not allow send password reset mail when email address is not verified
This commit is contained in:
MaysWind
@@ -46,6 +46,11 @@ func (a *ForgetPasswordsApi) UserForgetPasswordRequestHandler(c *core.Context) (
|
|||||||
return nil, errs.ErrUserNotFound
|
return nil, errs.ErrUserNotFound
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if !user.EmailVerified {
|
||||||
|
log.WarnfWithRequestId(c, "[forget_passwords.UserForgetPasswordRequestHandler] user \"uid:%d\" has not verified email", user.Uid)
|
||||||
|
return nil, errs.ErrEmptyIsNotVerified
|
||||||
|
}
|
||||||
|
|
||||||
token, _, err := a.tokens.CreatePasswordResetToken(user, c)
|
token, _, err := a.tokens.CreatePasswordResetToken(user, c)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|||||||
@@ -177,6 +177,11 @@ func (l *UserDataCli) SendPasswordResetMail(c *cli.Context, username string) err
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if !user.EmailVerified {
|
||||||
|
log.BootWarnf("[user_data.SendPasswordResetMail] user \"uid:%d\" has not verified email", user.Uid)
|
||||||
|
return errs.ErrEmptyIsNotVerified
|
||||||
|
}
|
||||||
|
|
||||||
token, _, err := l.tokens.CreatePasswordResetToken(user, nil)
|
token, _, err := l.tokens.CreatePasswordResetToken(user, nil)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|||||||
@@ -26,4 +26,5 @@ var (
|
|||||||
ErrEmptyIsInvalid = NewNormalError(NormalSubcategoryUser, 17, http.StatusBadRequest, "email is invalid")
|
ErrEmptyIsInvalid = NewNormalError(NormalSubcategoryUser, 17, http.StatusBadRequest, "email is invalid")
|
||||||
ErrEmailIsEmptyOrInvalid = NewNormalError(NormalSubcategoryUser, 18, http.StatusBadRequest, "email is empty or invalid")
|
ErrEmailIsEmptyOrInvalid = NewNormalError(NormalSubcategoryUser, 18, http.StatusBadRequest, "email is empty or invalid")
|
||||||
ErrNewPasswordEqualsOldInvalid = NewNormalError(NormalSubcategoryUser, 19, http.StatusBadRequest, "new password equals old password")
|
ErrNewPasswordEqualsOldInvalid = NewNormalError(NormalSubcategoryUser, 19, http.StatusBadRequest, "new password equals old password")
|
||||||
|
ErrEmptyIsNotVerified = NewNormalError(NormalSubcategoryUser, 20, http.StatusBadRequest, "email is not verified")
|
||||||
)
|
)
|
||||||
|
|||||||
@@ -584,6 +584,7 @@ export default {
|
|||||||
'email is invalid': 'Email is invalid',
|
'email is invalid': 'Email is invalid',
|
||||||
'email is empty or invalid': 'Email is empty or invalid',
|
'email is empty or invalid': 'Email is empty or invalid',
|
||||||
'new password equals old password': 'New password equals old password',
|
'new password equals old password': 'New password equals old password',
|
||||||
|
'email is not verified': 'Email is not verified',
|
||||||
'unauthorized access': 'Unauthorized access',
|
'unauthorized access': 'Unauthorized access',
|
||||||
'current token is invalid': 'Current token is invalid',
|
'current token is invalid': 'Current token is invalid',
|
||||||
'current token is expired': 'Current token is expired',
|
'current token is expired': 'Current token is expired',
|
||||||
|
|||||||
@@ -584,6 +584,7 @@ export default {
|
|||||||
'email is invalid': '邮箱无效',
|
'email is invalid': '邮箱无效',
|
||||||
'email is empty or invalid': '邮箱为空或无效',
|
'email is empty or invalid': '邮箱为空或无效',
|
||||||
'new password equals old password': '新密码与旧密码相同',
|
'new password equals old password': '新密码与旧密码相同',
|
||||||
|
'email is not verified': '邮箱没有验证过',
|
||||||
'unauthorized access': '未授权的登录',
|
'unauthorized access': '未授权的登录',
|
||||||
'current token is invalid': '当前认证令牌无效',
|
'current token is invalid': '当前认证令牌无效',
|
||||||
'current token is expired': '当前认证令牌已过期',
|
'current token is expired': '当前认证令牌已过期',
|
||||||
|
|||||||
Reference in New Issue
Block a user