From 62642ffbd6d7d81e9881a2e1bf88a5b69dbd546e Mon Sep 17 00:00:00 2001
From: xbgmsharp <xbgmsharp@gmail.com>
Date: Fri, 24 Feb 2023 15:59:08 +0100
Subject: [PATCH] Enforce OTP verification on login

---
 initdb/02_4_signalk_auth.sql | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/initdb/02_4_signalk_auth.sql b/initdb/02_4_signalk_auth.sql
index 13e8468..6cd66f9 100644
--- a/initdb/02_4_signalk_auth.sql
+++ b/initdb/02_4_signalk_auth.sql
@@ -172,6 +172,8 @@ declare
   _role name;
   result auth.jwt_token;
   app_jwt_secret text;
+  _email_valid boolean := false;
+  _email text := email;
 begin
   -- check email and password
   select auth.user_role(email, pass) into _role;
@@ -184,6 +186,16 @@ begin
     FROM app_settings
     WHERE name = 'app.jwt_secret';
 
+  -- Check email_valid and generate OTP
+  SELECT preferences['email_valid'] INTO _email_valid
+              FROM auth.accounts a
+              WHERE a.email = _email;
+  IF _email_valid is null or _email_valid is False THEN
+    INSERT INTO process_queue (channel, payload, stored)
+      VALUES ('email_otp', email, now());
+  END IF;
+
+  -- Generate jwt
   select jwt.sign(
   --    row_to_json(r), ''
   --    row_to_json(r)::json, current_setting('app.jwt_secret')::text