I have an issue with checking if a user has their email verified during the post-login action. I have added this in the post-login script:
exports.onExecutePostLogin = async (event, api) => {
const axios = require("axios");
const crypto = require("crypto");
if (!event.user.email_verified) {
console.log('User email is not verified 1');
api.access.deny(`Please verify your email before logging in.`);
return;
}
console.log('after verified')
if (event.user.app_metadata.user_email_verification_sync) {
return;
}
try {
const url = event.secrets.MY+DOMAIN+"/api/v1/auth0/post-login-email-validation";
const data = { email: event.user.email };
const hash = crypto.createHash("sha256").update(event.user.email+event.secrets.MY_SECRET, "binary").digest("hex")
const config = { headers: {'my-header': hash} };
let response = await axios.post(url, data, config);
if (response.status === 200) {
api.user.setAppMetadata("user_email_verification_sync", true);
}
} catch (error) {
// debbuging
console.log(error.response.data.error);
}
};
However, it is not working correctly. For some reason, this still returns a 200 response and logins/redirects my user. If someone knows what should be done here to return an error code, I would be grateful.
Another solution could be checking the success response in the login logic, but unfortunately, I haven’t been able to access it. The user is just logged in without any console logs triggering.
This is my login logic:
const login = (e) => {
e.preventDefault();
loginSubmitButton.classList = "mui-button loading";
webAuth.login(
{
realm: databaseConnection,
username: username.value,
password: loginPassword.value,
},
function (err, authResult) {
console.log("response is: ", { err, authResult });
// Need to do aditional check here for authResult => to check if response is 200 and inside body error for email not verified
loginSubmitButton.classList = "mui-button";
}
);
};
Any help would be greatly appreciated.