From eb45e8c3ce820a49137fb11a21bf38b050e97f22 Mon Sep 17 00:00:00 2001
From: Abdullah Atta <abdullahatta@streetwriters.co>
Date: Wed, 28 Jun 2023 17:12:49 +0500
Subject: [PATCH] identity: enable mfa after user confirms email

---
 .../Controllers/AccountController.cs          | 24 ++++++-------------
 1 file changed, 7 insertions(+), 17 deletions(-)

diff --git a/Streetwriters.Identity/Controllers/AccountController.cs b/Streetwriters.Identity/Controllers/AccountController.cs
index b5dc51c..91bd2b4 100644
--- a/Streetwriters.Identity/Controllers/AccountController.cs
+++ b/Streetwriters.Identity/Controllers/AccountController.cs
@@ -77,30 +77,20 @@ namespace Streetwriters.Identity.Controllers
                         var result = await UserManager.ConfirmEmailAsync(user, code);
                         if (!result.Succeeded) return BadRequest(result.Errors.ToErrors());
 
-
                         if (await UserManager.IsInRoleAsync(user, client.Id))
                         {
                             await client.OnEmailConfirmed(userId);
-                            // if (client.WelcomeEmailTemplateId != null)
-                            //     await EmailSender.SendWelcomeEmailAsync(user.Email, client);
+                        }
+
+                        if (!await UserManager.GetTwoFactorEnabledAsync(user))
+                        {
+                            await MFAService.EnableMFAAsync(user, MFAMethods.Email);
+                            user = await UserManager.GetUserAsync(User);
                         }
 
                         var redirectUrl = $"{client.EmailConfirmedRedirectURL}?userId={userId}";
                         return RedirectPermanent(redirectUrl);
                     }
-                // case TokenType.CHANGE_EMAIL:
-                //     {
-                //         var newEmail = user.Claims.Find((c) => c.ClaimType == "new_email");
-                //         if (newEmail == null) return BadRequest("Email change was not requested.");
-
-                //         var result = await UserManager.ChangeEmailAsync(user, newEmail.ClaimValue.ToString(), code);
-                //         if (result.Succeeded)
-                //         {
-                //             await UserManager.RemoveClaimAsync(user, newEmail.ToClaim());
-                //             return Ok("Email changed.");
-                //         }
-                //         return BadRequest("Could not change email.");
-                //     }
                 case TokenType.RESET_PASSWORD:
                     {
                         if (!await UserManager.VerifyUserTokenAsync(user, TokenOptions.DefaultProvider, "ResetPassword", code))
@@ -173,7 +163,7 @@ namespace Streetwriters.Identity.Controllers
             var claims = await UserManager.GetClaimsAsync(user);
             var marketingConsentClaim = claims.FirstOrDefault((claim) => claim.Type == $"{client.Id}:marketing_consent");
 
-            if (!await UserManager.GetTwoFactorEnabledAsync(user))
+            if (await UserManager.IsEmailConfirmedAsync(user) && !await UserManager.GetTwoFactorEnabledAsync(user))
             {
                 await MFAService.EnableMFAAsync(user, MFAMethods.Email);
                 user = await UserManager.GetUserAsync(User);