LemmyNet · Nutomic · Nov 24, 2021 · Nov 26, 2021 · dessalines · Nov 29, 2021
@@ -219,8 +219,8 @@ mod tests {
     let inserted_person = Person::create(&conn, &new_person).unwrap();
 
     let local_user_form = LocalUserForm {
-      person_id: inserted_person.id,
-      password_encrypted: "123456".to_string(),
+      person_id: Some(inserted_person.id),
+      password_encrypted: Some("123456".to_string()),
       ..LocalUserForm::default()
     };
 

@@ -19,6 +19,7 @@ use lemmy_db_schema::{
   source::{
     comment::Comment,
     community::Community,
+    email_verification::EmailVerification,
     local_user::{LocalUser, LocalUserForm},
     moderator::*,
     password_reset_request::*,
@@ -54,6 +55,7 @@ use lemmy_utils::{
   LemmyError,
 };
 use lemmy_websocket::{
+  email::send_verification_email,
   messages::{CaptchaItem, SendAllMessage},
   LemmyContext,
   UserOperation,
@@ -88,13 +90,18 @@ impl Perform for Login {
       return Err(ApiError::err_plain("password_incorrect").into());
     }
 
+    let site = blocking(context.pool(), Site::read_simple).await??;
+    if site.require_email_verification && !local_user_view.local_user.email_verified {
+      return Err(ApiError::err_plain("email_not_verified").into());
+    }
+
     // Return the jwt
     Ok(LoginResponse {
-      jwt: Claims::jwt(
+      jwt: Some(Claims::jwt(
         local_user_view.local_user.id.0,
         &context.secret().jwt_secret,
         &context.settings().hostname,
-      )?,
+      )?),
     })
   }
 }
@@ -159,12 +166,29 @@ impl Perform for SaveUserSettings {
 
     let avatar = diesel_option_overwrite_to_url(&data.avatar)?;
     let banner = diesel_option_overwrite_to_url(&data.banner)?;
-    let email = diesel_option_overwrite(&data.email);
     let bio = diesel_option_overwrite(&data.bio);
     let display_name = diesel_option_overwrite(&data.display_name);
     let matrix_user_id = diesel_option_overwrite(&data.matrix_user_id);
     let bot_account = data.bot_account;
 
+    let email = if let Some(email) = &data.email {
+      let site = blocking(context.pool(), Site::read_simple).await??;
+      if site.require_email_verification {
+        send_verification_email(
+          local_user_view.local_user.id,
+          email,
+          &local_user_view.person.name,
+          context,
+        )
+        .await?;
+        None
+      } else {
+        diesel_option_overwrite(&data.email)
+      }
+    } else {
+      None
+    };
+
     if let Some(Some(bio)) = &bio {
       if bio.chars().count() > 300 {
         return Err(ApiError::err_plain("bio_length_overflow").into());
@@ -222,9 +246,9 @@ impl Perform for SaveUserSettings {
     .map_err(|e| ApiError::err("user_already_exists", e))?;
 
     let local_user_form = LocalUserForm {
-      person_id,
+      person_id: Some(person_id),
       email,
-      password_encrypted,
+      password_encrypted: Some(password_encrypted),
       show_nsfw: data.show_nsfw,
       show_bot_accounts: data.show_bot_accounts,
       show_scores: data.show_scores,
@@ -236,6 +260,7 @@ impl Perform for SaveUserSettings {
       show_read_posts: data.show_read_posts,
       show_new_post_notifs: data.show_new_post_notifs,
       send_notifications_to_email: data.send_notifications_to_email,
+      email_verified: None,
     };
 
     let local_user_res = blocking(context.pool(), move |conn| {
@@ -259,11 +284,11 @@ impl Perform for SaveUserSettings {
 
     // Return the jwt
     Ok(LoginResponse {
-      jwt: Claims::jwt(
+      jwt: Some(Claims::jwt(
         updated_local_user.id.0,
         &context.secret().jwt_secret,
         &context.settings().hostname,
-      )?,
+      )?),
     })
   }
 }
@@ -307,11 +332,11 @@ impl Perform for ChangePassword {
 
