Require accounts to be verified before login

Author: nicolelim02

backend/user-service/controller/auth-controller.ts

@@ -17,6 +17,12 @@ export async function handleLogin(
         return res.status(401).json({ message: "Wrong email and/or password" });
       }
 
+      if (!user.isVerified) {
+        return res.status(401).json({
+          message: "User not verified. Please check your email for the link",
+        });
+      }
+
       const match = await bcrypt.compare(password, user.password);
       if (!match) {
         return res.status(401).json({ message: "Wrong email and/or password" });

backend/user-service/controller/user-controller.ts

@@ -83,17 +83,8 @@ export async function createUser(
         hashedPassword
       );
 
-      const emailToken = crypto.randomBytes(16).toString("hex");
-      await redisClient.set(email, emailToken, { EX: 60 * 5 }); // expire in 5 minutes
-      await sendAccVerificationMail(
-        email,
-        ACCOUNT_VERIFICATION_SUBJ,
-        username,
-        `http://localhost:3001/api/users/verify-email/${email}/${emailToken}`
-      );
-
       return res.status(201).json({
-        message: `Created new user ${username} successfully`,
+        message: `Created new user ${username} successfully.`,
         data: formatUserResponse(createdUser),
       });
     } else {
@@ -109,6 +100,38 @@ export async function createUser(
   }
 }
 
+export const sendVerificationMail = async (
+  req: Request,
+  res: Response
+): Promise<Response> => {
+  try {
+    const { email } = req.body;
+    const user = await _findUserByEmail(email);
+
+    if (!user) {
+      return res.status(404).json({ message: `User ${email} not found` });
+    }
+
+    const emailToken = crypto.randomBytes(16).toString("hex");
+    await redisClient.set(email, emailToken, { EX: 60 * 5 }); // expire in 5 minutes
+    await sendAccVerificationMail(
+      email,
+      ACCOUNT_VERIFICATION_SUBJ,
+      user.username,
+      `http://localhost:3001/api/users/verify-email/${email}/${emailToken}`
+    );
+
+    return res
+      .status(200)
+      .json({ message: "Verification email sent. Please check your inbox." });
+  } catch (error) {
+    return res.status(500).json({
+      message: "Unknown error when sending verification email!",
+      error,
+    });
+  }
+};
+
 export const verifyUser = async (
   req: Request,
   res: Response
@@ -137,10 +160,10 @@ export const verifyUser = async (
     return res
       .status(200)
       .json({ message: `User ${email} verified successfully.` });
-  } catch {
+  } catch (error) {
     return res
       .status(500)
-      .json({ message: "Unknown error when verifying user!" });
+      .json({ message: "Unknown error when verifying user!", error });
   }
 };
 

backend/user-service/routes/user-routes.ts

@@ -6,6 +6,7 @@ import {
   deleteUser,
   getAllUsers,
   getUser,
+  sendVerificationMail,
   updateUser,
   updateUserPrivilege,
   verifyUser,
@@ -31,6 +32,8 @@ router.post("/", createUser);
 
 router.post("/images", createImageLink);
 
+router.post("/send-verification-email", sendVerificationMail);
+
 router.get("/:id", getUser);
 
 router.get("/verify-email/:email/:token", verifyUser);

backend/user-service/swagger.yml

@@ -71,6 +71,11 @@ components:
         password:
           type: string
           required: true
+    EmailVerification:
+      properties:
+        email:
+          type: string
+          required: true
     UserResponse:
       properties:
         message:
@@ -333,18 +338,51 @@ paths:
             application/json:
               schema:
                 $ref: "#/components/schemas/ServerErrorResponse"
-  /api/users/verify-email:
+  /api/users/send-verification-email:
+    post:
+      summary: Send verification email
+      tags:
+        - users
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: "#/components/schemas/EmailVerification"
+      responses:
+        200:
+          description: Successful Response
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  message:
+                    type: string
+                    description: Message
+        404:
+          description: Not Found
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/ErrorResponse"
+        500:
+          description: Internal Server Error
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/ServerErrorResponse"
+  /api/users/verify-email/{email}/{token}:
     get:
       summary: Verify email address
       tags:
         - users
       parameters:
-        - in: query
+        - in: path
           name: email
           required: true
           schema:
             type: string
-        - in: query
+        - in: path
           name: token
           required: true
           schema:

frontend/src/contexts/AuthContext.tsx

@@ -75,9 +75,10 @@ const AuthProvider: React.FC<{ children?: React.ReactNode }> = (props) => {
         email: email,
         password: password,
       })
-      .then(() => {
-        login(email, password);
-        toast.success(SUCCESSFUL_SIGNUP);
+      .then(() => userClient.post("users/send-verification-email", { email }))
+      .then((res) => {
+        navigate("/login");
+        toast.success(res.data.message);
       })
       .catch((err) => {
         setUser(null);