3pp-mirror/penpot
1
0
Fork 0
mirror of https://github.com/penpot/penpot.git synced 2025-05-28 21:16:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

🎉 Add 'email-verification' flag enabled by default

Browse source 
The main idea is deprecating the `insecure-register` flag with the more
general `email-verification` flag.
This commit is contained in:
Andrey Antukh 2022-09-14 12:39:20 +02:00
parent 41134f22e9
commit 2348146f00
7 changed files with 88 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

14
backend/src/app/rpc/commands/auth.clj
View file

@ -324,17 +324,25 @@
params (merge params claims)]
(check-profile-existence! conn params)
(let [is-active (or (:is-active params)
(not (contains? cf/flags :email-verification))
;; DEPRECATED: v1.15
(contains? cf/flags :insecure-register))
profile (->> (assoc params :is-active is-active)
(create-profile conn)
(create-profile-relations conn)
(profile/decode-profile-row))
invitation (when-let [token (:invitation-token params)]
(tokens/verify sprops {:token token :iss :team-invitation}))]
(cond
;; If invitation token comes in params, this is because the user comes from team-invitation process;
;; in this case, regenerate token and send back to the user a new invitation token (and mark current
;; session as logged). This happens only if the invitation email matches with the register email.
;; If invitation token comes in params, this is because the
;; user comes from team-invitation process; in this case,
;; regenerate token and send back to the user a new invitation
;; token (and mark current session as logged). This happens
;; only if the invitation email matches with the register
;; email.
(and (some? invitation) (= (:email profile) (:member-email invitation)))
(let [claims (assoc invitation :member-id (:id profile))
token (tokens/generate sprops claims)