From 919a6643d855e56baf866e526839dbfbd5e69e36 Mon Sep 17 00:00:00 2001
From: James Miller <935975+jimhunty@users.noreply.github.com>
Date: Wed, 28 Jun 2023 08:17:06 +0100
Subject: [PATCH] feat: Invalidate identity if not enabled

---
 .../authorizers/IdentityAuthorizer.ts         | 23 ++++++++++++-------
 1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/projects/Mallard/src/authentication/authorizers/IdentityAuthorizer.ts b/projects/Mallard/src/authentication/authorizers/IdentityAuthorizer.ts
index 7a9bc76170..74ef7f00f7 100644
--- a/projects/Mallard/src/authentication/authorizers/IdentityAuthorizer.ts
+++ b/projects/Mallard/src/authentication/authorizers/IdentityAuthorizer.ts
@@ -16,6 +16,7 @@ import {
 } from '../services/identity';
 import type { MembersDataAPIResponse } from '../services/membership';
 import { fetchMembershipData } from '../services/membership';
+import { remoteConfigService } from 'src/services/remote-config';
 
 type BasicCreds = {
 	email: string;
@@ -116,14 +117,20 @@ export default new Authorizer({
 		});
 	},
 	authWithCachedCredentials: async ([utc, mtc, lutc]) => {
-		const [nutoken, lutoken, mtoken] = await Promise.all([
-			utc.get(),
-			lutc.get(),
-			mtc.get(),
-		]);
-		const utoken = nutoken ?? lutoken;
-		if (!utoken || !mtoken) return InvalidResult();
-		return authWithTokens(utoken.password, mtoken.password);
+		const isIdentityEnabled =
+			remoteConfigService.getBoolean('identity_enabled');
+		if (isIdentityEnabled) {
+			const [nutoken, lutoken, mtoken] = await Promise.all([
+				utc.get(),
+				lutc.get(),
+				mtc.get(),
+			]);
+			const utoken = nutoken ?? lutoken;
+			if (!utoken || !mtoken) return InvalidResult();
+			return authWithTokens(utoken.password, mtoken.password);
+		} else {
+			return InvalidResult();
+		}
 	},
 	checkUserHasAccess: canViewEdition,
 });