🔐 refactor: Unverified User Verification Logic (#4482)

2025-12-17 17:00:15 +01:00 · 2024-10-21 07:51:45 -04:00 · 2024-10-21 07:51:45 -04:00 · f121439960
commit f121439960
parent 4d4a6b53f1
2 changed files with 9 additions and 3 deletions
--- a/api/server/services/AuthService.js
+++ b/api/server/services/AuthService.js
@ -11,7 +11,7 @@ const {
  deleteUserById,
 } = require('~/models/userMethods');
 const { createToken, findToken, deleteTokens, Session } = require('~/models');
-const { sendEmail, checkEmailConfig } = require('~/server/utils');
+const { isEnabled, checkEmailConfig, sendEmail } = require('~/server/utils');
 const { registerSchema } = require('~/strategies/validators');
 const { hashToken } = require('~/server/utils/crypto');
 const isDomainAllowed = require('./isDomainAllowed');
@ -188,7 +188,8 @@ const registerUser = async (user, additionalData = {}) => {
    };

    const emailEnabled = checkEmailConfig();
-    const newUser = await createUser(newUserData, false, true);
+    const disableTTL = isEnabled(process.env.ALLOW_UNVERIFIED_EMAIL_LOGIN);
+    const newUser = await createUser(newUserData, disableTTL, true);
    newUserId = newUser._id;
    if (emailEnabled && !newUser.emailVerified) {
      await sendVerificationEmail({
--- a/api/strategies/localStrategy.js
+++ b/api/strategies/localStrategy.js
@ -48,7 +48,12 @@ async function passportLogin(req, email, password, done) {
      user.emailVerified = true;
    }

-    if (!user.emailVerified && !isEnabled(process.env.ALLOW_UNVERIFIED_EMAIL_LOGIN)) {
+    const unverifiedAllowed = isEnabled(process.env.ALLOW_UNVERIFIED_EMAIL_LOGIN);
+    if (user.expiresAt && unverifiedAllowed) {
+      await updateUser(user._id, {});
+    }
+
+    if (!user.emailVerified && !unverifiedAllowed) {
      logError('Passport Local Strategy - Email not verified', { email });
      logger.error(`[Login] [Login failed] [Username: ${email}] [Request-IP: ${req.ip}]`);
      return done(null, user, { message: 'Email not verified.' });