joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Adds ability to expire email verify token (#2216)

Browse Source
This commit is contained in:
Diwakar Cherukumilli
2016-07-19 01:10:36 -05:00
committed by Drew
parent 033bc317e6
commit 6f292059ba
10 changed files with 591 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/Controllers/DatabaseController.js
View File

@@ -44,7 +44,7 @@ const transformObjectACL = ({ ACL, ...result }) => {
return result;
}
const specialQuerykeys = ['$and', '$or', '_rperm', '_wperm', '_perishable_token', '_email_verify_token'];
const specialQuerykeys = ['$and', '$or', '_rperm', '_wperm', '_perishable_token', '_email_verify_token', '_email_verify_token_expires_at'];
const validateQuery = query => {
if (query.ACL) {
throw new Parse.Error(Parse.Error.INVALID_QUERY, 'Cannot query on ACL.');
@@ -176,7 +176,7 @@ const filterSensitiveData = (isMaster, aclGroup, className, object) => {
// acl: a list of strings. If the object to be updated has an ACL,
// one of the provided strings must provide the caller with
// write permissions.
const specialKeysForUpdate = ['_hashed_password', '_perishable_token', '_email_verify_token'];
const specialKeysForUpdate = ['_hashed_password', '_perishable_token', '_email_verify_token', '_email_verify_token_expires_at'];
DatabaseController.prototype.update = function(className, query, update, {
acl,
many,

22
src/Controllers/UserController.js
View File

@@ -36,6 +36,10 @@ export class UserController extends AdaptableController {
if (this.shouldVerifyEmails) {
user._email_verify_token = randomString(25);
user.emailVerified = false;
if (this.config.emailVerifyTokenValidityDuration) {
user._email_verify_token_expires_at = Parse._encode(this.config.generateEmailVerifyTokenExpiresAt());
}
}
}
@@ -45,10 +49,20 @@ export class UserController extends AdaptableController {
// TODO: Better error here.
throw undefined;
}
return this.config.database.update('_User', {
username: username,
_email_verify_token: token
}, {emailVerified: true}).then(document => {
let query = {username: username, _email_verify_token: token};
let updateFields = { emailVerified: true, _email_verify_token: {__op: 'Delete'}};
// if the email verify token needs to be validated then
// add additional query params and additional fields that need to be updated
if (this.config.emailVerifyTokenValidityDuration) {
query.emailVerified = false;
query._email_verify_token_expires_at = { $gt: Parse._encode(new Date()) };
updateFields._email_verify_token_expires_at = {__op: 'Delete'};
}
return this.config.database.update('_User', query, updateFields).then((document) => {
if (!document) {
throw undefined;
}