feat: allow multiple auth sources per user (#500,#477)

2026-02-23 02:46:23 +00:00 · 2026-01-13 22:56:53 +01:00
parent 5d58df8a19
commit 70832bfb52
41 changed files with 1115 additions and 773 deletions
--- a/internal/app/api/v0/backend/user_service.go
+++ b/internal/app/api/v0/backend/user_service.go
@@ -3,6 +3,7 @@ package backend
 import (
 	"context"
 	"fmt"
+	"slices"
 	"strings"

 	"github.com/h44z/wg-portal/internal/config"
@@ -95,8 +96,10 @@ func (u UserService) ChangePassword(
 	}

 	// ensure that the user uses the database backend; otherwise we can't change the password
-	if user.Source != domain.UserSourceDatabase {
-		return nil, fmt.Errorf("user source %s does not support password changes", user.Source)
+	if !slices.ContainsFunc(user.Authentications, func(authentication domain.UserAuthentication) bool {
+		return authentication.Source == domain.UserSourceDatabase
+	}) {
+		return nil, fmt.Errorf("user has no linked authentication source that does support password changes")
 	}

 	// validate old password