fix 403 checks

2025-09-08 17:40:27 +00:00 · 2024-10-06 16:09:36 +09:00 · 2024-10-06 16:09:36 +09:00 · 25c54572a7
commit 25c54572a7
parent f5b1b80f4c
4 changed files with 4 additions and 4 deletions
--- a/src/routes/reset-password/2fa/passkey/+server.ts
+++ b/src/routes/reset-password/2fa/passkey/+server.ts
@ -24,7 +24,7 @@ export async function POST(event: RequestEvent) {
 			status: 401
 		});
 	}
-	if (!user.emailVerified || !user.registeredPasskey || session.twoFactorVerified) {
+	if (!session.emailVerified || !user.registeredPasskey || session.twoFactorVerified) {
 		return new Response("Forbidden", {
 			status: 403
 		});
--- a/src/routes/reset-password/2fa/recovery-code/+page.server.ts
+++ b/src/routes/reset-password/2fa/recovery-code/+page.server.ts
@ -35,7 +35,7 @@ async function action(event: RequestEvent) {
 			message: "Not authenticated"
 		});
 	}
-	if (!user.emailVerified || !user.registered2FA || session.twoFactorVerified) {
+	if (!session.emailVerified || !user.registered2FA || session.twoFactorVerified) {
 		return fail(403, {
 			message: "Forbidden"
 		});
--- a/src/routes/reset-password/2fa/security-key/+server.ts
+++ b/src/routes/reset-password/2fa/security-key/+server.ts
@ -24,7 +24,7 @@ export async function POST(event: RequestEvent) {
 			status: 401
 		});
 	}
-	if (!user.emailVerified || !user.registeredSecurityKey || session.twoFactorVerified) {
+	if (!session.emailVerified || !user.registeredSecurityKey || session.twoFactorVerified) {
 		return new Response("Forbidden", {
 			status: 403
 		});
--- a/src/routes/reset-password/2fa/totp/+page.server.ts
+++ b/src/routes/reset-password/2fa/totp/+page.server.ts
@ -40,7 +40,7 @@ async function action(event: RequestEvent) {
 			message: "Not authenticated"
 		});
 	}
-	if (!user.emailVerified || !user.registeredTOTP || session.twoFactorVerified) {
+	if (!session.emailVerified || !user.registeredTOTP || session.twoFactorVerified) {
 		return fail(403, {
 			message: "Forbidden"
 		});