add email verification to list of login challenges and remove error t…

…hrown for failed verification
curveball · Jan 28, 2025 · 6d33ee5 · 6d33ee5
1 parent 95ef0fa
commit 6d33ee5
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 10 deletions.
diff --git a/src/login/challenge/email-verification.ts b/src/login/challenge/email-verification.ts
@@ -114,12 +114,13 @@ export class LoginChallengeEmailVerification extends AbstractLoginChallenge<Emai
     return null;
 
   }
-
+  /**
+   * Check if the identity is an email address and unverified
+   */
   private async findUnverifiedEmailIdentity(must = false): Promise<PrincipalIdentity|null> {
     if (this.identityCache) return this.identityCache;
     const identities = await services.principalIdentity.findByPrincipal(this.principal);
     for (const identity of identities) {
-      // Check if the identity is an email address and unverified
       if (identity.uri.startsWith('mailto:') && identity.isMfa && identity.verifiedAt === null) {
         this.identityCache = identity;
         return identity;

diff --git a/src/login/service.ts b/src/login/service.ts
@@ -13,6 +13,7 @@ import { LoginChallengeEmailOtp } from './challenge/email-otp.js';
 import { A12nLoginChallengeError } from './error.js';
 import { AbstractLoginChallenge } from './challenge/abstract.js';
 import { UserEventLogger } from '../log/types.js';
+import { LoginChallengeEmailVerification } from './challenge/email-verification.js';
 
 type ChallengeRequest = AuthorizationChallengeRequest;
 
@@ -256,13 +257,6 @@ async function initChallengeContext(session: LoginSession, parameters: Challenge
       'account_not_active',
     );
   }
-  // if (identity.verifiedAt === null) {
-  //   log('login-failed-notverified');
-  //   throw new A12nLoginChallengeError(
-  //     'Email is not verified',
-  //     'email_not_verified',
-  //   );
-  // }
   return {
     principal,
     identity,
@@ -278,7 +272,7 @@ async function getChallengesForPrincipal(principal: User, log: UserEventLogger,
 
   const challenges = [
     new LoginChallengePassword(principal, log, ip),
-    // insert new challenge
+    new LoginChallengeEmailVerification(principal, log, ip),
     new LoginChallengeTotp(principal, log, ip),
     new LoginChallengeEmailOtp(principal, log, ip),
   ];