diff --git a/services/identity/src/client_service.rs b/services/identity/src/client_service.rs --- a/services/identity/src/client_service.rs +++ b/services/identity/src/client_service.rs @@ -694,6 +694,17 @@ redact_sensitive_data(&message.user_id) ); + if self + .client + .get_user_login_flow(&message.user_id) + .await? + .is_v1_flow() + { + return Err(tonic::Status::failed_precondition( + tonic_status_messages::USE_V1_FLOW, + )); + } + let user_identifier = self .client .get_user_identity(&message.user_id) @@ -779,6 +790,17 @@ let user_id = message.user_id; let device_id = flattened_device_key_upload.device_id_key.clone(); + if self + .client + .get_user_login_flow(&user_id) + .await? + .is_v1_flow() + { + return Err(tonic::Status::failed_precondition( + tonic_status_messages::USE_V1_FLOW, + )); + } + let nonce = challenge_response.verify_and_get_nonce(&device_id)?; self.verify_and_remove_nonce(&nonce).await?; diff --git a/services/identity/src/constants.rs b/services/identity/src/constants.rs --- a/services/identity/src/constants.rs +++ b/services/identity/src/constants.rs @@ -241,6 +241,7 @@ pub const RETRY_FROM_NATIVE: &str = "retry_from_native"; pub const USER_IS_NOT_STAFF: &str = "user_is_not_staff"; pub const USE_NEW_FLOW: &str = "use_new_flow"; + pub const USE_V1_FLOW: &str = "use_v1_flow"; } // Tunnelbroker diff --git a/services/identity/src/grpc_services/authenticated.rs b/services/identity/src/grpc_services/authenticated.rs --- a/services/identity/src/grpc_services/authenticated.rs +++ b/services/identity/src/grpc_services/authenticated.rs @@ -434,6 +434,17 @@ let (user_id, device_id) = get_user_and_device_id(&request)?; let message = request.into_inner(); + if self + .db_client + .get_user_login_flow(&user_id) + .await? + .is_v1_flow() + { + return Err(tonic::Status::failed_precondition( + tonic_status_messages::USE_V1_FLOW, + )); + } + debug!( "Primary device logout request for user_id={}, device_id={}", user_id, device_id @@ -502,6 +513,17 @@ ) -> Result, tonic::Status> { let (user_id, device_id) = get_user_and_device_id(&request)?; + if self + .db_client + .get_user_login_flow(&user_id) + .await? + .is_v1_flow() + { + return Err(tonic::Status::failed_precondition( + tonic_status_messages::USE_V1_FLOW, + )); + } + debug!( "Secondary device logout request for user_id={}, device_id={}", user_id, device_id