diff --git a/src/api/routes/auth/login.ts b/src/api/routes/auth/login.ts
index 2b97ec10..89d0be69 100644
--- a/src/api/routes/auth/login.ts
+++ b/src/api/routes/auth/login.ts
@@ -102,6 +102,17 @@ router.post(
});
}
+ // return an error for unverified accounts if verification is required
+ if (config.login.requireVerification && !user.verified) {
+ throw FieldErrors({
+ login: {
+ code: "ACCOUNT_LOGIN_VERIFICATION_EMAIL",
+ message:
+ "Email verification is required, please check your email.",
+ },
+ });
+ }
+
if (user.mfa_enabled && !user.webauthn_enabled) {
// TODO: This is not a discord.com ticket. I'm not sure what it is but I'm lazy
const ticket = crypto.randomBytes(40).toString("hex");
diff --git a/src/api/routes/auth/verify/index.ts b/src/api/routes/auth/verify/index.ts
index 7809bc26..14cc3f95 100644
--- a/src/api/routes/auth/verify/index.ts
+++ b/src/api/routes/auth/verify/index.ts
@@ -17,7 +17,7 @@
*/
import { route, verifyCaptcha } from "@fosscord/api";
-import { checkToken, Config, FieldErrors } from "@fosscord/util";
+import { checkToken, Config, FieldErrors, User } from "@fosscord/util";
import { Request, Response, Router } from "express";
import { HTTPError } from "lambert-server";
const router = Router();
@@ -57,11 +57,7 @@ router.post(
if (user.verified) return res.send(user);
- // verify email
- user.verified = true;
- await user.save();
-
- // TODO: invalidate token after use?
+ await User.update({ id: user.id }, { verified: true });
return res.send(user);
} catch (error) {
diff --git a/src/util/config/types/LoginConfiguration.ts b/src/util/config/types/LoginConfiguration.ts
index 862bc185..1d5752fe 100644
--- a/src/util/config/types/LoginConfiguration.ts
+++ b/src/util/config/types/LoginConfiguration.ts
@@ -18,4 +18,5 @@
export class LoginConfiguration {
requireCaptcha: boolean = false;
+ requireVerification: boolean = false;
}
|
