template-monorepo/internal/logic/member/password_helper.go

package member

import (
	memberenum "gateway/internal/model/member/domain/enum"
	domusecase "gateway/internal/model/member/domain/usecase"
)

func ensurePlatformNativePassword(member *domusecase.MemberDTO) error {
	if member == nil {
		return errb.ResNotFound("member", "")
	}
	switch member.Origin {
	case memberenum.MemberOriginPlatformNative:
		return nil
	case memberenum.MemberOriginOIDC:
		return errb.AuthForbidden("social login accounts cannot change password here")
	case memberenum.MemberOriginLDAP:
		return errb.AuthForbidden("ldap accounts cannot change password here")
	case memberenum.MemberOriginSCIM:
		return errb.AuthForbidden("scim provisioned accounts cannot change password here")
	default:
		return errb.AuthForbidden("account cannot change password here")
	}
}
feat(auth): 登入 MFA、忘記/改密碼與註冊恢復流程補齊平台帳號（platform_native）的密碼自助能力，並讓未完成 Email 驗證的使用者可恢復註冊；OIDC/LDAP/SCIM 帳號禁止在本系統變更密碼。登入若已啟用 TOTP 改為兩階段驗證，OTP 重送加入 60 秒冷卻；同步調整 golangci 排除路徑與 zitadel lint 修正。 Co-authored-by: Cursor <cursoragent@cursor.com> 2026-05-26 16:55:37 +00:00			`package member`

			`import (`
			`memberenum "gateway/internal/model/member/domain/enum"`
			`domusecase "gateway/internal/model/member/domain/usecase"`
			`)`

			`func ensurePlatformNativePassword(member *domusecase.MemberDTO) error {`
			`if member == nil {`
			`return errb.ResNotFound("member", "")`
			`}`
			`switch member.Origin {`
			`case memberenum.MemberOriginPlatformNative:`
			`return nil`
			`case memberenum.MemberOriginOIDC:`
			`return errb.AuthForbidden("social login accounts cannot change password here")`
			`case memberenum.MemberOriginLDAP:`
			`return errb.AuthForbidden("ldap accounts cannot change password here")`
			`case memberenum.MemberOriginSCIM:`
			`return errb.AuthForbidden("scim provisioned accounts cannot change password here")`
			`default:`
			`return errb.AuthForbidden("account cannot change password here")`
			`}`
			`}`