summary refs log tree commit diff
path: root/src/api/routes/auth
diff options
context:
space:
mode:
Diffstat (limited to 'src/api/routes/auth')
-rw-r--r--src/api/routes/auth/login.ts11
-rw-r--r--src/api/routes/auth/verify/index.ts8
2 files changed, 13 insertions, 6 deletions
diff --git a/src/api/routes/auth/login.ts b/src/api/routes/auth/login.ts
index 2b97ec10..89d0be69 100644
--- a/src/api/routes/auth/login.ts
+++ b/src/api/routes/auth/login.ts
@@ -102,6 +102,17 @@ router.post(
 			});
 		}
 
+		// return an error for unverified accounts if verification is required
+		if (config.login.requireVerification && !user.verified) {
+			throw FieldErrors({
+				login: {
+					code: "ACCOUNT_LOGIN_VERIFICATION_EMAIL",
+					message:
+						"Email verification is required, please check your email.",
+				},
+			});
+		}
+
 		if (user.mfa_enabled && !user.webauthn_enabled) {
 			// TODO: This is not a discord.com ticket. I'm not sure what it is but I'm lazy
 			const ticket = crypto.randomBytes(40).toString("hex");
diff --git a/src/api/routes/auth/verify/index.ts b/src/api/routes/auth/verify/index.ts
index 7809bc26..14cc3f95 100644
--- a/src/api/routes/auth/verify/index.ts
+++ b/src/api/routes/auth/verify/index.ts
@@ -17,7 +17,7 @@
 */
 
 import { route, verifyCaptcha } from "@fosscord/api";
-import { checkToken, Config, FieldErrors } from "@fosscord/util";
+import { checkToken, Config, FieldErrors, User } from "@fosscord/util";
 import { Request, Response, Router } from "express";
 import { HTTPError } from "lambert-server";
 const router = Router();
@@ -57,11 +57,7 @@ router.post(
 
 			if (user.verified) return res.send(user);
 
-			// verify email
-			user.verified = true;
-			await user.save();
-
-			// TODO: invalidate token after use?
+			await User.update({ id: user.id }, { verified: true });
 
 			return res.send(user);
 		} catch (error) {