zhengchen.tao/ezbookkeeping
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

not allow send password reset mail when email address is not verified

Browse Source
This commit is contained in:
MaysWind
2023-08-27 22:35:16 +08:00
parent c0bfe429ee
commit 616bfc6a2a
5 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pkg/api/forget_passwords.go
+5
View File
@@ -46,6 +46,11 @@ func (a *ForgetPasswordsApi) UserForgetPasswordRequestHandler(c *core.Context) (
return nil, errs.ErrUserNotFound
}
if !user.EmailVerified {
log.WarnfWithRequestId(c, "[forget_passwords.UserForgetPasswordRequestHandler] user \"uid:%d\" has not verified email", user.Uid)
return nil, errs.ErrEmptyIsNotVerified
}
token, _, err := a.tokens.CreatePasswordResetToken(user, c)
if err != nil {
pkg/cli/user_data.go
+5
View File
@@ -177,6 +177,11 @@ func (l *UserDataCli) SendPasswordResetMail(c *cli.Context, username string) err
return err
}
if !user.EmailVerified {
log.BootWarnf("[user_data.SendPasswordResetMail] user \"uid:%d\" has not verified email", user.Uid)
return errs.ErrEmptyIsNotVerified
}
token, _, err := l.tokens.CreatePasswordResetToken(user, nil)
if err != nil {
pkg/errs/user.go
+1
View File
@@ -26,4 +26,5 @@ var (
ErrEmptyIsInvalid = NewNormalError(NormalSubcategoryUser, 17, http.StatusBadRequest, "email is invalid")
ErrEmailIsEmptyOrInvalid = NewNormalError(NormalSubcategoryUser, 18, http.StatusBadRequest, "email is empty or invalid")
ErrNewPasswordEqualsOldInvalid = NewNormalError(NormalSubcategoryUser, 19, http.StatusBadRequest, "new password equals old password")
ErrEmptyIsNotVerified = NewNormalError(NormalSubcategoryUser, 20, http.StatusBadRequest, "email is not verified")
)
src/locales/en.js
+1
View File
@@ -584,6 +584,7 @@ export default {
'email is invalid': 'Email is invalid',
'email is empty or invalid': 'Email is empty or invalid',
'new password equals old password': 'New password equals old password',
'email is not verified': 'Email is not verified',
'unauthorized access': 'Unauthorized access',
'current token is invalid': 'Current token is invalid',
'current token is expired': 'Current token is expired',
src/locales/zh_Hans.js
+1
View File
@@ -584,6 +584,7 @@ export default {
'email is invalid': '邮箱无效',
'email is empty or invalid': '邮箱为空或无效',
'new password equals old password': '新密码与旧密码相同',
'email is not verified': '邮箱没有验证过',
'unauthorized access': '未授权的登录',
'current token is invalid': '当前认证令牌无效',
'current token is expired': '当前认证令牌已过期',