Diplomarbeit-Absolventenverein/oqtane.framework
10
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Fix #4789 - allow user email verification to be managed by administrator

Browse Source
This commit is contained in:
sbwalker
2025-05-16 11:13:03 -04:00
parent 1f05d12ef5
commit ff6a810ad5
6 changed files with 63 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
Oqtane.Server/Controllers/UserController.cs
View File

@ -140,6 +140,7 @@ namespace Oqtane.Controllers
filtered.LastLoginOn = user.LastLoginOn;
filtered.LastIPAddress = user.LastIPAddress;
filtered.TwoFactorRequired = user.TwoFactorRequired;
filtered.EmailConfirmed = user.EmailConfirmed;
filtered.Roles = user.Roles;
filtered.CreatedBy = user.CreatedBy;
filtered.CreatedOn = user.CreatedOn;
@ -200,10 +201,15 @@ namespace Oqtane.Controllers
[Authorize]
public async Task<User> Put(int id, [FromBody] User user)
{
if (ModelState.IsValid && user.SiteId == _tenantManager.GetAlias().SiteId && user.UserId == id && _users.GetUser(user.UserId, false) != null
var existing = _userManager.GetUser(user.UserId, user.SiteId);
if (ModelState.IsValid && user.SiteId == _tenantManager.GetAlias().SiteId && user.UserId == id && existing != null
&& (_userPermissions.IsAuthorized(User, user.SiteId, EntityNames.User, -1, PermissionNames.Write, RoleNames.Admin) || User.Identity.Name == user.Username))
{
user.EmailConfirmed = User.IsInRole(RoleNames.Admin);
// only administrators can update the email confirmation
if (!User.IsInRole(RoleNames.Admin))
{
user.EmailConfirmed = existing.EmailConfirmed;
}
user = await _userManager.UpdateUser(user);
}
else