Unverified user is able to login

codingfriend1 / Feathers-Vue

A boiler plate template using Feathers with Email Verification, Vue 2 with Server Side Rendering, stylus, scss, jade, babel, webpack, ES 6-8, login form, user authorization, and SEO

MIT License

197 stars 48 forks source link

Unverified user is able to login #5

Closed mfarees closed 7 years ago

mfarees commented 7 years ago

I found this project very helpful. Thanks for the effort. I'm currently still exploring the project and might have missed it, but shouldn't users be unable to login if their email is unverified? If there's no support for this, kindly share some hints on how I can implement this.

Thanks

mfarees commented 7 years ago

For the time being I have written the following code in the login function in auth.service.js,

var [err, foundUser] = await to( auth.__authenticate(user) )
if (foundUser.isVerified == false) {
err = {message: "Verify your Email Address"};
}

And changed this line return auth.currentUser to this, in the signup function return false

Is this an acceptable approach?

codingfriend1 commented 7 years ago

You can always use the isVerified() hook.

verifyHooks.isVerified()

Use it on the before create authentication service in the authentication.js file.

Here's the library you import

const verifyHooks = require('feathers-authentication-management').hooks;

Some people may want users to be able to login without being verified or perhaps only be able to do limited tasks while unverified.

The only other change you'll need to make is taking out the portion of the auth.service.js in the signup method that automatically calls login after creating a user and change the notification.

mfarees commented 7 years ago

Ok. I'll try that. Thanks