From 25c54572a72b90f6e9a38c4f81ca721466f74bb5 Mon Sep 17 00:00:00 2001
From: pilcrowOnPaper <pilcrowonpaper@gmail.com>
Date: Sun, 6 Oct 2024 16:09:36 +0900
Subject: [PATCH] fix 403 checks

---
 src/routes/reset-password/2fa/passkey/+server.ts            | 2 +-
 src/routes/reset-password/2fa/recovery-code/+page.server.ts | 2 +-
 src/routes/reset-password/2fa/security-key/+server.ts       | 2 +-
 src/routes/reset-password/2fa/totp/+page.server.ts          | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/routes/reset-password/2fa/passkey/+server.ts b/src/routes/reset-password/2fa/passkey/+server.ts
index 0a4e50d..3680508 100644
--- a/src/routes/reset-password/2fa/passkey/+server.ts
+++ b/src/routes/reset-password/2fa/passkey/+server.ts
@@ -24,7 +24,7 @@ export async function POST(event: RequestEvent) {
 			status: 401
 		});
 	}
-	if (!user.emailVerified || !user.registeredPasskey || session.twoFactorVerified) {
+	if (!session.emailVerified || !user.registeredPasskey || session.twoFactorVerified) {
 		return new Response("Forbidden", {
 			status: 403
 		});
diff --git a/src/routes/reset-password/2fa/recovery-code/+page.server.ts b/src/routes/reset-password/2fa/recovery-code/+page.server.ts
index af79808..aaba977 100644
--- a/src/routes/reset-password/2fa/recovery-code/+page.server.ts
+++ b/src/routes/reset-password/2fa/recovery-code/+page.server.ts
@@ -35,7 +35,7 @@ async function action(event: RequestEvent) {
 			message: "Not authenticated"
 		});
 	}
-	if (!user.emailVerified || !user.registered2FA || session.twoFactorVerified) {
+	if (!session.emailVerified || !user.registered2FA || session.twoFactorVerified) {
 		return fail(403, {
 			message: "Forbidden"
 		});
diff --git a/src/routes/reset-password/2fa/security-key/+server.ts b/src/routes/reset-password/2fa/security-key/+server.ts
index 1f41435..76a2123 100644
--- a/src/routes/reset-password/2fa/security-key/+server.ts
+++ b/src/routes/reset-password/2fa/security-key/+server.ts
@@ -24,7 +24,7 @@ export async function POST(event: RequestEvent) {
 			status: 401
 		});
 	}
-	if (!user.emailVerified || !user.registeredSecurityKey || session.twoFactorVerified) {
+	if (!session.emailVerified || !user.registeredSecurityKey || session.twoFactorVerified) {
 		return new Response("Forbidden", {
 			status: 403
 		});
diff --git a/src/routes/reset-password/2fa/totp/+page.server.ts b/src/routes/reset-password/2fa/totp/+page.server.ts
index 050e2c4..a79ba3e 100644
--- a/src/routes/reset-password/2fa/totp/+page.server.ts
+++ b/src/routes/reset-password/2fa/totp/+page.server.ts
@@ -40,7 +40,7 @@ async function action(event: RequestEvent) {
 			message: "Not authenticated"
 		});
 	}
-	if (!user.emailVerified || !user.registeredTOTP || session.twoFactorVerified) {
+	if (!session.emailVerified || !user.registeredTOTP || session.twoFactorVerified) {
 		return fail(403, {
 			message: "Forbidden"
 		});