joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Ensure we respond with invalid password even if email is unverified (#4708)

Browse Source
This commit is contained in:
dblythy
2018-04-12 05:39:32 +10:00
committed by Florent Vilmart
parent 8380107e6b
commit 22801d2d8f
1 changed files with 3 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/Routers/UsersRouter.js
View File

@@ -103,9 +103,6 @@ export class UsersRouter extends ClassesRouter {
user = results[0]; user = results[0];
} }
if (req.config.verifyUserEmails && req.config.preventLoginWithUnverifiedEmail && !user.emailVerified) {
throw new Parse.Error(Parse.Error.EMAIL_NOT_FOUND, 'User email is not verified.');
}
return passwordCrypto.compare(password, user.password); return passwordCrypto.compare(password, user.password);
}) })
.then((correct) => { .then((correct) => {
@@ -117,7 +114,9 @@ export class UsersRouter extends ClassesRouter {
if (!isValidPassword) { if (!isValidPassword) {
throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Invalid username/password.'); throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Invalid username/password.');
} }
if (req.config.verifyUserEmails && req.config.preventLoginWithUnverifiedEmail && !user.emailVerified) {
throw new Parse.Error(Parse.Error.EMAIL_NOT_FOUND, 'User email is not verified.');
}
// handle password expiry policy // handle password expiry policy
if (req.config.passwordPolicy && req.config.passwordPolicy.maxPasswordAge) { if (req.config.passwordPolicy && req.config.passwordPolicy.maxPasswordAge) {
let changedAt = user._password_changed_at; let changedAt = user._password_changed_at;