🔐 refactor: Unverified User Verification Logic (#4482)

api/server/services/AuthService.js

@@ -11,7 +11,7 @@ const {
   deleteUserById,
 } = require('~/models/userMethods');
 const { createToken, findToken, deleteTokens, Session } = require('~/models');
-const { sendEmail, checkEmailConfig } = require('~/server/utils');
+const { isEnabled, checkEmailConfig, sendEmail } = require('~/server/utils');
 const { registerSchema } = require('~/strategies/validators');
 const { hashToken } = require('~/server/utils/crypto');
 const isDomainAllowed = require('./isDomainAllowed');
@@ -188,7 +188,8 @@ const registerUser = async (user, additionalData = {}) => {
     };
 
     const emailEnabled = checkEmailConfig();
-    const newUser = await createUser(newUserData, false, true);
+    const disableTTL = isEnabled(process.env.ALLOW_UNVERIFIED_EMAIL_LOGIN);
+    const newUser = await createUser(newUserData, disableTTL, true);
     newUserId = newUser._id;
     if (emailEnabled && !newUser.emailVerified) {
       await sendVerificationEmail({

api/strategies/localStrategy.js

@@ -48,7 +48,12 @@ async function passportLogin(req, email, password, done) {
       user.emailVerified = true;
     }
 
-    if (!user.emailVerified && !isEnabled(process.env.ALLOW_UNVERIFIED_EMAIL_LOGIN)) {
+    const unverifiedAllowed = isEnabled(process.env.ALLOW_UNVERIFIED_EMAIL_LOGIN);
+    if (user.expiresAt && unverifiedAllowed) {
+      await updateUser(user._id, {});
+    }
+
+    if (!user.emailVerified && !unverifiedAllowed) {
       logError('Passport Local Strategy - Email not verified', { email });
       logger.error(`[Login] [Login failed] [Username: ${email}] [Request-IP: ${req.ip}]`);
       return done(null, user, { message: 'Email not verified.' });