From 8efd0fc99321cb9b42ed956d469ed8feb12830b9 Mon Sep 17 00:00:00 2001 From: Sven Heidemann Date: Thu, 16 Feb 2023 17:12:41 +0100 Subject: [PATCH] Added logic to prevent login when email not confirmed #77 --- kdb-bot/src/bot_api/service/auth_service.py | 6 ++++++ .../app/modules/auth/components/login/login.component.ts | 2 ++ 2 files changed, 8 insertions(+) diff --git a/kdb-bot/src/bot_api/service/auth_service.py b/kdb-bot/src/bot_api/service/auth_service.py index 675eca99..b7dda916 100644 --- a/kdb-bot/src/bot_api/service/auth_service.py +++ b/kdb-bot/src/bot_api/service/auth_service.py @@ -465,6 +465,9 @@ class AuthService(AuthServiceABC): if db_user.password != user_dto.password: raise ServiceException(ServiceErrorCode.InvalidUser, "Wrong password") + if db_user.confirmation_id is not None: + raise ServiceException(ServiceErrorCode.Forbidden, "E-Mail not verified") + token = self.generate_token(db_user) refresh_token = self._create_and_save_refresh_token(db_user) if db_user.forgot_password_id is not None: @@ -488,6 +491,9 @@ class AuthService(AuthServiceABC): lambda x: self._auth_users.add_auth_user_user_rel(AuthUserUsersRelation(db_user, x)) ) + if db_user.confirmation_id is not None: + raise ServiceException(ServiceErrorCode.Forbidden, "E-Mail not verified") + token = self.generate_token(db_user) refresh_token = self._create_and_save_refresh_token(db_user) if db_user.forgot_password_id is not None: diff --git a/kdb-web/src/app/modules/auth/components/login/login.component.ts b/kdb-web/src/app/modules/auth/components/login/login.component.ts index 8ab34cf9..0d4cdf6e 100644 --- a/kdb-web/src/app/modules/auth/components/login/login.component.ts +++ b/kdb-web/src/app/modules/auth/components/login/login.component.ts @@ -74,6 +74,8 @@ export class LoginComponent implements OnInit { this.spinnerService.hideSpinner(); this.router.navigate(["auth", "login"]).then(() => { }); + this.state = ""; + this.code = ""; return throwError(() => err); })).subscribe(token => { this.authService.saveToken(token); -- 2.45.2