From 6d815db375a074b2b7dd9b01cb942bd7bdcaeeda Mon Sep 17 00:00:00 2001 From: Nutomic Date: Thu, 29 Feb 2024 15:12:45 +0100 Subject: [PATCH] Require verified email to reset password (#4482) --- crates/api/src/local_user/login.rs | 12 ++---------- crates/api/src/local_user/mod.rs | 15 +++++++++++++++ crates/api/src/local_user/reset_password.rs | 5 ++++- 3 files changed, 21 insertions(+), 11 deletions(-) diff --git a/crates/api/src/local_user/login.rs b/crates/api/src/local_user/login.rs index 956dcbba1..1fe337f3c 100644 --- a/crates/api/src/local_user/login.rs +++ b/crates/api/src/local_user/login.rs @@ -1,4 +1,4 @@ -use crate::check_totp_2fa_valid; +use crate::{check_totp_2fa_valid, local_user::check_email_verified}; use actix_web::{ web::{Data, Json}, HttpRequest, @@ -43,15 +43,7 @@ pub async fn login( Err(LemmyErrorType::IncorrectLogin)? } check_user_valid(&local_user_view.person)?; - - // Check if the user's email is verified if email verification is turned on - // However, skip checking verification if the user is an admin - if !local_user_view.local_user.admin - && site_view.local_site.require_email_verification - && !local_user_view.local_user.email_verified - { - Err(LemmyErrorType::EmailNotVerified)? - } + check_email_verified(&local_user_view, &site_view)?; check_registration_application(&local_user_view, &site_view.local_site, &mut context.pool()) .await?; diff --git a/crates/api/src/local_user/mod.rs b/crates/api/src/local_user/mod.rs index 98e023fa5..8bf2e5327 100644 --- a/crates/api/src/local_user/mod.rs +++ b/crates/api/src/local_user/mod.rs @@ -1,3 +1,6 @@ +use lemmy_db_views::structs::{LocalUserView, SiteView}; +use lemmy_utils::{error::LemmyResult, LemmyErrorType}; + pub mod add_admin; pub mod ban_person; pub mod block; @@ -16,3 +19,15 @@ pub mod save_settings; pub mod update_totp; pub mod validate_auth; pub mod verify_email; + +/// Check if the user's email is verified if email verification is turned on +/// However, skip checking verification if the user is an admin +fn check_email_verified(local_user_view: &LocalUserView, site_view: &SiteView) -> LemmyResult<()> { + if !local_user_view.local_user.admin + && site_view.local_site.require_email_verification + && !local_user_view.local_user.email_verified + { + Err(LemmyErrorType::EmailNotVerified)? + } + Ok(()) +} diff --git a/crates/api/src/local_user/reset_password.rs b/crates/api/src/local_user/reset_password.rs index 90aa910e0..414f506ba 100644 --- a/crates/api/src/local_user/reset_password.rs +++ b/crates/api/src/local_user/reset_password.rs @@ -1,3 +1,4 @@ +use crate::local_user::check_email_verified; use actix_web::web::{Data, Json}; use lemmy_api_common::{ context::LemmyContext, @@ -6,7 +7,7 @@ use lemmy_api_common::{ SuccessResponse, }; use lemmy_db_schema::source::password_reset_request::PasswordResetRequest; -use lemmy_db_views::structs::LocalUserView; +use lemmy_db_views::structs::{LocalUserView, SiteView}; use lemmy_utils::error::{LemmyErrorExt, LemmyErrorType, LemmyResult}; #[tracing::instrument(skip(context))] @@ -29,6 +30,8 @@ pub async fn reset_password( if recent_resets_count >= 3 { Err(LemmyErrorType::PasswordResetLimitReached)? } + let site_view = SiteView::read_local(&mut context.pool()).await?; + check_email_verified(&local_user_view, &site_view)?; // Email the pure token to the user. send_password_reset_email(&local_user_view, &mut context.pool(), context.settings()).await?;