Handle missing Discord email sooner. Make sure emails are verified. #390
Conversation
| 'User needs an email to make a payment. If using the usernameAndPassword Auth method, switch to an Auth method that provides an email.' | ||
| ); | ||
| // If using the usernameAndPassword Auth method, switch to an Auth method that provides an email. | ||
| throw new HttpError(403, 'User needs an email to make a payment.'); |
There was a problem hiding this comment.
Just to double check: you removed the details because this is a user-facing error?
There was a problem hiding this comment.
Yes, it didn't feel correct to give developer instructions in a user-facing error.
| - isAdmin: (data) => { | ||
| - const emailData = emailDataSchema.parse(data); | ||
| - return adminEmails.includes(emailData.email); | ||
| - }, |
There was a problem hiding this comment.
How come the example app removes this isAdmin check.
I can see it also does this in the old version of the code, but why?
There was a problem hiding this comment.
In the example app everyone is an admin so they can test out the admin panel :)
There was a problem hiding this comment.
If you visit https://opensaas.sh/admin you'll notice you can see it with any account.
There was a problem hiding this comment.
Ah, I had a feeling it has something to do with that.
But does that mean that the default behavior is that "if "adminicity" isn't defined, everyone is an admin?"
you'll notice you can see it with any account.
For this feature, I'd expect isAdmin to be a function that just returns true.
There was a problem hiding this comment.
The default is set to true in the Prisma schema in the opensaas.sh. Should we create an issue to change that? I think this is fine, it's a demo app we maintain.
This PR:
emailisAdminfield