Return error response when user not verified
Summary
We currently have no option to check whether a user has actually validated their email address, we want need an API endpoint so the FE can act accordingly.
Acceptance Criteria
-
POST /tokens/create
returns403
for a user with an unverified email address
Additional Notes / Information
Technical Information
Suggested Implementation
-
Adapt API endpoint POST /tokens/create
to return403 Forbidden
if user is not verified-
Check if https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/cognito-idp/client/get_user.html UserNotConfirmedException
is raised for user with unverified email address
Testing requires cognito credentials from AWS console -
Use moto library for testing -
If that is the case, call above method in POST /tokens/create
and catch that exception -
If exception appears, return 403
with messageUnverified email address
-
Edited by Sara Grau