not allow send password reset mail when email address is not verified

2023-08-27 22:35:16 +08:00
parent c0bfe429ee
commit 616bfc6a2a
5 changed files with 13 additions and 0 deletions
@@ -46,6 +46,11 @@ func (a *ForgetPasswordsApi) UserForgetPasswordRequestHandler(c *core.Context) (
 		return nil, errs.ErrUserNotFound
 	}

+	if !user.EmailVerified {
+		log.WarnfWithRequestId(c, "[forget_passwords.UserForgetPasswordRequestHandler] user \"uid:%d\" has not verified email", user.Uid)
+		return nil, errs.ErrEmptyIsNotVerified
+	}
+
 	token, _, err := a.tokens.CreatePasswordResetToken(user, c)

 	if err != nil {