From 6e325fa000f19b8f20d79829ab2bd78edce80425 Mon Sep 17 00:00:00 2001
From: KernelDeimos <eric.alex.dube@gmail.com>
Date: Fri, 16 Aug 2024 18:33:50 -0400
Subject: [PATCH] fix: requirement for email_confirmed in backend

---
 src/backend/src/api/APIError.js               | 3 ++-
 src/backend/src/routers/auth/configure-2fa.js | 6 ++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/backend/src/api/APIError.js b/src/backend/src/api/APIError.js
index ed188c07..93bee20f 100644
--- a/src/backend/src/api/APIError.js
+++ b/src/backend/src/api/APIError.js
@@ -470,7 +470,8 @@ module.exports = class APIError {
         },
         'email_must_be_confirmed': {
             status: 422,
-            message: 'Email must be confirmed to apply a share.',
+            message: ({action}) =>
+                `Email must be confirmed to ${action ?? 'apply a share'}.`,
         },
         'no_need_to_request': {
             status: 422,
diff --git a/src/backend/src/routers/auth/configure-2fa.js b/src/backend/src/routers/auth/configure-2fa.js
index 5f1b4442..9c3c461e 100644
--- a/src/backend/src/routers/auth/configure-2fa.js
+++ b/src/backend/src/routers/auth/configure-2fa.js
@@ -105,6 +105,12 @@ module.exports = eggspress('/auth/configure-2fa/:action', {
         }
 
         const user = await get_user({ id: req.user.id, force: true });
+        
+        if ( ! user.email_confirmed ) {
+            throw APIError.create('email_must_be_confirmed', null, {
+                action: 'enable 2FA'
+            });
+        }
 
         // Verify that 2FA isn't already enabled
         if ( user.otp_enabled ) {