From 92e02c1d0c67b0908b4942e81433a29ad15eb8d2 Mon Sep 17 00:00:00 2001
From: Yeuoly <admin@srmxy.cn>
Date: Fri, 13 Dec 2024 20:21:02 +0800
Subject: [PATCH] fix: avoid sending email to unauth users

---
 api/services/account_service.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/api/services/account_service.py b/api/services/account_service.py
index 24f005f1e1..c56d220414 100644
--- a/api/services/account_service.py
+++ b/api/services/account_service.py
@@ -390,7 +390,14 @@ class AccountService:
     def send_email_code_login_email(
         cls, account: Optional[Account] = None, email: Optional[str] = None, language: Optional[str] = "en-US"
     ):
-        if cls.email_code_login_rate_limiter.is_rate_limited(email):
+        if email:
+            if not AccountService.verify_account_whitelist(email):
+                raise ValueError("Account is not whitelisted")
+        elif account:
+            if not AccountService.verify_account_whitelist(account.email):
+                raise ValueError("Account is not whitelisted")
+
+        if cls.email_code_login_rate_limiter.is_rate_limited(account_email):
             from controllers.console.auth.error import EmailCodeLoginRateLimitExceededError
 
             raise EmailCodeLoginRateLimitExceededError()