From: Nutomic Date: Thu, 1 Dec 2022 21:36:03 +0000 (+0000) Subject: Check user accepted before sending jwt in password reset (fixes #2591) (#2597) X-Git-Url: http://these/git/%7B%60%24%7BwebArchiveUrl%7D/%22%7B%7D/%22https:/hacktivis.me/%7Bthis.imageSrc%7D?a=commitdiff_plain;h=70e3feb174a2471ff018071fbfed5039ed31fa3d;p=lemmy.git Check user accepted before sending jwt in password reset (fixes #2591) (#2597) Co-authored-by: Dessalines --- diff --git a/crates/api/src/local_user/change_password_after_reset.rs b/crates/api/src/local_user/change_password_after_reset.rs index 2086a275..3ac48252 100644 --- a/crates/api/src/local_user/change_password_after_reset.rs +++ b/crates/api/src/local_user/change_password_after_reset.rs @@ -8,6 +8,7 @@ use lemmy_db_schema::source::{ local_user::LocalUser, password_reset_request::PasswordResetRequest, }; +use lemmy_db_views::structs::SiteView; use lemmy_utils::{claims::Claims, error::LemmyError, ConnectionId}; use lemmy_websocket::LemmyContext; @@ -42,16 +43,24 @@ impl Perform for PasswordChangeAfterReset { .await .map_err(|e| LemmyError::from_error_message(e, "couldnt_update_user"))?; - // Return the jwt + // Return the jwt if login is allowed + let site_view = SiteView::read_local(context.pool()).await?; + let jwt = + if site_view.local_site.require_application && !updated_local_user.accepted_application { + None + } else { + Some( + Claims::jwt( + updated_local_user.id.0, + &context.secret().jwt_secret, + &context.settings().hostname, + )? + .into(), + ) + }; + Ok(LoginResponse { - jwt: Some( - Claims::jwt( - updated_local_user.id.0, - &context.secret().jwt_secret, - &context.settings().hostname, - )? - .into(), - ), + jwt, verify_email_sent: false, registration_created: false, })