-const usersAskSendVerifyEmailValidator = [
- body('email').isEmail().not().isEmpty().withMessage('Should have a valid email'),
-
- async (req: express.Request, res: express.Response, next: express.NextFunction) => {
- if (areValidationErrors(req, res)) return
-
- const exists = await checkUserEmailExist(req.body.email, res, false)
- if (!exists) {
- logger.debug('User with email %s does not exist (asking verify email).', req.body.email)
- // Do not leak our emails
- return res.status(HttpStatusCode.NO_CONTENT_204).end()
- }
-
- if (res.locals.user.pluginAuth) {
- return res.fail({
- status: HttpStatusCode.CONFLICT_409,
- message: 'Cannot ask verification email of a user that uses a plugin authentication.'
- })
- }
-
- return next()
- }
-]
-
-const usersVerifyEmailValidator = [
- param('id')
- .isInt().not().isEmpty().withMessage('Should have a valid id'),
-
- body('verificationString')
- .not().isEmpty().withMessage('Should have a valid verification string'),
- body('isPendingEmail')
- .optional()
- .customSanitizer(toBooleanOrNull),
-
- async (req: express.Request, res: express.Response, next: express.NextFunction) => {
- if (areValidationErrors(req, res)) return
- if (!await checkUserIdExist(req.params.id, res)) return
-
- const user = res.locals.user
- const redisVerificationString = await Redis.Instance.getVerifyEmailLink(user.id)
-
- if (redisVerificationString !== req.body.verificationString) {
- return res.fail({
- status: HttpStatusCode.FORBIDDEN_403,
- message: 'Invalid verification string.'
- })
- }
-
- return next()
- }
-]
-