IT4Change/gradido
3
0
Fork 0
mirror of https://github.com/IT4Change/gradido.git synced 2025-12-13 07:45:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

check for no password and emailChecked on login

Browse Source
This commit is contained in:
Ulf Gebhardt 2021-11-24 02:20:22 +01:00
parent d5ea64d9ca
commit cf8ca47cc6
Signed by: ulfgebhardt
GPG Key ID: DA6B843E748679C9
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
backend/src/graphql/resolver/UserResolver.ts
View File

@ -160,7 +160,14 @@ export class UserResolver {
const loginUser = await loginUserRepository.findByEmail(email).catch(() => {
throw new Error('No user with this credentials')
})
if (!loginUser.emailChecked) throw new Error('user email not validated')
if (!loginUser.emailChecked) {
// TODO we want to catch this on the frontend and ask the user to check his emails or resend code
throw new Error('User email not validated')
}
if (loginUser.password === BigInt(0)) {
// TODO we want to catch this on the frontend and ask the user to check his emails or resend code
throw new Error('User has no password set yet')
}
const passwordHash = SecretKeyCryptographyCreateKey(email, password) // return short and long hash
const loginUserPassword = BigInt(loginUser.password.toString())
if (loginUserPassword !== passwordHash[0].readBigUInt64LE()) {