Added setting for preventing login emails before confirming your email first time.

README.md

@@ -77,6 +77,9 @@ Accounts.ui.config({
 * **passwordSignupFields**    String  
   Which fields to display in the user creation form. One of `'USERNAME_AND_EMAIL'`, `'USERNAME_AND_OPTIONAL_EMAIL'`, `'USERNAME_ONLY'`, `'EMAIL_ONLY'`, `'USERNAME_AND_EMAIL_NO_PASSWORD'`, **`'EMAIL_ONLY_NO_PASSWORD'`** (**default**).
 
+* **requireEmailVerification**    Boolean  
+  Set if the login *without password* should check if the user is verified before sending any login emails. Default is **false**.
+
 * **minimumPasswordLength**    Number  
   Set the minimum number of password length for your application. Default so **7**.
 

imports/accounts_ui.js

@@ -12,6 +12,7 @@ Accounts.ui._options = {
   requestPermissions: [],
   requestOfflineToken: {},
   forceApprovalPrompt: {},
+  requireEmailVerification: false,
   passwordSignupFields: 'EMAIL_ONLY_NO_PASSWORD',
   minimumPasswordLength: 7,
   loginPath: '/',
@@ -46,6 +47,7 @@ Accounts.ui.config = function(options) {
     'requestPermissions',
     'requestOfflineToken',
     'forbidClientAccountCreation',
+    'requireEmailVerification',
     'minimumPasswordLength',
     'loginPath',
     'signUpPath',
@@ -130,6 +132,16 @@ Accounts.ui.config = function(options) {
     });
   }
 
+  // deal with `requireEmailVerification`
+  if (options.requireEmailVerification) {
+    if (typeof options.requireEmailVerification != 'boolean') {
+      throw new Error(`Accounts.ui.config: "requireEmailVerification" not a boolean`);
+    }
+    else {
+      Accounts.ui._options.requireEmailVerification = options.requireEmailVerification;
+    }
+  }
+
   // deal with `minimumPasswordLength`
   if (options.minimumPasswordLength) {
     if (typeof options.minimumPasswordLength != 'number') {

imports/api/server/loginWithoutPassword.js

@@ -30,6 +30,12 @@ Meteor.methods({loginWithoutPassword: function ({ email, username = null }) {
       throw new Meteor.Error(403, "User not found");
   }
 
+  if (Accounts.ui._options.requireEmailVerification) {
+    if (user.emails[0].verified) {
+      throw new Meteor.Error(403, "Email not verified");
+    }
+  }
+
   Accounts.sendLoginEmail(user._id, email);
 }});