Added logic to prevent login when email not confirmed #77

This commit is contained in:
Sven Heidemann 2023-02-16 17:12:41 +01:00
parent 3844240930
commit 8efd0fc993
2 changed files with 8 additions and 0 deletions

View File

@ -465,6 +465,9 @@ class AuthService(AuthServiceABC):
if db_user.password != user_dto.password:
raise ServiceException(ServiceErrorCode.InvalidUser, "Wrong password")
if db_user.confirmation_id is not None:
raise ServiceException(ServiceErrorCode.Forbidden, "E-Mail not verified")
token = self.generate_token(db_user)
refresh_token = self._create_and_save_refresh_token(db_user)
if db_user.forgot_password_id is not None:
@ -488,6 +491,9 @@ class AuthService(AuthServiceABC):
lambda x: self._auth_users.add_auth_user_user_rel(AuthUserUsersRelation(db_user, x))
)
if db_user.confirmation_id is not None:
raise ServiceException(ServiceErrorCode.Forbidden, "E-Mail not verified")
token = self.generate_token(db_user)
refresh_token = self._create_and_save_refresh_token(db_user)
if db_user.forgot_password_id is not None:

View File

@ -74,6 +74,8 @@ export class LoginComponent implements OnInit {
this.spinnerService.hideSpinner();
this.router.navigate(["auth", "login"]).then(() => {
});
this.state = "";
this.code = "";
return throwError(() => err);
})).subscribe(token => {
this.authService.saveToken(token);