fix: Improve handling of suspended users signing in with email (#2012)

* chore: Separate signin/auth middleware fix: Email signin token parsed by JWT middleware fix: Email signin marked as active when logging in as suspended fix: Suspended email signin correctly redirected to login screen closes #1740 * refactor middleware -> lib * lint
2021-04-08 20:40:04 -07:00
parent 1a889e9913
commit 190f0b6dc5
8 changed files with 96 additions and 109 deletions
--- a/server/utils/jwt.js
+++ b/server/utils/jwt.js
@ -21,6 +21,10 @@ function getJWTPayload(token) {
 export async function getUserForJWT(token: string): Promise<User> {
  const payload = getJWTPayload(token);

+  if (payload.type === "email-signin") {
+    throw new AuthenticationError("Invalid token");
+  }
+
  // check the token is within it's expiration time
  if (payload.expiresAt) {
    if (new Date(payload.expiresAt) < new Date()) {