Prevent authentication when: no validated email address but an activation key.
This commit is contained in:
parent
d24cb5d94e
commit
8f7c3f5b0d
@ -34,9 +34,9 @@ class AuthD::Request
|
|||||||
# No user means DODB::MissingEntry, so it's already covered.
|
# No user means DODB::MissingEntry, so it's already covered.
|
||||||
return Response::ErrorInvalidCredentials.new if user.nil?
|
return Response::ErrorInvalidCredentials.new if user.nil?
|
||||||
|
|
||||||
# In case the user hasn't validated his email address,
|
# In case the user hasn't validated his email address (no email address but a token is present),
|
||||||
# authentication shouldn't be possible.
|
# authentication shouldn't be possible.
|
||||||
if user.contact.activation_key
|
if user.contact.email.nil? && user.contact.activation_key
|
||||||
return Response::ErrorEmailAddressNotValidated.new
|
return Response::ErrorEmailAddressNotValidated.new
|
||||||
end
|
end
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user