users who register via google login still have to verify their email (#…

…985) * refactor CreateUserEntity method * add logic for verification status
sillsdev · Jul 30, 2024 · 5ac2034 · 5ac2034
1 parent df1ffa9
commit 5ac2034
Showing 1 changed file with 17 additions and 16 deletions.
diff --git a/backend/LexBoxApi/Controllers/UserController.cs b/backend/LexBoxApi/Controllers/UserController.cs
@@ -67,7 +67,9 @@ public async Task<ActionResult<LexAuthUser>> RegisterAccount(RegisterAccountInpu
             return ValidationProblem(ModelState);
         }
 
-        var userEntity = CreateUserEntity(accountInput, emailVerified: false);
+        var jwtUser = _loggedInContext.MaybeUser;
+
+        var userEntity = CreateUserEntity(accountInput, jwtUser);
         registerActivity?.AddTag("app.user.id", userEntity.Id);
         _lexBoxDbContext.Users.Add(userEntity);
         await _lexBoxDbContext.SaveChangesAsync();
@@ -76,7 +78,7 @@ public async Task<ActionResult<LexAuthUser>> RegisterAccount(RegisterAccountInpu
         await HttpContext.SignInAsync(user.GetPrincipal("Registration"),
             new AuthenticationProperties { IsPersistent = true });
 
-        await _emailService.SendVerifyAddressEmail(userEntity);
+        if (!userEntity.EmailVerified) await _emailService.SendVerifyAddressEmail(userEntity);
         return Ok(user);
     }
 
@@ -106,30 +108,20 @@ public async Task<ActionResult<LexAuthUser>> AcceptEmailInvitation(RegisterAccou
             return ValidationProblem(ModelState);
         }
 
-        var emailVerified = jwtUser.Email == accountInput.Email;
-        var userEntity = CreateUserEntity(accountInput, emailVerified);
+        var userEntity = CreateUserEntity(accountInput, jwtUser);
         acceptActivity?.AddTag("app.user.id", userEntity.Id);
         _lexBoxDbContext.Users.Add(userEntity);
-        // This audience check is redundant now because of [RequireAudience(LexboxAudience.RegisterAccount, true)], but let's leave it in for safety
-        if (jwtUser.Audience == LexboxAudience.RegisterAccount && jwtUser.Projects.Length > 0)
-        {
-            userEntity.Projects = jwtUser.Projects.Select(p => new ProjectUsers { Role = p.Role, ProjectId = p.ProjectId }).ToList();
-        }
-        if (jwtUser.Audience == LexboxAudience.RegisterAccount && jwtUser.Orgs.Length > 0)
-        {
-            userEntity.Organizations = jwtUser.Orgs.Select(o => new OrgMember { Role = o.Role, OrgId = o.OrgId }).ToList();
-        }
         await _lexBoxDbContext.SaveChangesAsync();
 
         var user = new LexAuthUser(userEntity);
         await HttpContext.SignInAsync(user.GetPrincipal("Registration"),
             new AuthenticationProperties { IsPersistent = true });
 
-        if (!emailVerified) await _emailService.SendVerifyAddressEmail(userEntity);
+        if (!userEntity.EmailVerified) await _emailService.SendVerifyAddressEmail(userEntity);
         return Ok(user);
     }
 
-    private User CreateUserEntity(RegisterAccountInput input, bool emailVerified, Guid? creatorId = null)
+    private User CreateUserEntity(RegisterAccountInput input, LexAuthUser? jwtUser, Guid? creatorId = null)
     {
         var salt = Convert.ToHexString(RandomNumberGenerator.GetBytes(SHA1.HashSizeInBytes));
         var userEntity = new User
@@ -142,11 +134,20 @@ private User CreateUserEntity(RegisterAccountInput input, bool emailVerified, Gu
             PasswordHash = PasswordHashing.HashPassword(input.PasswordHash, salt, true),
             PasswordStrength = UserService.ClampPasswordStrength(input.PasswordStrength),
             IsAdmin = false,
-            EmailVerified = emailVerified,
+            EmailVerified = jwtUser?.Email == input.Email,
             CreatedById = creatorId,
             Locked = false,
             CanCreateProjects = false
         };
+        // This audience check is redundant now because of [RequireAudience(LexboxAudience.RegisterAccount, true)], but let's leave it in for safety
+        if (jwtUser?.Audience == LexboxAudience.RegisterAccount && jwtUser.Projects.Length > 0)
+        {
+            userEntity.Projects = jwtUser.Projects.Select(p => new ProjectUsers { Role = p.Role, ProjectId = p.ProjectId }).ToList();
+        }
+        if (jwtUser?.Audience == LexboxAudience.RegisterAccount && jwtUser.Orgs.Length > 0)
+        {
+            userEntity.Organizations = jwtUser.Orgs.Select(o => new OrgMember { Role = o.Role, OrgId = o.OrgId }).ToList();
+        }
         return userEntity;
     }