Update main.py

main.py

@@ -51,7 +51,7 @@ async def login_post(
         raise HTTPException(status_code=400, detail="Invalid email or password")
 
     user = authenticate_user(db, email, password)
-    if user:
+    if user and user.is_verified:  # Check if user is verified
         access_token = auth_views.create_access_token(
             data={"sub": user.email},
             expires_delta=timedelta(minutes=auth_views.ACCESS_TOKEN_EXPIRE_MINUTES)
@@ -60,9 +60,17 @@ async def login_post(
         response = RedirectResponse(url="/protected", status_code=status.HTTP_303_SEE_OTHER)
         response.set_cookie(key="access_token", value=f"Bearer {access_token}", httponly=True)
         return response
+    elif user and not user.is_verified:  # User is not verified
+        raise HTTPException(
+            status_code=400,
+            detail="You must verify your email before accessing this resource."
+        )
     else:
-        return templates.TemplateResponse("login.html", {"request": request, "error_message": "Invalid email or password"})
-
+        # If authentication fails, return to the login page with an error message
+        return templates.TemplateResponse(
+            "login.html", 
+            {"request": request, "error_message": "Invalid email or password"}
+        )
 @app.get("/register", response_class=HTMLResponse)
 async def register_get(request: Request):
     return templates.TemplateResponse("register.html", {"request": request})