+ return res.fail({
+ status: HttpStatusCode.FORBIDDEN_403,
+ message: 'Invalid verification string.'
+ })
+ }
+
+ return next()
+ }
+]
+
+const usersAskSendVerifyEmailValidator = [
+ body('email').isEmail().not().isEmpty().withMessage('Should have a valid email'),
+
+ async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+ logger.debug('Checking askUsersSendVerifyEmail parameters', { parameters: req.body })
+
+ if (areValidationErrors(req, res)) return
+ const exists = await checkUserEmailExist(req.body.email, res, false)
+ if (!exists) {
+ logger.debug('User with email %s does not exist (asking verify email).', req.body.email)
+ // Do not leak our emails
+ return res.status(HttpStatusCode.NO_CONTENT_204).end()
+ }
+
+ return next()
+ }
+]
+
+const usersVerifyEmailValidator = [
+ param('id')
+ .isInt().not().isEmpty().withMessage('Should have a valid id'),
+
+ body('verificationString')
+ .not().isEmpty().withMessage('Should have a valid verification string'),
+ body('isPendingEmail')
+ .optional()
+ .customSanitizer(toBooleanOrNull),
+
+ async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+ logger.debug('Checking usersVerifyEmail parameters', { parameters: req.params })
+
+ if (areValidationErrors(req, res)) return
+ if (!await checkUserIdExist(req.params.id, res)) return
+
+ const user = res.locals.user
+ const redisVerificationString = await Redis.Instance.getVerifyEmailLink(user.id)
+
+ if (redisVerificationString !== req.body.verificationString) {
+ return res.fail({
+ status: HttpStatusCode.FORBIDDEN_403,
+ message: 'Invalid verification string.'
+ })