From d80b05495875fd9c305f6534a036404cecfe1616 Mon Sep 17 00:00:00 2001
From: Tim Brandin <tim.brandin@gmail.com>
Date: Tue, 5 Apr 2016 01:38:13 +0200
Subject: [PATCH] Added setting for preventing login emails before confirming
 your email first time.

---
 README.md                                  |  3 +++
 imports/accounts_ui.js                     | 12 ++++++++++++
 imports/api/server/loginWithoutPassword.js |  6 ++++++
 3 files changed, 21 insertions(+)

diff --git a/README.md b/README.md
index 63af933..3cd3eae 100644
--- a/README.md
+++ b/README.md
@@ -77,6 +77,9 @@ Accounts.ui.config({
 * **passwordSignupFields**&nbsp;&nbsp;&nbsp; String  
   Which fields to display in the user creation form. One of `'USERNAME_AND_EMAIL'`, `'USERNAME_AND_OPTIONAL_EMAIL'`, `'USERNAME_ONLY'`, `'EMAIL_ONLY'`, `'USERNAME_AND_EMAIL_NO_PASSWORD'`, **`'EMAIL_ONLY_NO_PASSWORD'`** (**default**).
 
+* **requireEmailVerification**&nbsp;&nbsp;&nbsp; Boolean  
+  Set if the login *without password* should check if the user is verified before sending any login emails. Default is **false**.
+
 * **minimumPasswordLength**&nbsp;&nbsp;&nbsp; Number  
   Set the minimum number of password length for your application. Default so **7**.
 
diff --git a/imports/accounts_ui.js b/imports/accounts_ui.js
index f6b39e4..6167152 100644
--- a/imports/accounts_ui.js
+++ b/imports/accounts_ui.js
@@ -12,6 +12,7 @@ Accounts.ui._options = {
   requestPermissions: [],
   requestOfflineToken: {},
   forceApprovalPrompt: {},
+  requireEmailVerification: false,
   passwordSignupFields: 'EMAIL_ONLY_NO_PASSWORD',
   minimumPasswordLength: 7,
   loginPath: '/',
@@ -46,6 +47,7 @@ Accounts.ui.config = function(options) {
     'requestPermissions',
     'requestOfflineToken',
     'forbidClientAccountCreation',
+    'requireEmailVerification',
     'minimumPasswordLength',
     'loginPath',
     'signUpPath',
@@ -130,6 +132,16 @@ Accounts.ui.config = function(options) {
     });
   }
 
+  // deal with `requireEmailVerification`
+  if (options.requireEmailVerification) {
+    if (typeof options.requireEmailVerification != 'boolean') {
+      throw new Error(`Accounts.ui.config: "requireEmailVerification" not a boolean`);
+    }
+    else {
+      Accounts.ui._options.requireEmailVerification = options.requireEmailVerification;
+    }
+  }
+
   // deal with `minimumPasswordLength`
   if (options.minimumPasswordLength) {
     if (typeof options.minimumPasswordLength != 'number') {
diff --git a/imports/api/server/loginWithoutPassword.js b/imports/api/server/loginWithoutPassword.js
index 0fd4f90..7aff005 100644
--- a/imports/api/server/loginWithoutPassword.js
+++ b/imports/api/server/loginWithoutPassword.js
@@ -30,6 +30,12 @@ Meteor.methods({loginWithoutPassword: function ({ email, username = null }) {
       throw new Meteor.Error(403, "User not found");
   }
 
+  if (Accounts.ui._options.requireEmailVerification) {
+    if (user.emails[0].verified) {
+      throw new Meteor.Error(403, "Email not verified");
+    }
+  }
+
   Accounts.sendLoginEmail(user._id, email);
 }});