From 20fffc85c1c1a18c4693ab0191f8d0bcbd046a63 Mon Sep 17 00:00:00 2001
From: Jack Case <jackacase@gmail.com>
Date: Sat, 15 Nov 2025 15:53:02 +0000
Subject: [PATCH] check if email is verified when authorizing

---
 slopserver/server.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/slopserver/server.py b/slopserver/server.py
index c975570..de976b3 100644
--- a/slopserver/server.py
+++ b/slopserver/server.py
@@ -191,6 +191,8 @@ def simple_login(username: Annotated[str, Form()], password: Annotated[str, Form
     user = auth_user(username, password, DB_ENGINE)
     if not user:
         raise HTTPException(status_code=401, detail="Incorrect username or password")
+    if not user.email_verified:
+        raise HTTPException(status_code=401, detail="Unverified email address")
     token = generate_auth_token(username)
     return {"access_token": token, "token_type": "bearer"}