This is due to the fact that the user is being logged in after registration and hitting your deny logic - Are you looking to allow users to log in immediately following registration, but require email verification for all subsequent attempts? If so, you might consider an action similar to the following:
exports.onExecutePostLogin = async (event, api) => {
// Check if the email is verified
if (!event.user.email_verified) {
// Check if it's the first login by checking the logins_count field
const isFirstLogin = event.stats.logins_count === 1;
// If it's not the first login and the email is not verified, deny access
if (!isFirstLogin) {
api.access.deny('Please verify your email before logging in again.');
}
}
// Do nothing on the first login, allowing the user to proceed
};
You can show an error message on the registration view of Universal Login, but not the login view: