feat: fix forbidden and soft-delete check in forget password page

2025-07-02 03:00:18 +08:00 · 2024-01-19 22:13:02 +08:00
parent 88130bf020
commit 6a00657e42
2 changed files with 9 additions and 5 deletions
--- a/controllers/verification.go
+++ b/controllers/verification.go
@ -109,6 +109,15 @@ func (c *ApiController) SendVerificationCode() {
 			c.ResponseError(err.Error())
 			return
 		}
+		if user == nil || user.IsDeleted {
+			c.ResponseError(c.T("verification:the user does not exist, please sign up first"))
+			return
+		}
+
+		if user.IsForbidden {
+			c.ResponseError(c.T("check:The user is forbidden to sign in, please contact the administrator"))
+			return
+		}
 	}

 	// mfaUserSession != "", means method is MfaAuthVerification