From c3b940f89523d54d2e2baf436122a30fc0aafdd9 Mon Sep 17 00:00:00 2001 From: Frederick Muriuki Muriithi Date: Mon, 3 Jun 2024 11:49:12 -0500 Subject: Handle unverified emails If a user provides the correct credentials to login, but they are unverified, redirect them to the email verification page, where they are provided with a chance to verify their email, or send a new verification code. --- gn_auth/auth/authentication/oauth2/views.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'gn_auth/auth/authentication') diff --git a/gn_auth/auth/authentication/oauth2/views.py b/gn_auth/auth/authentication/oauth2/views.py index 7600ada..cf815ea 100644 --- a/gn_auth/auth/authentication/oauth2/views.py +++ b/gn_auth/auth/authentication/oauth2/views.py @@ -53,7 +53,7 @@ def authorise(): redirect_uri=request.args["redirect_uri"]) form = request.form - def __authorise__(conn: db.DbConnection) -> Response: + def __authorise__(conn: db.DbConnection): email_passwd_msg = "Email or password is invalid!" redirect_response = redirect(url_for("oauth2.auth.authorise", response_type=form["response_type"], @@ -64,6 +64,9 @@ def authorise(): form.get("user:email"), check_deliverability=False) user = user_by_email(conn, email["email"]) if valid_login(conn, user, form.get("user:password", "")): + if not user.verified: + return redirect(url_for( + "oauth2.users.handle_unverified"), code=307) return server.create_authorization_response(request=request, grant_user=user) flash(email_passwd_msg, "alert-danger") return redirect_response # type: ignore[return-value] -- cgit v1.2.3