From 8f9349fb925e0f2039b24cfd3bfbf7516e31b651 Mon Sep 17 00:00:00 2001
From: Gradyn Wursten <me@gradyn.com>
Date: Tue, 31 Oct 2023 14:22:02 -0600
Subject: [PATCH] include email verification status in jwts

---
 JournalyApiV2/Services/BLL/AuthService.cs | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/JournalyApiV2/Services/BLL/AuthService.cs b/JournalyApiV2/Services/BLL/AuthService.cs
index 3a35f33..bc8a077 100644
--- a/JournalyApiV2/Services/BLL/AuthService.cs
+++ b/JournalyApiV2/Services/BLL/AuthService.cs
@@ -32,7 +32,7 @@ public AuthService(UserManager<JournalyUser> userManager, IConfiguration config,
         _emailService = emailService;
     }
 
-    private string GenerateJwtToken(string userId, string email, string givenName, string familyName, int tokenId)
+    private string GenerateJwtToken(string userId, string email, string givenName, string familyName, int tokenId, bool verified)
     {
         var claims = new List<Claim>
         {
@@ -41,7 +41,8 @@ private string GenerateJwtToken(string userId, string email, string givenName, s
             new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
             new Claim(JwtRegisteredClaimNames.GivenName, givenName),
             new Claim(JwtRegisteredClaimNames.FamilyName, familyName),
-            new Claim("token_id", tokenId.ToString())
+            new Claim("token_id", tokenId.ToString()),
+            new Claim("email_verified", verified ? "true" : "false")
         };
 
         var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config["Identity:Key"]));
@@ -72,7 +73,7 @@ public async Task<AuthenticationResponse> SignIn(string email, string password)
             var refreshToken = await _authDbService.NewRefreshTokenAsync(Guid.Parse(user.Id));
             return new AuthenticationResponse
             {
-                Token = GenerateJwtToken(user.Id, email, user.FirstName, user.LastName, refreshToken.TokenId),
+                Token = GenerateJwtToken(user.Id, email, user.FirstName, user.LastName, refreshToken.TokenId, user.EmailConfirmed),
                 ExpiresIn = _config.GetValue<int>("Identity:ExpireSeconds"),
                 RefreshToken = refreshToken.Token
             };
@@ -123,7 +124,7 @@ public async Task<AuthenticationResponse> RefreshToken(string refreshToken)
         {
             RefreshToken = newToken.Token,
             ExpiresIn = _config.GetValue<int>("Identity:ExpireSeconds"),
-            Token = GenerateJwtToken(user.Id, user.Email, user.FirstName, user.LastName, newToken.TokenId)
+            Token = GenerateJwtToken(user.Id, user.Email, user.FirstName, user.LastName, newToken.TokenId, user.EmailConfirmed)
         };
     }
 
@@ -139,7 +140,7 @@ public async Task<AuthenticationResponse> ChangeName(string firstName, string la
         // Generate new JWT and associated refresh token with the name updated
         await _authDbService.VoidRefreshTokensAsync(tokenId);
         var refreshToken = await _authDbService.NewRefreshTokenAsync(userId);
-        var accessToken = GenerateJwtToken(userId.ToString(), user.Email, firstName, lastName, refreshToken.TokenId);
+        var accessToken = GenerateJwtToken(userId.ToString(), user.Email, firstName, lastName, refreshToken.TokenId, user.EmailConfirmed);
         
         return new AuthenticationResponse
         {
@@ -161,7 +162,7 @@ public async Task<AuthenticationResponse> ChangeEmail(string email, Guid userId,
         // Generate new JWT and associated refresh token with the name updated
         await _authDbService.VoidRefreshTokensAsync(tokenId);
         var refreshToken = await _authDbService.NewRefreshTokenAsync(userId);
-        var accessToken = GenerateJwtToken(userId.ToString(), email, user.FirstName, user.LastName, refreshToken.TokenId);
+        var accessToken = GenerateJwtToken(userId.ToString(), email, user.FirstName, user.LastName, refreshToken.TokenId, user.EmailConfirmed);
         
         return new AuthenticationResponse
         {