     // Return the jwt
     Ok(LoginResponse {
-      jwt: Claims::jwt(
+      jwt: Some(Claims::jwt(
         updated_local_user.id.0,
         &context.secret().jwt_secret,
         &context.settings().hostname,
-      )?,
+      )?),
     })
   }
 }
@@ -775,11 +800,11 @@ impl Perform for PasswordChange {
 
     // Return the jwt
     Ok(LoginResponse {
-      jwt: Claims::jwt(
+      jwt: Some(Claims::jwt(
         updated_local_user.id.0,
         &context.secret().jwt_secret,
         &context.settings().hostname,
-      )?,
+      )?),
     })
   }
 }
@@ -860,3 +885,36 @@ impl Perform for GetUnreadCount {
     Ok(res)
   }
 }
+
+#[async_trait::async_trait(?Send)]
+impl Perform for VerifyEmail {
+  type Response = ();
+
+  async fn perform(
+    &self,
+    context: &Data<LemmyContext>,
+    _websocket_id: Option<usize>,
+  ) -> Result<Self::Response, LemmyError> {
+    let token = self.token.clone();
+    let verification = blocking(context.pool(), move |conn| {
+      EmailVerification::read_for_token(conn, &token)
+    })
+    .await?
+    .map_err(|e| ApiError::err("token_not_found", e))?;
+
+    let form = LocalUserForm {
+      // necessary in case this is a new signup
+      email_verified: Some(true),
+      // necessary in case email of an existing user was changed
+      email: Some(Some(verification.email)),
+      ..LocalUserForm::default()
+    };
+    let local_user_id = verification.local_user_id;
+    blocking(context.pool(), move |conn| {
+      LocalUser::update(conn, local_user_id, &form)
+    })
+    .await??;
+
+    Ok(())
+  }
+}
@@ -23,6 +23,7 @@ pub struct Register {
   pub password: String,
   pub password_verify: String,
   pub show_nsfw: bool,
+  /// email is mandatory if email verification is enabled on the server
   pub email: Option<String>,
   pub captcha_uuid: Option<String>,
   pub captcha_answer: Option<String>,
@@ -77,7 +78,9 @@ pub struct ChangePassword {
 
 #[derive(Serialize, Deserialize)]
 pub struct LoginResponse {
-  pub jwt: String,
+  /// This is None in response to `Register` if email verification is enabled, and in response to
+  /// `DeleteAccount`.
+  pub jwt: Option<String>,
 }
 
 #[derive(Serialize, Deserialize)]
@@ -278,3 +281,8 @@ pub struct GetUnreadCountResponse {
   pub mentions: i64,
   pub private_messages: i64,
 }
+
+#[derive(Serialize, Deserialize)]
+pub struct VerifyEmail {
+  pub token: String,
+}
@@ -111,6 +111,7 @@ pub struct EditSite {
   pub open_registration: Option<bool>,
   pub enable_nsfw: Option<bool>,
   pub community_creation_admin_only: Option<bool>,
+  pub require_email_verification: Option<bool>,
   pub auth: String,
 }
 

@@ -66,8 +66,8 @@ impl PerformCrud for CreateSite {
       enable_downvotes: data.enable_downvotes,
       open_registration: data.open_registration,
       enable_nsfw: data.enable_nsfw,
-      updated: None,
       community_creation_admin_only: data.community_creation_admin_only,
+      ..SiteForm::default()
     };
 
     let create_site = move |conn: &'_ _| Site::create(conn, &site_form);

@@ -45,7 +45,11 @@ impl PerformCrud for GetSite {
             captcha_answer: None,
             honeypot: None,
           };
-          let login_response = register.perform(context, websocket_id).await?;
+          let admin_jwt = register
+            .perform(context, websocket_id)
+            .await?
+            .jwt
+            .expect("jwt is returned from registration on newly created site");
           info!("Admin {} created", setup.admin_username);
 
           let create_site = CreateSite {
@@ -58,7 +62,7 @@ impl PerformCrud for GetSite {
             open_registration: setup.open_registration,
             enable_nsfw: setup.enable_nsfw,
             community_creation_admin_only: setup.community_creation_admin_only,
-            auth: login_response.jwt,
+            auth: admin_jwt,
           };
           create_site.perform(context, websocket_id).await?;
           info!("Site {} created", setup.site_name);

