Aktueller Stand

app/api/profile/route.ts

@@ -4,6 +4,7 @@ import { NextResponse } from "next/server";
 import { prisma } from "../../../lib/prisma";
 import { requireSession } from "../../../lib/auth-helpers";
 import { sendMail } from "../../../lib/mailer";
+import { getEmailVerificationRequired } from "../../../lib/system-settings";
 
 export async function PATCH(request: Request) {
   const { session } = await requireSession();
@@ -36,6 +37,7 @@ export async function PATCH(request: Request) {
   }
 
   const data: { email?: string; passwordHash?: string; emailVerified?: boolean } = {};
+  let emailVerificationRequired: boolean | null = null;
 
   if (normalizedEmail && normalizedEmail !== user.email) {
     const existing = await prisma.user.findUnique({ where: { email: normalizedEmail } });
@@ -46,7 +48,8 @@ export async function PATCH(request: Request) {
       );
     }
     data.email = normalizedEmail;
-    data.emailVerified = false;
+    emailVerificationRequired = await getEmailVerificationRequired();
+    data.emailVerified = !emailVerificationRequired;
   }
 
   if (newPassword) {
@@ -63,6 +66,17 @@ export async function PATCH(request: Request) {
   });
 
   if (data.email) {
+    const verificationRequired =
+      emailVerificationRequired ?? (await getEmailVerificationRequired());
+    if (!verificationRequired) {
+      return NextResponse.json({
+        id: updated.id,
+        email: updated.email,
+        changedEmail: true,
+        changedPassword: Boolean(data.passwordHash)
+      });
+    }
+
     const token = crypto.randomUUID();
     const expires = new Date(Date.now() + 24 * 60 * 60 * 1000);
     await prisma.verificationToken.create({