Email verification works

- Added /auth/verify to authenticated route whitelist
- Updated /auth/verify to properly mark a user as verified, return a response, and fix expiration time check
- Implemented /auth/verify/resend
- Moved verification email sending to a helper method
- Fixed VerifyEmailSchema requiring captcha_key

4 files changed, 58 insertions, 19 deletions

diff --git a/src/util/entities/User.ts b/src/util/entities/User.ts
index f39fc19b..66e10297 100644
--- a/src/util/entities/User.ts
+++ b/src/util/entities/User.ts
@@ -383,28 +383,17 @@ export class User extends BaseClass {
 
 		user.validate();
 		await Promise.all([user.save(), settings.save()]);
-		// send verification email
-		if (Email.transporter && email) {
-			const token = (await generateToken(user.id, email)) as string;
-			const link = `http://localhost:3001/verify#token=${token}`;
-			const message = {
-				from:
-					Config.get().general.correspondenceEmail ||
-					"noreply@localhost",
-				to: email,
-				subject: `Verify Email Address for ${
-					Config.get().general.instanceName
-				}`,
-				html: `Please verify your email address by clicking the following link: <a href="${link}">Verify Email</a>`,
-			};
-
-			await Email.transporter
-				.sendMail(message)
+
+		// send verification email if users aren't verified by default and we have an email
+		if (!Config.get().defaults.user.verified && email) {
+			await Email.sendVerificationEmail(user.id, email)
 				.then((info) => {
 					console.log("Message sent: %s", info.messageId);
 				})
 				.catch((e) => {
-					console.error(`Failed to send email to ${email}: ${e}`);
+					console.error(
+						`Failed to send verification email to ${user.username}#${user.discriminator}: ${e}`,
+					);
 				});
 		}
 
diff --git a/src/util/schemas/VerifyEmailSchema.ts b/src/util/schemas/VerifyEmailSchema.ts
index fa6a4c0d..d94fbbc1 100644
--- a/src/util/schemas/VerifyEmailSchema.ts
+++ b/src/util/schemas/VerifyEmailSchema.ts
@@ -17,6 +17,6 @@
 */
 
 export interface VerifyEmailSchema {
-	captcha_key: string | null;
+	captcha_key?: string | null;
 	token: string;
 }
diff --git a/src/util/util/Email.ts b/src/util/util/Email.ts
index d45eb9a1..371ba827 100644
--- a/src/util/util/Email.ts
+++ b/src/util/util/Email.ts
@@ -16,6 +16,10 @@
 	along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */
 
+import nodemailer, { Transporter } from "nodemailer";
+import { Config } from "./Config";
+import { generateToken } from "./Token";
+
 export const EMAIL_REGEX =
 	/^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;
 
@@ -47,6 +51,7 @@ export function adjustEmail(email?: string): string | undefined {
 export const Email: {
 	transporter: Transporter | null;
 	init: () => Promise<void>;
+	sendVerificationEmail: (id: string, email: string) => Promise<any>;
 } = {
 	transporter: null,
 	init: async function () {
@@ -73,4 +78,25 @@ export const Email: {
 			console.log(`[SMTP] Ready`);
 		});
 	},
+	sendVerificationEmail: async function (
+		id: string,
+		email: string,
+	): Promise<any> {
+		if (!this.transporter) return;
+		const token = (await generateToken(id, email)) as string;
+		const instanceUrl =
+			Config.get().general.frontPage || "http://localhost:3001";
+		const link = `${instanceUrl}/verify#token=${token}`;
+		const message = {
+			from:
+				Config.get().general.correspondenceEmail || "noreply@localhost",
+			to: email,
+			subject: `Verify Email Address for ${
+				Config.get().general.instanceName
+			}`,
+			html: `Please verify your email address by clicking the following link: <a href="${link}">Verify Email</a>`,
+		};
+
+		return this.transporter.sendMail(message);
+	},
 };
diff --git a/src/util/util/Token.ts b/src/util/util/Token.ts
index b3ebcc07..e4b1fe41 100644
--- a/src/util/util/Token.ts
+++ b/src/util/util/Token.ts
@@ -72,6 +72,30 @@ export function checkToken(
 	});
 }
 
+/**
+ * Puyodead1 (1/19/2023): I made a copy of this function because I didn't want to break anything with the other one.
+ * this version of the function doesn't use select, so we can update the user. with select causes constraint errors.
+ */
+export function verifyTokenEmailVerification(
+	token: string,
+	jwtSecret: string,
+): Promise<{ decoded: any; user: User }> {
+	return new Promise((res, rej) => {
+		jwt.verify(token, jwtSecret, JWTOptions, async (err, decoded: any) => {
+			if (err || !decoded) return rej("Invalid Token");
+
+			const user = await User.findOne({
+				where: { id: decoded.id },
+			});
+			if (!user) return rej("Invalid Token");
+			if (user.disabled) return rej("User disabled");
+			if (user.deleted) return rej("User not found");
+
+			return res({ decoded, user });
+		});
+	});
+}
+
 export function verifyToken(
 	token: string,
 	jwtSecret: string,