@@ -59,6 +59,7 @@ impl PerformCrud for EditSite {
       open_registration: data.open_registration,
       enable_nsfw: data.enable_nsfw,
       community_creation_admin_only: data.community_creation_admin_only,
+      require_email_verification: data.require_email_verification,
     };
 
     let update_site = move |conn: &'_ _| Site::update(conn, 1, &site_form);

@@ -24,8 +24,6 @@ use lemmy_db_schema::{
     site::Site,
   },
   traits::{Crud, Followable, Joinable},
-  ListingType,
-  SortType,
 };
 use lemmy_db_views_actor::person_view::PersonViewSafe;
 use lemmy_utils::{
@@ -36,7 +34,7 @@ use lemmy_utils::{
   ConnectionId,
   LemmyError,
 };
-use lemmy_websocket::{messages::CheckCaptcha, LemmyContext};
+use lemmy_websocket::{email::send_verification_email, messages::CheckCaptcha, LemmyContext};
 
 #[async_trait::async_trait(?Send)]
 impl PerformCrud for Register {
@@ -49,16 +47,24 @@ impl PerformCrud for Register {
   ) -> Result<LoginResponse, LemmyError> {
     let data: &Register = self;
 
+    // no email verification if the site is not setup yet
+    let mut email_verification = false;
+
     // Make sure site has open registration
     if let Ok(site) = blocking(context.pool(), Site::read_simple).await? {
       if !site.open_registration {
         return Err(ApiError::err_plain("registration_closed").into());
       }
+      email_verification = site.require_email_verification;
     }
 
     password_length_check(&data.password)?;
     honeypot_check(&data.honeypot)?;
 
+    if email_verification && data.email.is_none() {
+      return Err(ApiError::err_plain("email_required").into());
+    }
+
     // Make sure passwords match
     if data.password != data.password_verify {
       return Err(ApiError::err_plain("passwords_dont_match").into());
@@ -124,22 +130,13 @@ impl PerformCrud for Register {
     .map_err(|e| ApiError::err("user_already_exists", e))?;
 
     // Create the local user
-    // TODO some of these could probably use the DB defaults
     let local_user_form = LocalUserForm {
-      person_id: inserted_person.id,
+      person_id: Some(inserted_person.id),
       email: Some(data.email.to_owned()),
-      password_encrypted: data.password.to_owned(),
+      password_encrypted: Some(data.password.to_owned()),
       show_nsfw: Some(data.show_nsfw),
-      show_bot_accounts: Some(true),
-      theme: Some("browser".into()),
-      default_sort_type: Some(SortType::Active as i16),
-      default_listing_type: Some(ListingType::Subscribed as i16),
-      lang: Some("browser".into()),
-      show_avatars: Some(true),
-      show_scores: Some(true),
-      show_read_posts: Some(true),
-      show_new_post_notifs: Some(false),
-      send_notifications_to_email: Some(false),
+      email_verified: Some(!email_verification),
+      ..LocalUserForm::default()
     };
 
     let inserted_local_user = match blocking(context.pool(), move |conn| {
@@ -228,13 +225,24 @@ impl PerformCrud for Register {
         .map_err(|e| ApiError::err("community_moderator_already_exists", e))?;
     }
 
-    // Return the jwt
-    Ok(LoginResponse {
-      jwt: Claims::jwt(
+    // Log the user in directly if email verification is not required
+    let jwt = if email_verification {
+      send_verification_email(
+        inserted_local_user.id,
+        // we check at the beginning of this method that email is set
+        &inserted_local_user.email.expect("email was provided"),
+        &inserted_person.name,
+        context,
+      )
+      .await?;
+      None
+    } else {
+      Some(Claims::jwt(
         inserted_local_user.id.0,
         &context.secret().jwt_secret,
         &context.settings().hostname,
-      )?,
-    })
+      )?)
+    };
+    Ok(LoginResponse { jwt })
   }
 }
@@ -47,8 +47,6 @@ impl PerformCrud for DeleteAccount {
     })
     .await??;
 
-    Ok(LoginResponse {
-      jwt: data.auth.to_owned(),
-    })
+    Ok(LoginResponse { jwt: None })
   }
 }
@@ -65,6 +65,7 @@ mod tests {
       enable_nsfw: None,
       updated: None,
       community_creation_admin_only: Some(false),
+      require_email_verification: None,
     };
 
     Site::create(&conn, &site_form).unwrap();