fix: requirement for email_confirmed in backend

KernelDeimos · KernelDeimos · commit 6e325fa000f1 · 2024-08-18T00:42:58.000-04:00
diff --git a/src/backend/src/api/APIError.js b/src/backend/src/api/APIError.js
@@ -470,7 +470,8 @@ module.exports = class APIError {
         },
         'email_must_be_confirmed': {
             status: 422,
-            message: 'Email must be confirmed to apply a share.',
+            message: ({action}) =>
+                `Email must be confirmed to ${action ?? 'apply a share'}.`,
         },
         'no_need_to_request': {
             status: 422,
diff --git a/src/backend/src/routers/auth/configure-2fa.js b/src/backend/src/routers/auth/configure-2fa.js
@@ -105,6 +105,12 @@ module.exports = eggspress('/auth/configure-2fa/:action', {
         }
 
         const user = await get_user({ id: req.user.id, force: true });
+        
+        if ( ! user.email_confirmed ) {
+            throw APIError.create('email_must_be_confirmed', null, {
+                action: 'enable 2FA'
+            });
+        }
 
         // Verify that 2FA isn't already enabled
         if ( user.otp_enabled ) {
