[feature] add authorization to the already-existing authentication (#365)

* add ensureUserIsAuthorizedOrRedirect to /oauth/authorize

* adding authorization (email confirm, account approve, etc) to TokenCheck

* revert un-needed changes to signin.go

* oops what happened here

* error css

* add account.SuspendedAt check

* remove redundant checks from oauth util Authed function

* wip tests

* tests passing

* stop stripping useful information from ErrAlreadyExists

* that feeling of scraping the dryer LINT off the screen

* oops I didn't mean to get rid of this NewTestRouter function

* make tests work with recorder

* re-add ConfigureTemplatesWithGin to handle template path err

Co-authored-by: tsmethurst <tobi.smethurst@protonmail.com>

1 files changed, 4 insertions, 17 deletions

diff --git a/internal/oauth/util.go b/internal/oauth/util.go
index 540045f80..6f69f0ee4 100644
--- a/internal/oauth/util.go
+++ b/internal/oauth/util.go
@@ -78,25 +78,12 @@ func Authed(c *gin.Context, requireToken bool, requireApp bool, requireUser bool
 		return nil, errors.New("application not supplied")
 	}
 
-	if requireUser {
-		if a.User == nil {
-			return nil, errors.New("user not supplied")
-		}
-		if a.User.Disabled || !a.User.Approved {
-			return nil, errors.New("user disabled or not approved")
-		}
-		if a.User.Email == "" {
-			return nil, errors.New("user has no confirmed email address")
-		}
+	if requireUser && a.User == nil {
+		return nil, errors.New("user not supplied or not authorized")
 	}
 
-	if requireAccount {
-		if a.Account == nil {
-			return nil, errors.New("account not supplied")
-		}
-		if !a.Account.SuspendedAt.IsZero() {
-			return nil, errors.New("account suspended")
-		}
+	if requireAccount && a.Account == nil {
+		return nil, errors.New("account not supplied or not authorized")
 	}
 
 	return a, nil