feat: Add new Parse Server option preventSignupWithUnverifiedEmail to prevent returning a user without session token on sign-up with unverified email address (#8451)

2023-06-08 05:51:53 +10:00
parent 0ce3692759
commit 82da30842a
6 changed files with 88 additions and 74 deletions
--- a/src/Options/index.js
+++ b/src/Options/index.js
@@ -165,6 +165,13 @@ export interface ParseServerOptions {
  Requires option `verifyUserEmails: true`.
  :DEFAULT: false */
  preventLoginWithUnverifiedEmail: ?boolean;
+  /* If set to `true` it prevents a user from signing up if the email has not yet been verified and email verification is required. In that case the server responds to the sign-up with HTTP status 400 and a Parse Error 205 `EMAIL_NOT_FOUND`. If set to `false` the server responds with HTTP status 200, and client SDKs return an unauthenticated Parse User without session token. In that case subsequent requests fail until the user's email address is verified.
+  <br><br>
+  Default is `false`.
+  <br>
+  Requires option `verifyUserEmails: true`.
+  :DEFAULT: false */
+  preventSignupWithUnverifiedEmail: ?boolean;
  /* Set the validity duration of the email verification token in seconds after which the token expires. The token is used in the link that is set in the email. After the token expires, the link becomes invalid and a new link has to be sent. If the option is not set or set to `undefined`, then the token never expires.
  <br><br>
  For example, to expire the token after 2 hours, set a value of 7200 seconds (= 60 seconds * 60 minutes * 2 hours).