mirror of
https://github.com/toeverything/AFFiNE.git
synced 2024-12-23 18:21:50 +03:00
parent
8bcc886b46
commit
8d55e5cdf9
@ -23,6 +23,8 @@ import {
|
|||||||
|
|
||||||
export const NextAuthOptionsProvide = Symbol('NextAuthOptions');
|
export const NextAuthOptionsProvide = Symbol('NextAuthOptions');
|
||||||
|
|
||||||
|
const TrustedProviders = ['google'];
|
||||||
|
|
||||||
export const NextAuthOptionsProvider: FactoryProvider<NextAuthOptions> = {
|
export const NextAuthOptionsProvider: FactoryProvider<NextAuthOptions> = {
|
||||||
provide: NextAuthOptionsProvide,
|
provide: NextAuthOptionsProvide,
|
||||||
useFactory(
|
useFactory(
|
||||||
@ -51,6 +53,23 @@ export const NextAuthOptionsProvider: FactoryProvider<NextAuthOptions> = {
|
|||||||
}
|
}
|
||||||
return createUser(userData);
|
return createUser(userData);
|
||||||
};
|
};
|
||||||
|
// linkAccount exists in the adapter
|
||||||
|
// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
|
||||||
|
const linkAccount = prismaAdapter.linkAccount!.bind(prismaAdapter);
|
||||||
|
prismaAdapter.linkAccount = async account => {
|
||||||
|
// google account must be a verified email
|
||||||
|
if (TrustedProviders.includes(account.provider)) {
|
||||||
|
await prisma.user.update({
|
||||||
|
where: {
|
||||||
|
id: account.userId,
|
||||||
|
},
|
||||||
|
data: {
|
||||||
|
emailVerified: new Date(),
|
||||||
|
},
|
||||||
|
});
|
||||||
|
}
|
||||||
|
return linkAccount(account) as Promise<void>;
|
||||||
|
};
|
||||||
// getUser exists in the adapter
|
// getUser exists in the adapter
|
||||||
// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
|
// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
|
||||||
const getUser = prismaAdapter.getUser!.bind(prismaAdapter)!;
|
const getUser = prismaAdapter.getUser!.bind(prismaAdapter)!;
|
||||||
|
@ -135,9 +135,17 @@ export class AuthResolver {
|
|||||||
@Args('token') token: string,
|
@Args('token') token: string,
|
||||||
@Args('newPassword') newPassword: string
|
@Args('newPassword') newPassword: string
|
||||||
) {
|
) {
|
||||||
// we only create user account after user sign in with email link
|
|
||||||
const id = await this.session.get(token);
|
const id = await this.session.get(token);
|
||||||
if (!id || id !== user.id || !user.emailVerified) {
|
if (!user.emailVerified) {
|
||||||
|
throw new ForbiddenException('Please verify the email first');
|
||||||
|
}
|
||||||
|
if (
|
||||||
|
!id ||
|
||||||
|
(id !== user.id &&
|
||||||
|
// change password after sign in with email link
|
||||||
|
// we only create user account after user sign in with email link
|
||||||
|
id !== user.email)
|
||||||
|
) {
|
||||||
throw new ForbiddenException('Invalid token');
|
throw new ForbiddenException('Invalid token');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user