Baguette
/
authd
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Forbid the authentication of a user until he validates his email address.

master
Philippe Pittoli 2024-02-11 20:25:08 +01:00
parent a2f5442565
commit 4f84b4c5d6
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/requests/login.cr
View File

@ -19,6 +19,12 @@ class AuthD::Request
# No user means DODB::MissingEntry, so it's already covered. # No user means DODB::MissingEntry, so it's already covered.
return Response::ErrorInvalidCredentials.new if user.nil? return Response::ErrorInvalidCredentials.new if user.nil?
# In case the user hasn't validated his email address,
# authentication shouldn't be possible.
if user.contact.activation_key
return Response::ErrorInvalidCredentials.new
end
if user.password_hash != authd.hash_password @password if user.password_hash != authd.hash_password @password
return Response::ErrorInvalidCredentials.new return Response::ErrorInvalidCredentials.new
end end