From 041a91dc06104dd4aeebfd8957a105bd9b35b870 Mon Sep 17 00:00:00 2001
From: Brett Slaski <brett@thatconference.com>
Date: Thu, 19 Oct 2023 11:09:23 -0500
Subject: [PATCH] fix: emails must be verified before account can be used

---
 package.json        |  2 +-
 src/hooks.server.js | 10 +++++++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/package.json b/package.json
index 812d4647..a029e697 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
 	"name": "that-us",
-	"version": "3.15.0",
+	"version": "3.15.1",
 	"description": "THAT.us website",
 	"main": "index.js",
 	"type": "module",
diff --git a/src/hooks.server.js b/src/hooks.server.js
index 5f92293d..2f270589 100644
--- a/src/hooks.server.js
+++ b/src/hooks.server.js
@@ -48,6 +48,10 @@ async function authorization({ event, resolve }) {
 				toPath += `?${event.url.searchParams.toString()}`;
 			}
 			throw redirect(303, `/login-redirect?returnTo=${toPath}`);
+		} else {
+			if (!session.user.sub.startsWith('twitter') && session.user?.emailVerified === false) {
+				throw redirect(307, `/verify-account`);
+			}
 		}
 	}
 
@@ -85,11 +89,14 @@ const authConfig = {
 			return baseUrl;
 		},
 		jwt(jwtGoo) {
-			const { account, token } = jwtGoo;
+			const { account, token, profile } = jwtGoo;
 			if (account) {
 				token.accessToken = account.access_token;
 				token.idToken = account.id_token;
 			}
+			if (profile) {
+				token.emailVerified = profile.email_verified;
+			}
 			return token;
 		},
 		session(sessionGoo) {
@@ -98,6 +105,7 @@ const authConfig = {
 			session.idToken = token.idToken;
 			session.user.id = token.sub;
 			session.user.sub = token.sub;
+			session.user.emailVerified = token.emailVerified;
 			const payload = parseOnly(token.accessToken);
 			if (payload) {
 				const { permissions } = payload;