Added logic to prevent login when email not confirmed #77

2023-02-16 17:12:41 +01:00 · 2023-02-16 17:12:41 +01:00 · 8efd0fc993
commit 8efd0fc993
parent 3844240930
2 changed files with 8 additions and 0 deletions
--- a/kdb-bot/src/bot_api/service/auth_service.py
+++ b/kdb-bot/src/bot_api/service/auth_service.py
@ -465,6 +465,9 @@ class AuthService(AuthServiceABC):
        if db_user.password != user_dto.password:
            raise ServiceException(ServiceErrorCode.InvalidUser, "Wrong password")

+        if db_user.confirmation_id is not None:
+            raise ServiceException(ServiceErrorCode.Forbidden, "E-Mail not verified")
+
        token = self.generate_token(db_user)
        refresh_token = self._create_and_save_refresh_token(db_user)
        if db_user.forgot_password_id is not None:
@ -488,6 +491,9 @@ class AuthService(AuthServiceABC):
                lambda x: self._auth_users.add_auth_user_user_rel(AuthUserUsersRelation(db_user, x))
            )

+        if db_user.confirmation_id is not None:
+            raise ServiceException(ServiceErrorCode.Forbidden, "E-Mail not verified")
+
        token = self.generate_token(db_user)
        refresh_token = self._create_and_save_refresh_token(db_user)
        if db_user.forgot_password_id is not None:
--- a/kdb-web/src/app/modules/auth/components/login/login.component.ts
+++ b/kdb-web/src/app/modules/auth/components/login/login.component.ts
@ -74,6 +74,8 @@ export class LoginComponent implements OnInit {
          this.spinnerService.hideSpinner();
          this.router.navigate(["auth", "login"]).then(() => {
          });
+          this.state = "";
+          this.code = "";
          return throwError(() => err);
        })).subscribe(token => {
          this.authService.saveToken(token);