Auth0 Home Blog Docs

Using !user.email_verified

auth0
rules

#1

hi

I’ve managed to implement login, and i’ve come to add rules in order to whitelist specific email addresses, but i noticed that the whitelist is ignored on signup. So i wanted to only accept verified users through, but however i implement that rule seems to cause my app to give a ERR_TOO_MANY_REDIRECTS from either / both my domain, but also my auth0 domain.

I’ve tried creating it as two rules, with the whitelist rule first or the verified email first,
i’ve tried combining it into one rule

function (user, context, callback) {
 
  const whitelist = [ 'bigcoops@gmail.com', 'stockport.badders.results@gmail.com' ]; //authorized users
  const userHasAccess = whitelist.some(
    function (email) {
      return email === user.email;
    });

  if (!user.email_verified || !userHasAccess) {
    return callback(new UnauthorizedError('Access denied.'));
  }

  callback(null, user, context);
}

or:

function (user, context, callback) {

  // Access should only be granted to verified users.
  if (!user.email || !user.email_verified) {
    return callback(new UnauthorizedError('Please verify your email before logging in.'));
  }

  const whitelist = [ 'bigcoops@gmail.com', 'stockport.badders.results@gmail.com' ]; //authorized users
  const userHasAccess = whitelist.some(
    function (email) {
      return email === user.email;
    });

  if (!userHasAccess) {
    return callback(new UnauthorizedError('Access denied.'));
  }

  callback(null, user, context);
}

but none of these have worked, and all result in the same symptom. removing the !user_email_verified part resolves the problem, but leaves me with the signup problem.

any suggestions?


#4

Hey there @stockport.badders, I’m still looking into what may be going on here but it may have something to do with the callbacks on your tenant between http and https, which could be causing the ERR_TOO_MANY_REDIRECTS. Also If you could please snag us a HAR file capturing your workflow when reproducing the error and DM it over, it may be able to help us look at what’s going on at a deeper level. Thanks in advance!


#5

thanks james i’ve attached the HAR

hope that helps :slight_smile:


#7

Hi again @James.Morrison , i’ve spent a fair amount of time over the weekend making sure any http traffic is redirected to https in the hope that it would help. but apparently not.

let me know if you need me to do anymore - the problem still persists. :frowning:


#8

Thank you for sharing the HAR file, I’ll give it a look and see what may be going on.