From ab2b5a9ecefab5f8131d62c6e0ac8b9637d3cf51 Mon Sep 17 00:00:00 2001
From: Jack Rudenko <mail@erudenko.com>
Date: Wed, 20 Dec 2023 12:07:26 +1100
Subject: [PATCH] set SMS send code for login optional

---
 web/api/phone_login.go | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/web/api/phone_login.go b/web/api/phone_login.go
index 35f50875..0d275a41 100644
--- a/web/api/phone_login.go
+++ b/web/api/phone_login.go
@@ -41,7 +41,19 @@ func (ar *Router) RequestVerificationCode() http.HandlerFunc {
 			return
 		}
 
-		// TODO: add limiter here. Check frequency of requests.
+		//// TODO: add limiter here. Check frequency of requests.
+		// TODO: rate limiter is a function of network infrastructure. Better to use AWS WAF or similar solution.
+		_, err := ar.server.Storages().User.UserByPhone(authData.PhoneNumber)
+		if err == model.ErrUserNotFound {
+			if !ar.server.Settings().Login.AllowRegisterMissing {
+				ar.Error(w, locale, http.StatusUnauthorized, l.ErrorAPIAPPRegistrationForbidden)
+				return
+			}
+		} else if err != nil {
+			ar.Error(w, locale, http.StatusInternalServerError, l.ErrorStorageFindUserPhoneError, err)
+			return
+		}
+
 		code := randStringBytes(phoneVerificationCodeLength)
 		if err := ar.server.Storages().Verification.CreateVerificationCode(authData.PhoneNumber, code); err != nil {
 			ar.Error(w, locale, http.StatusInternalServerError, l.ErrorStorageVerificationCreateError, err)