fix: requirement for email_confirmed in backend

2025-01-23 14:20:22 +08:00 · 2024-08-16 18:33:50 -04:00 · 2024-08-16 18:33:50 -04:00 · 6e325fa000
commit 6e325fa000
parent 38a6793c16
2 changed files with 8 additions and 1 deletions
--- a/src/backend/src/api/APIError.js
+++ b/src/backend/src/api/APIError.js
@ -470,7 +470,8 @@ module.exports = class APIError {
        },
        'email_must_be_confirmed': {
            status: 422,
-            message: 'Email must be confirmed to apply a share.',
+            message: ({action}) =>
+                `Email must be confirmed to ${action ?? 'apply a share'}.`,
        },
        'no_need_to_request': {
            status: 422,
--- a/src/backend/src/routers/auth/configure-2fa.js
+++ b/src/backend/src/routers/auth/configure-2fa.js
@ -105,6 +105,12 @@ module.exports = eggspress('/auth/configure-2fa/:action', {
        }

        const user = await get_user({ id: req.user.id, force: true });
+        
+        if ( ! user.email_confirmed ) {
+            throw APIError.create('email_must_be_confirmed', null, {
+                action: 'enable 2FA'
+            });
+        }

        // Verify that 2FA isn't already enabled
        if ( user.otp_enabled ) {