From d8defc6c94bada9c0d939f113bf1cf74f570ad6b Mon Sep 17 00:00:00 2001 From: Danny Avila Date: Mon, 21 Oct 2024 07:51:45 -0400 Subject: [PATCH] =?UTF-8?q?=F0=9F=94=90=20refactor:=20Unverified=20User=20?= =?UTF-8?q?Verification=20Logic=20(#4482)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- api/server/services/AuthService.js | 5 +++-- api/strategies/localStrategy.js | 7 ++++++- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/api/server/services/AuthService.js b/api/server/services/AuthService.js index 326b0ed420bb..5812dd26f99a 100644 --- a/api/server/services/AuthService.js +++ b/api/server/services/AuthService.js @@ -11,7 +11,7 @@ const { deleteUserById, } = require('~/models/userMethods'); const { createToken, findToken, deleteTokens, Session } = require('~/models'); -const { sendEmail, checkEmailConfig } = require('~/server/utils'); +const { isEnabled, checkEmailConfig, sendEmail } = require('~/server/utils'); const { registerSchema } = require('~/strategies/validators'); const { hashToken } = require('~/server/utils/crypto'); const isDomainAllowed = require('./isDomainAllowed'); @@ -188,7 +188,8 @@ const registerUser = async (user, additionalData = {}) => { }; const emailEnabled = checkEmailConfig(); - const newUser = await createUser(newUserData, false, true); + const disableTTL = isEnabled(process.env.ALLOW_UNVERIFIED_EMAIL_LOGIN); + const newUser = await createUser(newUserData, disableTTL, true); newUserId = newUser._id; if (emailEnabled && !newUser.emailVerified) { await sendVerificationEmail({ diff --git a/api/strategies/localStrategy.js b/api/strategies/localStrategy.js index 9c87a5b3194f..bffb4f845f82 100644 --- a/api/strategies/localStrategy.js +++ b/api/strategies/localStrategy.js @@ -48,7 +48,12 @@ async function passportLogin(req, email, password, done) { user.emailVerified = true; } - if (!user.emailVerified && !isEnabled(process.env.ALLOW_UNVERIFIED_EMAIL_LOGIN)) { + const unverifiedAllowed = isEnabled(process.env.ALLOW_UNVERIFIED_EMAIL_LOGIN); + if (user.expiresAt && unverifiedAllowed) { + await updateUser(user._id, {}); + } + + if (!user.emailVerified && !unverifiedAllowed) { logError('Passport Local Strategy - Email not verified', { email }); logger.error(`[Login] [Login failed] [Username: ${email}] [Request-IP: ${req.ip}]`); return done(null, user, { message: 'Email not verified.' });