%!s(int64=4) %!d(string=hai) anos · 17ed9a9edf
--- a/internal/forms/user.go
+++ b/internal/forms/user.go
@@ -19,6 +19,9 @@ type CreateUserForm struct {
 
				 	WriteUserForm
			
 
				 	Email    string `json:"email" form:"required,max=255,email"`
			
 
				 	Password string `json:"password" form:"required,max=255"`
			
 
				+
			
 
				+	// ignore this field from the json
			
 
				+	EmailVerified bool `json:"-"`
			
 
				 }
			
 
				 
			
 
				 // ToUser converts a CreateUserForm to models.User
			
@@ -30,8 +33,9 @@ func (cuf *CreateUserForm) ToUser(_ repository.UserRepository) (*models.User, er
 
				 	}
			
 
				 
			
 
				 	return &models.User{
			
 
				-		Email:    cuf.Email,
			
 
				-		Password: string(hashed),
			
 
				+		Email:         cuf.Email,
			
 
				+		Password:      string(hashed),
			
 
				+		EmailVerified: cuf.EmailVerified,
			
 
				 	}, nil
			
 
				 }
			
 
				 
			
--- a/server/api/oauth_github_handler.go
+++ b/server/api/oauth_github_handler.go
@@ -222,7 +222,7 @@ func (app *App) upsertUserFromToken(tok *oauth2.Token) (*models.User, error) {
 
				 		if err == gorm.ErrRecordNotFound {
			
 
				 			user = &models.User{
			
 
				 				Email:         primary,
			
 
				-				EmailVerified: verified,
			
 
				+				EmailVerified: !app.Capabilities.Email || verified,
			
 
				 				GithubUserID:  githubUser.GetID(),
			
 
				 			}
			
 
				 
			
--- a/server/api/oauth_google_handler.go
+++ b/server/api/oauth_google_handler.go
@@ -146,7 +146,7 @@ func (app *App) upsertGoogleUserFromToken(tok *oauth2.Token) (*models.User, erro
 
				 		if err == gorm.ErrRecordNotFound {
			
 
				 			user = &models.User{
			
 
				 				Email:         gInfo.Email,
			
 
				-				EmailVerified: gInfo.EmailVerified,
			
 
				+				EmailVerified: !app.Capabilities.Email || gInfo.EmailVerified,
			
 
				 				GoogleUserID:  gInfo.Sub,
			
 
				 			}
			
 
				 
			
--- a/server/api/user_handler.go
+++ b/server/api/user_handler.go
@@ -39,7 +39,10 @@ func (app *App) HandleCreateUser(w http.ResponseWriter, r *http.Request) {
 
				 		app.handleErrorDataRead(err, w)
			
 
				 	}
			
 
				 
			
 
				-	form := &forms.CreateUserForm{}
			
 
				+	form := &forms.CreateUserForm{
			
 
				+		// if app can send email verification, set the email verified to false
			
 
				+		EmailVerified: !app.Capabilities.Email,
			
 
				+	}
			
 
				 
			
 
				 	user, err := app.writeUser(
			
 
				 		form,
			
--- a/server/middleware/auth.go
+++ b/server/middleware/auth.go
@@ -5,15 +5,16 @@ import (
 
				 	"context"
			
 
				 	"encoding/json"
			
 
				 	"errors"
			
 
				-	"github.com/google/go-github/github"
			
 
				-	"github.com/porter-dev/porter/internal/oauth"
			
 
				-	"golang.org/x/oauth2"
			
 
				 	"io/ioutil"
			
 
				 	"net/http"
			
 
				 	"net/url"
			
 
				 	"strconv"
			
 
				 	"strings"
			
 
				 
			
 
				+	"github.com/google/go-github/github"
			
 
				+	"github.com/porter-dev/porter/internal/oauth"
			
 
				+	"golang.org/x/oauth2"
			
 
				+
			
 
				 	"github.com/go-chi/chi"
			
 
				 	"github.com/gorilla/sessions"
			
 
				 	"github.com/porter-dev/porter/internal/auth/token"
			
@@ -217,6 +218,14 @@ func (auth *Auth) DoesUserHaveProjectAccess(
 
				 			}
			
 
				 		}
			
 
				 
			
 
				+		// read the user and make sure the email is verified
			
 
				+		user, err := auth.repo.User.ReadUser(userID)
			
 
				+
			
 
				+		if err != nil || !user.EmailVerified {
			
 
				+			http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
			
 
				+			return
			
 
				+		}
			
 
				+
			
 
				 		// get the project
			
 
				 		proj, err := auth.repo.Project.ReadProject(uint(projID))