Auth: Fix email verification bypass when using basic authentication (#82914)

2025-02-25 18:55:37 -06:00 · 2024-02-16 18:54:59 +01:00
parent fabaff9a24
commit 46c26bbd0b
27 changed files with 1403 additions and 22 deletions
--- a/pkg/api/api.go
+++ b/pkg/api/api.go
@@ -189,6 +189,11 @@ func (hs *HTTPServer) registerRoutes() {
 	r.Post("/api/user/signup", quota(user.QuotaTargetSrv), quota(org.QuotaTargetSrv), routing.Wrap(hs.SignUp))
 	r.Post("/api/user/signup/step2", routing.Wrap(hs.SignUpStep2))

+	// update user email
+	if hs.Cfg.Smtp.Enabled && hs.Cfg.VerifyEmailEnabled {
+		r.Get("/user/email/update", reqSignedInNoAnonymous, routing.Wrap(hs.UpdateUserEmail))
+	}
+
 	// invited
 	r.Get("/api/user/invite/:code", routing.Wrap(hs.GetInviteInfoByCode))
 	r.Post("/api/user/invite/complete", routing.Wrap(hs.CompleteInvite))