Require verified email to reset password (#4482)

2024-11-21 14:17:08 +00:00 · 2024-02-29 15:12:45 +01:00 · 2024-02-29 15:12:45 +01:00 · 6d815db375
parent 328a48c9f5
commit 6d815db375
3 changed files with 21 additions and 11 deletions
--- a/crates/api/src/local_user/login.rs
+++ b/crates/api/src/local_user/login.rs
@ -1,4 +1,4 @@
-use crate::check_totp_2fa_valid;
+use crate::{check_totp_2fa_valid, local_user::check_email_verified};
 use actix_web::{
  web::{Data, Json},
  HttpRequest,
@ -43,15 +43,7 @@ pub async fn login(
    Err(LemmyErrorType::IncorrectLogin)?
  }
  check_user_valid(&local_user_view.person)?;
-
-  // Check if the user's email is verified if email verification is turned on
-  // However, skip checking verification if the user is an admin
-  if !local_user_view.local_user.admin
-    && site_view.local_site.require_email_verification
-    && !local_user_view.local_user.email_verified
-  {
-    Err(LemmyErrorType::EmailNotVerified)?
-  }
+  check_email_verified(&local_user_view, &site_view)?;

  check_registration_application(&local_user_view, &site_view.local_site, &mut context.pool())
    .await?;
--- a/crates/api/src/local_user/mod.rs
+++ b/crates/api/src/local_user/mod.rs
@ -1,3 +1,6 @@
+use lemmy_db_views::structs::{LocalUserView, SiteView};
+use lemmy_utils::{error::LemmyResult, LemmyErrorType};
+
 pub mod add_admin;
 pub mod ban_person;
 pub mod block;
@ -16,3 +19,15 @@ pub mod save_settings;
 pub mod update_totp;
 pub mod validate_auth;
 pub mod verify_email;
+
+/// Check if the user's email is verified if email verification is turned on
+/// However, skip checking verification if the user is an admin
+fn check_email_verified(local_user_view: &LocalUserView, site_view: &SiteView) -> LemmyResult<()> {
+  if !local_user_view.local_user.admin
+    && site_view.local_site.require_email_verification
+    && !local_user_view.local_user.email_verified
+  {
+    Err(LemmyErrorType::EmailNotVerified)?
+  }
+  Ok(())
+}
--- a/crates/api/src/local_user/reset_password.rs
+++ b/crates/api/src/local_user/reset_password.rs
@ -1,3 +1,4 @@
+use crate::local_user::check_email_verified;
 use actix_web::web::{Data, Json};
 use lemmy_api_common::{
  context::LemmyContext,
@ -6,7 +7,7 @@ use lemmy_api_common::{
  SuccessResponse,
 };
 use lemmy_db_schema::source::password_reset_request::PasswordResetRequest;
-use lemmy_db_views::structs::LocalUserView;
+use lemmy_db_views::structs::{LocalUserView, SiteView};
 use lemmy_utils::error::{LemmyErrorExt, LemmyErrorType, LemmyResult};

 #[tracing::instrument(skip(context))]
@ -29,6 +30,8 @@ pub async fn reset_password(
  if recent_resets_count >= 3 {
    Err(LemmyErrorType::PasswordResetLimitReached)?
  }
+  let site_view = SiteView::read_local(&mut context.pool()).await?;
+  check_email_verified(&local_user_view, &site_view)?;

  // Email the pure token to the user.
  send_password_reset_email(&local_user_view, &mut context.pool(), context.settings()).await?;