, err := s.CountActiveFirstFactorCredentials(o.IdentityHint.Credentials)
 		if err != nil {
 			return err
-		} else if count == 0 {
+		} else if count == 0 && !s.d.Config().SecurityAccountEnumerationMitigate(r.Context()) {
 			return nil
 		}
 	}

diff --git a/selfservice/strategy/webauthn/login.go b/selfservice/strategy/webauthn/login.go
@@ -382,7 +382,7 @@ func (s *Strategy) PopulateLoginMethodMultiStepSelection(r *http.Request, sr *lo
 		count, err := s.CountActiveFirstFactorCredentials(o.IdentityHint.Credentials)
 		if err != nil {
 			return err
-		} else if count == 0 {
+		} else if count == 0 && !s.d.Config().SecurityAccountEnumerationMitigate(r.Context()) {
 			return nil
 		}
 	}