joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add new Parse Server option preventSignupWithUnverifiedEmail to prevent returning a user without session token on sign-up with unverified email address (#8451)

Browse Source
This commit is contained in:
Daniel
2023-06-08 05:51:53 +10:00
committed by GitHub
parent 0ce3692759
commit 82da30842a
6 changed files with 88 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

101
spec/ValidationAndPasswordsReset.spec.js
View File

@@ -242,8 +242,7 @@ describe('Custom Pages, Email Verification, Password Reset', () => {
});
});
it('allows user to login only after user clicks on the link to confirm email address if preventLoginWithUnverifiedEmail is set to true', done => {
const user = new Parse.User();
it('allows user to login only after user clicks on the link to confirm email address if preventLoginWithUnverifiedEmail is set to true', async () => {
let sendEmailOptions;
const emailAdapter = {
sendVerificationEmail: options => {
@@ -252,59 +251,32 @@ describe('Custom Pages, Email Verification, Password Reset', () => {
sendPasswordResetEmail: () => Promise.resolve(),
sendMail: () => {},
};
reconfigureServer({
await reconfigureServer({
appName: 'emailing app',
verifyUserEmails: true,
preventLoginWithUnverifiedEmail: true,
emailAdapter: emailAdapter,
publicServerURL: 'http://localhost:8378/1',
})
.then(() => {
user.setPassword('other-password');
user.setUsername('user');
user.set('email', 'user@parse.com');
return user.signUp();
})
.then(() => {
expect(sendEmailOptions).not.toBeUndefined();
request({
url: sendEmailOptions.link,
followRedirects: false,
}).then(response => {
expect(response.status).toEqual(302);
expect(response.text).toEqual(
'Found. Redirecting to http://localhost:8378/1/apps/verify_email_success.html?username=user'
);
user
.fetch({ useMasterKey: true })
.then(
() => {
expect(user.get('emailVerified')).toEqual(true);
Parse.User.logIn('user', 'other-password').then(
user => {
expect(typeof user).toBe('object');
expect(user.get('emailVerified')).toBe(true);
done();
},
() => {
fail('login should have succeeded');
done();
}
);
},
err => {
jfail(err);
fail('this should not fail');
done();
}
)
.catch(err => {
jfail(err);
done();
});
});
});
});
let user = new Parse.User();
user.setPassword('other-password');
user.setUsername('user');
user.set('email', 'user@example.com');
await user.signUp();
expect(sendEmailOptions).not.toBeUndefined();
const response = await request({
url: sendEmailOptions.link,
followRedirects: false,
});
expect(response.status).toEqual(302);
expect(response.text).toEqual(
'Found. Redirecting to http://localhost:8378/1/apps/verify_email_success.html?username=user'
);
user = await new Parse.Query(Parse.User).first({ useMasterKey: true });
expect(user.get('emailVerified')).toEqual(true);
user = await Parse.User.logIn('user', 'other-password');
expect(typeof user).toBe('object');
expect(user.get('emailVerified')).toBe(true);
});
it('allows user to login if email is not verified but preventLoginWithUnverifiedEmail is set to false', done => {
@@ -345,6 +317,35 @@ describe('Custom Pages, Email Verification, Password Reset', () => {
});
});
it('does not allow signup with preventSignupWithUnverified', async () => {
let sendEmailOptions;
const emailAdapter = {
sendVerificationEmail: options => {
sendEmailOptions = options;
},
sendPasswordResetEmail: () => Promise.resolve(),
sendMail: () => {},
};
await reconfigureServer({
appName: 'test',
publicServerURL: 'http://localhost:1337/1',
verifyUserEmails: true,
preventLoginWithUnverifiedEmail: true,
preventSignupWithUnverifiedEmail: true,
emailAdapter,
});
const newUser = new Parse.User();
newUser.setPassword('asdf');
newUser.setUsername('zxcv');
newUser.set('email', 'test@example.com');
await expectAsync(newUser.signUp()).toBeRejectedWith(
new Parse.Error(Parse.Error.EMAIL_NOT_FOUND, 'User email is not verified.')
);
const user = await new Parse.Query(Parse.User).first({ useMasterKey: true });
expect(user).toBeDefined();
expect(sendEmailOptions).toBeDefined();
});
it('fails if you include an emailAdapter, set a publicServerURL, but have no appName and send a password reset email', done => {
reconfigureServer({
appName: undefined,

40
spec/VerifyUserPassword.spec.js
View File

@@ -353,8 +353,9 @@ describe('Verify User Password', () => {
done();
});
});
it('fails to verify password when preventLoginWithUnverifiedEmail is set to true REST API', done => {
reconfigureServer({
it('fails to verify password when preventLoginWithUnverifiedEmail is set to true REST API', async () => {
await reconfigureServer({
publicServerURL: 'http://localhost:8378/',
appName: 'emailVerify',
verifyUserEmails: true,
@@ -364,28 +365,21 @@ describe('Verify User Password', () => {
apiKey: 'k',
domain: 'd',
}),
})
.then(() => {
const user = new Parse.User();
return user.save({
username: 'unverified-user',
password: 'mypass',
email: 'unverified-email@user.com',
});
})
.then(() => {
return verifyPassword('unverified-email@user.com', 'mypass', true);
})
.then(res => {
expect(res.status).toBe(400);
expect(res.text).toMatch('{"code":205,"error":"User email is not verified."}');
done();
})
.catch(err => {
fail(err);
done();
});
});
const user = new Parse.User();
await user.save({
username: 'unverified-user',
password: 'mypass',
email: 'unverified-email@example.com',
});
const res = await verifyPassword('unverified-email@example.com', 'mypass', true);
expect(res.status).toBe(400);
expect(res.data).toEqual({
code: Parse.Error.EMAIL_NOT_FOUND,
error: 'User email is not verified.',
});
});
it('verify password lock account if failed verify password attempts are above threshold', done => {
reconfigureServer({
appName: 'lockout threshold',