Forbid the authentication of a user until he validates his email address.
This commit is contained in:
parent
a2f5442565
commit
4f84b4c5d6
@ -19,6 +19,12 @@ class AuthD::Request
|
||||
# No user means DODB::MissingEntry, so it's already covered.
|
||||
return Response::ErrorInvalidCredentials.new if user.nil?
|
||||
|
||||
# In case the user hasn't validated his email address,
|
||||
# authentication shouldn't be possible.
|
||||
if user.contact.activation_key
|
||||
return Response::ErrorInvalidCredentials.new
|
||||
end
|
||||
|
||||
if user.password_hash != authd.hash_password @password
|
||||
return Response::ErrorInvalidCredentials.new
|
||||
end
|
||||
|
Loading…
Reference in New Issue
Block a user