feat: restrict app access for unverified users

2024-01-16 14:25:05 +02:00
parent b09071ebc7
commit 4aefb80989
9 changed files with 181 additions and 5 deletions
--- a/packages/lib/next-auth/auth-options.ts
+++ b/packages/lib/next-auth/auth-options.ts
@@ -10,6 +10,7 @@ import GoogleProvider from 'next-auth/providers/google';

 import { prisma } from '@documenso/prisma';

+import { ONE_DAY } from '../constants/time';
 import { isTwoFactorAuthenticationEnabled } from '../server-only/2fa/is-2fa-availble';
 import { validateTwoFactorAuthentication } from '../server-only/2fa/validate-2fa';
 import { getUserByEmail } from '../server-only/user/get-user-by-email';
@@ -69,6 +70,17 @@ export const NEXT_AUTH_OPTIONS: AuthOptions = {
          }
        }

+        const userCreationDate = user?.createdAt;
+        const createdWithinLast72Hours = userCreationDate > new Date(Date.now() - ONE_DAY * 3);
+
+        /*
+          avoid messing with the users who signed up before the email verification requirement
+          the error is thrown only if the user doesn't have a verified email and the account was created within the last 72 hours
+        */
+        if (!user.emailVerified && createdWithinLast72Hours) {
+          throw new Error(ErrorCode.UNVERIFIED_EMAIL);
+        }
+
        return {
          id: Number(user.id),
          email: user.email,
--- a/packages/lib/next-auth/error-codes.ts
+++ b/packages/lib/next-auth/error-codes.ts
@@ -19,4 +19,5 @@ export const ErrorCode = {
  INCORRECT_PASSWORD: 'INCORRECT_PASSWORD',
  MISSING_ENCRYPTION_KEY: 'MISSING_ENCRYPTION_KEY',
  MISSING_BACKUP_CODE: 'MISSING_BACKUP_CODE',
+  UNVERIFIED_EMAIL: 'UNVERIFIED_EMAIL',
 } as const;
--- a/packages/lib/server-only/user/get-user-by-email.ts
+++ b/packages/lib/server-only/user/get-user-by-email.ts
@@ -9,5 +9,8 @@ export const getUserByEmail = async ({ email }: GetUserByEmailOptions) => {
    where: {
      email: email.toLowerCase(),
    },
+    include: {
+      VerificationToken: true,
+    },
  });
 };
--- a/packages/lib/server-only/user/get-user-by-verification-token.ts
+++ b/packages/lib/server-only/user/get-user-by-verification-token.ts
@@ -0,0 +1,17 @@
+import { prisma } from '@documenso/prisma';
+
+export interface GetUserByVerificationTokenOptions {
+  token: string;
+}
+
+export const getUserByVerificationToken = async ({ token }: GetUserByVerificationTokenOptions) => {
+  return await prisma.user.findFirstOrThrow({
+    where: {
+      VerificationToken: {
+        some: {
+          token,
+        },
+      },
+    },
+  });
+};