Modify server authentication logic

In the server code for logging a user in, this logic exists:

export function getLoginRoute() {
    return async function login(
        req: Request<{ email: string; password: string; }>,
        res: Response,
    ): Promise<Response<{ sessionId: string } | undefined>> {
        const fields = req.body ?? {}
        ensureValidArgs(fields)

        const providerId = createProviderId("email", fields.email)
        const authIdentity = await findAuthIdentity(providerId)
        if (!authIdentity) {
            throw createInvalidCredentialsError()
        }
        const providerData = getProviderDataWithPassword<'email'>(authIdentity.providerData)
        if (!providerData.isEmailVerified) {
            throw createInvalidCredentialsError() // CAN THIS BE CHANGED
        }
        try {
            await verifyPassword(providerData.hashedPassword, fields.password);
        } catch(e) {
            throw createInvalidCredentialsError()
        }

export function getLoginRoute() {
    return async function login(
        req: Request<{ email: string; password: string; }>,
        res: Response,
    ): Promise<Response<{ sessionId: string } | undefined>> {
        const fields = req.body ?? {}
        ensureValidArgs(fields)

        const providerId = createProviderId("email", fields.email)
        const authIdentity = await findAuthIdentity(providerId)
        if (!authIdentity) {
            throw createInvalidCredentialsError()
        }
        const providerData = getProviderDataWithPassword<'email'>(authIdentity.providerData)
        if (!providerData.isEmailVerified) {
            throw createInvalidCredentialsError() // CAN THIS BE CHANGED
        }
        try {
            await verifyPassword(providerData.hashedPassword, fields.password);
        } catch(e) {
            throw createInvalidCredentialsError()
        }

Is there a way to handle the isEmailVerified check differently? Currently, if the user tries to login, and their email isn't verified yet, it just returns a 401 'invalid credentials' error. I want to try and return something about how their email isn't verified yet. Can I change this in my code, or would this need to be changed in the wasp source code?

In the server code for logging a user in, this logic exists:

export function getLoginRoute() {
    return async function login(
        req: Request<{ email: string; password: string; }>,
        res: Response,
    ): Promise<Response<{ sessionId: string } | undefined>> {
        const fields = req.body ?? {}
        ensureValidArgs(fields)

        const providerId = createProviderId("email", fields.email)
        const authIdentity = await findAuthIdentity(providerId)
        if (!authIdentity) {
            throw createInvalidCredentialsError()
        }
        const providerData = getProviderDataWithPassword<'email'>(authIdentity.providerData)
        if (!providerData.isEmailVerified) {
            throw createInvalidCredentialsError() // CAN THIS BE CHANGED
        }
        try {
            await verifyPassword(providerData.hashedPassword, fields.password);
        } catch(e) {
            throw createInvalidCredentialsError()
        }

export function getLoginRoute() {
    return async function login(
        req: Request<{ email: string; password: string; }>,
        res: Response,
    ): Promise<Response<{ sessionId: string } | undefined>> {
        const fields = req.body ?? {}
        ensureValidArgs(fields)

        const providerId = createProviderId("email", fields.email)
        const authIdentity = await findAuthIdentity(providerId)
        if (!authIdentity) {
            throw createInvalidCredentialsError()
        }
        const providerData = getProviderDataWithPassword<'email'>(authIdentity.providerData)
        if (!providerData.isEmailVerified) {
            throw createInvalidCredentialsError() // CAN THIS BE CHANGED
        }
        try {
            await verifyPassword(providerData.hashedPassword, fields.password);
        } catch(e) {
            throw createInvalidCredentialsError()
        }

Modify server authentication logic

Modify server authentication logic

Continue the conversation

Wasp

Continue the conversation

Wasp

Similar Threads