Improve email verification (#3681)

* Removed hidden keys from users/me. * Ensured that general users cannot update email verified flag. * Updated tests to reflect email verification changes.
2017-05-11 23:14:58 +09:30
parent 81a55e655d
commit 877ef78b5e
3 changed files with 133 additions and 0 deletions
--- a/src/Routers/UsersRouter.js
+++ b/src/Routers/UsersRouter.js
@@ -57,6 +57,17 @@ export class UsersRouter extends ClassesRouter {
          const user = response.results[0].user;
          // Send token back on the login, because SDKs expect that.
          user.sessionToken = sessionToken;
+
+          // Remove hidden properties.
+          for (var key in user) {
+            if (user.hasOwnProperty(key)) {
+              // Regexp comes from Parse.Object.prototype.validate
+              if (key !== "__type" && !(/^[A-Za-z][0-9A-Za-z_]*$/).test(key)) {
+                delete user[key];
+              }
+            }
+          }
+
          return { response: user };
        }
      });