feat: Add new Parse Server option preventSignupWithUnverifiedEmail to prevent returning a user without session token on sign-up with unverified email address (#8451)

2023-06-08 05:51:53 +10:00
parent 0ce3692759
commit 82da30842a
6 changed files with 88 additions and 74 deletions
--- a/src/RestWrite.js
+++ b/src/RestWrite.js
@@ -160,6 +160,9 @@ RestWrite.prototype.execute = function () {
          this.response.response.authDataResponse = this.authDataResponse;
        }
      }
+      if (this.storage.rejectSignup && this.config.preventSignupWithUnverifiedEmail) {
+        throw new Parse.Error(Parse.Error.EMAIL_NOT_FOUND, 'User email is not verified.');
+      }
      return this.response;
    });
 };
@@ -879,7 +882,8 @@ RestWrite.prototype.createSessionTokenIfNeeded = function () {
    this.config.verifyUserEmails
  ) {
    // verification is on
-    return; // do not create the session token in that case!
+    this.storage.rejectSignup = true;
+    return;
  }
  return this.createSessionToken();
 };