Add ability to require e-mail verification

2021-05-04 11:28:55 -05:00
parent f45e92af1e
commit 62c818dc8d
11 changed files with 189 additions and 5 deletions
--- a/app/controllers/api/v1/Profile.controller.js
+++ b/app/controllers/api/v1/Profile.controller.js
@@ -124,6 +124,8 @@ class ProfileController extends Controller {

    async update(req, res, next) {
        const User = this.models.get('auth:User')
+        const Message = this.models.get('Message')
+        const Setting = this.models.get('Setting')

        let user
        if ( req.params.user_id === 'me' ) user = req.user
@@ -155,6 +157,11 @@ class ProfileController extends Controller {
                .api()

        // Update the user's profile
+        if ( user.email !== req.body.email && (await Setting.get('auth.require_email_verify')) ) {
+            await req.trap.begin('verify_email', { session_only: false })
+            await Message.create(req.user, 'Your e-mail address has changed, and a verification e-mail has been sent. You must complete this process to continue.')
+        }
+
        user.first_name = req.body.first_name
        user.last_name = req.body.last_name
        user.email = req.body.email
@@ -163,7 +170,9 @@ class ProfileController extends Controller {

        // Save the record
        await user.save()
-        return res.api()
+        return res.api({
+            force_message_refresh: true,
+        })
    }

    async update_photo(req, res, next) {
--- a/app/controllers/auth/Forms.controller.js
+++ b/app/controllers/auth/Forms.controller.js
@@ -7,7 +7,7 @@ const FormController = require('flitter-auth/controllers/Forms')
 */
 class Forms extends FormController {
    static get services() {
-        return [...super.services, 'Vue', 'models']
+        return [...super.services, 'Vue', 'models', 'jobs']
    }

    async registration_provider_get(req, res, next) {
@@ -20,6 +20,50 @@ class Forms extends FormController {
        })
    }

+    async email_verify_keyaction(req, res, next) {
+        if ( !req.trap.has_trap('verify_email') ) return res.redirect(req.session.email_verify_flow || '/dash/profile')
+        req.user.email_verified = true
+        await req.user.save()
+        await req.trap.end()
+        const url = req.session.email_verify_flow || '/dash/profile'
+        return res.redirect(url)
+    }
+
+    async show_verify_email(req, res, next) {
+        if ( !req.trap.has_trap('verify_email') ) return res.redirect(req.session.email_verify_flow || '/dash/profile')
+        const verify_queue = this.jobs.queue('verifications')
+        await verify_queue.add('SendVerificationEmail', { user_id: req.user.id })
+
+        return res.page('public:message', {
+            ...this.Vue.data({
+                message: req.T('auth.must_verify_email'),
+                actions: [
+                    {
+                        text: 'Send Verification E-Mail',
+                        action: 'redirect',
+                        next: '/auth/verify-email/sent',
+                    },
+                ],
+            })
+        })
+    }
+
+    async send_verify_email(req, res, next) {
+        if ( !req.trap.has_trap('verify_email') ) return res.redirect(req.session.email_verify_flow || '/dash/profile')
+        return res.page('public:message', {
+            ...this.Vue.data({
+                message: req.T('auth.verify_email_sent'),
+                actions: [
+                    {
+                        text: 'Re-send Verification E-Mail',
+                        action: 'redirect',
+                        next: '/auth/verify-email/sent',
+                    },
+                ],
+            })
+        })
+    }
+
    async finish_registration(req, res, next) {
        if ( req.trap.has_trap() && req.trap.get_trap() === 'registrant_flow' ) await req.trap.end()
        const dest = req.session.registrant_flow || '/dash/profile'