diff --git a/src/backend/src/api/APIError.js b/src/backend/src/api/APIError.js index ed188c071..93bee20fc 100644 --- a/src/backend/src/api/APIError.js +++ b/src/backend/src/api/APIError.js @@ -470,7 +470,8 @@ module.exports = class APIError { }, 'email_must_be_confirmed': { status: 422, - message: 'Email must be confirmed to apply a share.', + message: ({action}) => + `Email must be confirmed to ${action ?? 'apply a share'}.`, }, 'no_need_to_request': { status: 422, diff --git a/src/backend/src/routers/auth/configure-2fa.js b/src/backend/src/routers/auth/configure-2fa.js index 5f1b44420..9c3c461e4 100644 --- a/src/backend/src/routers/auth/configure-2fa.js +++ b/src/backend/src/routers/auth/configure-2fa.js @@ -105,6 +105,12 @@ module.exports = eggspress('/auth/configure-2fa/:action', { } const user = await get_user({ id: req.user.id, force: true }); + + if ( ! user.email_confirmed ) { + throw APIError.create('email_must_be_confirmed', null, { + action: 'enable 2FA' + }); + } // Verify that 2FA isn't already enabled if ( user.otp_enabled ) {