From 039f69fa82da3f0f80e6f218d30f4d0e369c5425 Mon Sep 17 00:00:00 2001
From: Julian Gallimore <julian@mactwister.com>
Date: Tue, 21 Nov 2023 13:56:32 +0100
Subject: [PATCH] Only verified should be able to use OAuth signin

To help cercumvent spam, check users are verified before proceding to allow login to 3rd parties.
---
 config/initializers/doorkeeper.rb | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb
index 5eb0d41d..9ca7352c 100644
--- a/config/initializers/doorkeeper.rb
+++ b/config/initializers/doorkeeper.rb
@@ -10,10 +10,11 @@
 
   # This block will be called to check whether the resource owner is authenticated or not.
   resource_owner_authenticator do
-    # raise "Please configure doorkeeper resource_owner_authenticator block located in #{__FILE__}"
-    # Put your resource owner authentication logic here.
-    # Example implementation:
-    User.find_by_id(session[:user_id]) || redirect_to(signin_url(goto: request.fullpath))
+    if current_user and current_user.verified?
+      current_user
+    else
+      redirect_to(signin_url(goto: request.fullpath))
+    end
   end
 
   # If you didn't skip applications controller from Doorkeeper routes in your application routes.rb