From 616bfc6a2ae025d6eba5ef48d2a8e43b8797b32e Mon Sep 17 00:00:00 2001
From: MaysWind <i@mayswind.net>
Date: Sun, 27 Aug 2023 22:35:16 +0800
Subject: [PATCH] not allow send password reset mail when email address is not
 verified

---
 pkg/api/forget_passwords.go | 5 +++++
 pkg/cli/user_data.go        | 5 +++++
 pkg/errs/user.go            | 1 +
 src/locales/en.js           | 1 +
 src/locales/zh_Hans.js      | 1 +
 5 files changed, 13 insertions(+)

diff --git a/pkg/api/forget_passwords.go b/pkg/api/forget_passwords.go
index 4a51f405..b93c33f2 100644
--- a/pkg/api/forget_passwords.go
+++ b/pkg/api/forget_passwords.go
@@ -46,6 +46,11 @@ func (a *ForgetPasswordsApi) UserForgetPasswordRequestHandler(c *core.Context) (
 		return nil, errs.ErrUserNotFound
 	}
 
+	if !user.EmailVerified {
+		log.WarnfWithRequestId(c, "[forget_passwords.UserForgetPasswordRequestHandler] user \"uid:%d\" has not verified email", user.Uid)
+		return nil, errs.ErrEmptyIsNotVerified
+	}
+
 	token, _, err := a.tokens.CreatePasswordResetToken(user, c)
 
 	if err != nil {
diff --git a/pkg/cli/user_data.go b/pkg/cli/user_data.go
index 6f5ff3e5..942b9d3c 100644
--- a/pkg/cli/user_data.go
+++ b/pkg/cli/user_data.go
@@ -177,6 +177,11 @@ func (l *UserDataCli) SendPasswordResetMail(c *cli.Context, username string) err
 		return err
 	}
 
+	if !user.EmailVerified {
+		log.BootWarnf("[user_data.SendPasswordResetMail] user \"uid:%d\" has not verified email", user.Uid)
+		return errs.ErrEmptyIsNotVerified
+	}
+
 	token, _, err := l.tokens.CreatePasswordResetToken(user, nil)
 
 	if err != nil {
diff --git a/pkg/errs/user.go b/pkg/errs/user.go
index 68d6d581..dc40fa8d 100644
--- a/pkg/errs/user.go
+++ b/pkg/errs/user.go
@@ -26,4 +26,5 @@ var (
 	ErrEmptyIsInvalid               = NewNormalError(NormalSubcategoryUser, 17, http.StatusBadRequest, "email is invalid")
 	ErrEmailIsEmptyOrInvalid        = NewNormalError(NormalSubcategoryUser, 18, http.StatusBadRequest, "email is empty or invalid")
 	ErrNewPasswordEqualsOldInvalid  = NewNormalError(NormalSubcategoryUser, 19, http.StatusBadRequest, "new password equals old password")
+	ErrEmptyIsNotVerified           = NewNormalError(NormalSubcategoryUser, 20, http.StatusBadRequest, "email is not verified")
 )
diff --git a/src/locales/en.js b/src/locales/en.js
index 1b92d4b9..f5a3f6a5 100644
--- a/src/locales/en.js
+++ b/src/locales/en.js
@@ -584,6 +584,7 @@ export default {
         'email is invalid': 'Email is invalid',
         'email is empty or invalid': 'Email is empty or invalid',
         'new password equals old password': 'New password equals old password',
+        'email is not verified': 'Email is not verified',
         'unauthorized access': 'Unauthorized access',
         'current token is invalid': 'Current token is invalid',
         'current token is expired': 'Current token is expired',
diff --git a/src/locales/zh_Hans.js b/src/locales/zh_Hans.js
index 798944c3..5f29171b 100644
--- a/src/locales/zh_Hans.js
+++ b/src/locales/zh_Hans.js
@@ -584,6 +584,7 @@ export default {
         'email is invalid': '邮箱无效',
         'email is empty or invalid': '邮箱为空或无效',
         'new password equals old password': '新密码与旧密码相同',
+        'email is not verified': '邮箱没有验证过',
         'unauthorized access': '未授权的登录',
         'current token is invalid': '当前认证令牌无效',
         'current token is expired': '当前认证令牌已过期',