Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2025-12-17 00:40:14 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

📧 fix: Ensure User Verification for Instances without Email Service (#2998)

Browse source
This commit is contained in:
Danny Avila 2024-06-07 15:43:43 -04:00 committed by GitHub
parent ee673d682e
commit 35f8053f45
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 19 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

24
api/server/controllers/auth/LoginController.js
View file

@ -1,8 +1,11 @@
const { setAuthTokens } = require('~/server/services/AuthService'); const { setAuthTokens } = require('~/server/services/AuthService');
const { getUserById } = require('~/models/userMethods'); const { getUserById, updateUser } = require('~/models/userMethods');
const { isEnabled } = require('~/server/utils'); const { isEnabled, checkEmailConfig } = require('~/server/utils');
const { logger } = require('~/config'); const { logger } = require('~/config');
// Unix timestamp for 2024-06-07 15:20:18 Eastern Time
const verificationEnabledTimestamp = 1717788018;
const loginController = async (req, res) => { const loginController = async (req, res) => {
try { try {
const user = await getUserById(req.user._id, '-password -__v'); const user = await getUserById(req.user._id, '-password -__v');
@ -12,6 +15,18 @@ const loginController = async (req, res) => {
return res.status(400).json({ message: 'Invalid credentials' }); return res.status(400).json({ message: 'Invalid credentials' });
} }
const emailEnabled = checkEmailConfig();
const userCreatedAtTimestamp = Math.floor(new Date(user.createdAt).getTime() / 1000);
if (
!emailEnabled &&
!user.emailVerified &&
userCreatedAtTimestamp < verificationEnabledTimestamp
) {
await updateUser(user._id, { emailVerified: true });
user.emailVerified = true;
}
if (!user.emailVerified && !isEnabled(process.env.ALLOW_UNVERIFIED_EMAIL_LOGIN)) { if (!user.emailVerified && !isEnabled(process.env.ALLOW_UNVERIFIED_EMAIL_LOGIN)) {
return res.status(422).json({ message: 'Email not verified' }); return res.status(422).json({ message: 'Email not verified' });
} }
@ -21,10 +36,9 @@ const loginController = async (req, res) => {
return res.status(200).send({ token, user }); return res.status(200).send({ token, user });
} catch (err) { } catch (err) {
logger.error('[loginController]', err); logger.error('[loginController]', err);
}
// Generic error messages are safer return res.status(500).json({ message: 'Something went wrong' });
return res.status(500).json({ message: 'Something went wrong' }); }
}; };
module.exports = { module.exports = {