From 9bdc5f8fcf8a1b0325bd047b63d3dd43b109c79c Mon Sep 17 00:00:00 2001
From: Peter Sanchez <peter@netlandish.com>
Date: Tue, 16 Aug 2022 10:56:51 -0600
Subject: [PATCH] Adding email verification to password change

---
 accounts/routes.go | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/accounts/routes.go b/accounts/routes.go
index 570f813..c0ee064 100644
--- a/accounts/routes.go
+++ b/accounts/routes.go
@@ -513,6 +513,25 @@ func (s *Service) ForgotPasswordConfPOST(c echo.Context) error {
 		return err
 	}
 
+	if !user.IsVerified() {
+		// To be here they had to have verified the email.
+		ctx := database.Context(c.Request().Context(), gctx.Server.DB)
+		if err := database.WithTx(ctx, nil, func(tx *sql.Tx) error {
+			// Null any current pending email changes
+			_, err := tx.ExecContext(ctx, `
+				UPDATE "users"
+				SET is_verified=true
+				WHERE id=$1`,
+				user.GetID())
+			if err != nil {
+				return err
+			}
+			return nil
+		}); err != nil {
+			return err
+		}
+	}
+
 	if err := s.fetch.ProcessSuccessfulPasswordReset(c); err != nil {
 		return err
 	}
-- 
2.45.2