From 35f8053f456a8d6f0cb010c46eae8dd7988e7822 Mon Sep 17 00:00:00 2001
From: Danny Avila <danny@librechat.ai>
Date: Fri, 7 Jun 2024 15:43:43 -0400
Subject: [PATCH] =?UTF-8?q?=F0=9F=93=A7=20fix:=20Ensure=20User=20Verificat?=
 =?UTF-8?q?ion=20for=20Instances=20without=20Email=20Service=20(#2998)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../controllers/auth/LoginController.js       | 24 +++++++++++++++----
 1 file changed, 19 insertions(+), 5 deletions(-)

diff --git a/api/server/controllers/auth/LoginController.js b/api/server/controllers/auth/LoginController.js
index 414be8253e..925eb21d77 100644
--- a/api/server/controllers/auth/LoginController.js
+++ b/api/server/controllers/auth/LoginController.js
@@ -1,8 +1,11 @@
 const { setAuthTokens } = require('~/server/services/AuthService');
-const { getUserById } = require('~/models/userMethods');
-const { isEnabled } = require('~/server/utils');
+const { getUserById, updateUser } = require('~/models/userMethods');
+const { isEnabled, checkEmailConfig } = require('~/server/utils');
 const { logger } = require('~/config');
 
+// Unix timestamp for 2024-06-07 15:20:18 Eastern Time
+const verificationEnabledTimestamp = 1717788018;
+
 const loginController = async (req, res) => {
   try {
     const user = await getUserById(req.user._id, '-password -__v');
@@ -12,6 +15,18 @@ const loginController = async (req, res) => {
       return res.status(400).json({ message: 'Invalid credentials' });
     }
 
+    const emailEnabled = checkEmailConfig();
+    const userCreatedAtTimestamp = Math.floor(new Date(user.createdAt).getTime() / 1000);
+
+    if (
+      !emailEnabled &&
+      !user.emailVerified &&
+      userCreatedAtTimestamp < verificationEnabledTimestamp
+    ) {
+      await updateUser(user._id, { emailVerified: true });
+      user.emailVerified = true;
+    }
+
     if (!user.emailVerified && !isEnabled(process.env.ALLOW_UNVERIFIED_EMAIL_LOGIN)) {
       return res.status(422).json({ message: 'Email not verified' });
     }
@@ -21,10 +36,9 @@ const loginController = async (req, res) => {
     return res.status(200).send({ token, user });
   } catch (err) {
     logger.error('[loginController]', err);
-  }
 
-  // Generic error messages are safer
-  return res.status(500).json({ message: 'Something went wrong' });
+    return res.status(500).json({ message: 'Something went wrong' });
+  }
 };
 
 module.exports = {