From 2ad07373aa9239eba94abdabbb01c9abfa8c48de Mon Sep 17 00:00:00 2001
From: Stojan Dimitrovski <sdimitrovski@gmail.com>
Date: Mon, 2 Sep 2024 12:00:59 +0200
Subject: [PATCH] feat: add option to disable magic links (#1756)

Adds an option to disable magic links, as they are more prone to email
sending abuse than other email authentication methods.
---
 internal/api/magic_link.go     | 4 ++++
 internal/conf/configuration.go | 2 ++
 2 files changed, 6 insertions(+)

diff --git a/internal/api/magic_link.go b/internal/api/magic_link.go
index d7e941b79d..e3fc0315b7 100644
--- a/internal/api/magic_link.go
+++ b/internal/api/magic_link.go
@@ -46,6 +46,10 @@ func (a *API) MagicLink(w http.ResponseWriter, r *http.Request) error {
 		return unprocessableEntityError(ErrorCodeEmailProviderDisabled, "Email logins are disabled")
 	}
 
+	if !config.External.Email.MagicLinkEnabled {
+		return unprocessableEntityError(ErrorCodeEmailProviderDisabled, "Login with magic link is disabled")
+	}
+
 	params := &MagicLinkParams{}
 	jsonDecoder := json.NewDecoder(r.Body)
 	err := jsonDecoder.Decode(params)
diff --git a/internal/conf/configuration.go b/internal/conf/configuration.go
index 55d7a8fabc..18b5c3ff9c 100644
--- a/internal/conf/configuration.go
+++ b/internal/conf/configuration.go
@@ -71,6 +71,8 @@ type AnonymousProviderConfiguration struct {
 
 type EmailProviderConfiguration struct {
 	Enabled bool `json:"enabled" default:"true"`
+
+	MagicLinkEnabled bool `json:"magic_link_enabled" default:"true" split_words:"true"`
 }
 
 // DBConfiguration holds all the database related configuration.