mirrors/gotosocial
1
0
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial.git synced 2025-12-14 17:07:28 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions

Require confirmed email when checking oauth token (#332)

Browse source 
* move token checker to security package

* update tests with new security package

* add oauth token checking to security package

* check if user email confirmed when parsing token
This commit is contained in:
tobi 2021-11-27 14:53:34 +01:00 committed by GitHub
commit ce22e03f9d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 57 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

3
internal/oauth/util.go
View file

@ -85,6 +85,9 @@ func Authed(c *gin.Context, requireToken bool, requireApp bool, requireUser bool
if a.User.Disabled || !a.User.Approved {
return nil, errors.New("user disabled or not approved")
}
if a.User.Email == "" {
return nil, errors.New("user has no confirmed email address")
}
}
if requireAccount {