only allow activated accounts to login

bueti · Nov 13, 2023 · 0a9abce · 0a9abce
1 parent fe0ef0b
commit 0a9abce
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/cmd/api/user.go b/cmd/api/user.go
@@ -126,6 +126,11 @@ func (app *application) handleFormLogin(c echo.Context) error {
 		data := app.newTemplateData(c)
 		return c.Render(http.StatusUnauthorized, "login.tmpl.html", data)
 	}
+	if !user.Activated {
+		app.sessionManager.Put(c.Request().Context(), "flash_error", "Your user account has not been activated. Please check your mailbox for the activation link.")
+		data := app.newTemplateData(c)
+		return c.Render(http.StatusUnauthorized, "login.tmpl.html", data)
+	}
 	userID := user.ID.String()
 	app.sessionManager.Put(c.Request().Context(), "authenticated", true)
 	app.sessionManager.Put(c.Request().Context(), "userID", userID)