✨ Don't send emails on recovery password on not verified profile.

And show proper message to the user saying that the profile need to be verfied before proceed.
2025-05-10 15:16:40 +02:00 · 2021-02-03 23:47:19 +01:00 · 2021-02-03 23:47:19 +01:00 · 687f7ddf64
commit 687f7ddf64
parent 992a8e9aef
4 changed files with 55 additions and 29 deletions
--- a/backend/src/app/rpc/mutations/profile.clj
+++ b/backend/src/app/rpc/mutations/profile.clj
@ -403,11 +403,14 @@
                           :name (:fullname profile)}))]

    (db/with-atomic [conn pool]
-      (some->> email
-               (profile/retrieve-profile-data-by-email conn)
-               (create-recovery-token)
-               (send-email-notification conn))
-      nil)))
+      (when-let [profile (profile/retrieve-profile-data-by-email conn email)]
+        (when-not (:is-active profile)
+          (ex/raise :type :validation
+                    :code :profile-not-verified
+                    :hint "the user need to validate profile before recover password"))
+        (->> profile
+             (create-recovery-token)
+             (send-email-notification conn))))))


 ;; --- Mutation: Recover Profile