Skip to content

Commit

Permalink
allow users who signed in with password but verified email
Browse files Browse the repository at this point in the history
  • Loading branch information
@ice-cronus
ice-cronus committed Jan 18, 2024
1 parent df00454 commit b2d79e7
Showing 1 changed file with 7 additions and 1 deletion.
8 changes: 7 additions & 1 deletion auth/internal/firebase/auth.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,13 @@ func (a *auth) VerifyToken(ctx context.Context, token string) (*internal.Token,
return nil, errors.Wrap(vErr, "error verifying firebase token")
}
if (!a.allowEmailPassword) && firebaseToken.Firebase.SignInProvider == passwordSignInProvider {
return nil, errors.Wrapf(ErrForbidden, "%v sign_in_provider is not allowed", firebaseToken.Firebase.SignInProvider)
emailVerified := false
if emailVerifiedInterface, found := firebaseToken.Claims["email_verified"]; found {
emailVerified, _ = emailVerifiedInterface.(bool) //nolint:errcheck,revive // Not needed.
}
if !emailVerified {
return nil, errors.Wrapf(ErrForbidden, "%v sign_in_provider is not allowed without verified email", firebaseToken.Firebase.SignInProvider)
}
}
var email, role string
userID := firebaseToken.UID
Expand Down

0 comments on commit b2d79e7

Please sign in to comment.