From 7c8b291b24c052e1ec09de88a6c0a2827c0fa59d Mon Sep 17 00:00:00 2001 From: Brett Slaski Date: Thu, 19 Oct 2023 11:30:11 -0500 Subject: [PATCH] fix: check for verified emails on auth'd paths --- package.json | 2 +- src/hooks.server.js | 13 ++++++++++++- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/package.json b/package.json index c5ff524..7d1a9dd 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "thatconference.com", - "version": "5.1.3", + "version": "5.1.4", "description": "THATConference.com website", "main": "index.js", "type": "module", diff --git a/src/hooks.server.js b/src/hooks.server.js index 6a8ad4d..175f8ac 100644 --- a/src/hooks.server.js +++ b/src/hooks.server.js @@ -38,6 +38,10 @@ async function authorization({ event, resolve }) { } throw redirect(303, `/login-redirect?returnTo=${toPath}`); } + + if (!session.user.sub.startsWith('twitter') && session.user?.emailVerified === false) { + throw redirect(307, `/verify-account`); + } } return resolve(event); @@ -71,14 +75,19 @@ const authConfig = { if (url.startsWith('/')) return `${baseUrl}${url}`; // Allows callback URLs on the same origin else if (new URL(url).origin === baseUrl) return url; + return baseUrl; }, jwt(jwtGoo) { - const { account, token } = jwtGoo; + const { account, token, profile } = jwtGoo; if (account) { token.accessToken = account.access_token; token.idToken = account.id_token; } + if (profile) { + token.emailVerified = profile.email_verified; + } + return token; }, session(sessionGoo) { @@ -87,6 +96,7 @@ const authConfig = { session.idToken = token.idToken; session.user.id = token.sub; session.user.sub = token.sub; + session.user.emailVerified = token.emailVerified; const payload = parseOnly(token.accessToken); if (payload) { const { permissions } = payload; @@ -94,6 +104,7 @@ const authConfig = { session.user.permissions = permissions; } } + return session; } }