fix: Conditional email verification not working in some cases if verifyUserEmails, preventLoginWithUnverifiedEmail set to functions (#8838)

2023-12-26 21:01:27 +01:00
parent f9dde4a9f8
commit 8e7a6b1480
5 changed files with 62 additions and 37 deletions
--- a/src/RestWrite.js
+++ b/src/RestWrite.js
@@ -930,31 +930,25 @@ RestWrite.prototype.createSessionTokenIfNeeded = async function () {
  if (this.auth.user && this.data.authData) {
    return;
  }
-  if (
-    !this.storage.authProvider && // signup call, with
-    this.config.preventLoginWithUnverifiedEmail === true && // no login without verification
-    this.config.verifyUserEmails
-  ) {
-    // verification is on
-    this.storage.rejectSignup = true;
-    return;
-  }
-  if (!this.storage.authProvider && this.config.verifyUserEmails) {
-    let shouldPreventUnverifedLogin = this.config.preventLoginWithUnverifiedEmail;
-    if (typeof this.config.preventLoginWithUnverifiedEmail === 'function') {
-      const { originalObject, updatedObject } = this.buildParseObjects();
-      const request = {
-        original: originalObject,
-        object: updatedObject,
-        master: this.auth.isMaster,
-        ip: this.config.ip,
-        installationId: this.auth.installationId,
-      };
-      shouldPreventUnverifedLogin = await Promise.resolve(
-        this.config.preventLoginWithUnverifiedEmail(request)
-      );
-    }
-    if (shouldPreventUnverifedLogin === true) {
+  // If sign-up call
+  if (!this.storage.authProvider) {
+    // Create request object for verification functions
+    const { originalObject, updatedObject } = this.buildParseObjects();
+    const request = {
+      original: originalObject,
+      object: updatedObject,
+      master: this.auth.isMaster,
+      ip: this.config.ip,
+      installationId: this.auth.installationId,
+    };
+    // Get verification conditions which can be booleans or functions; the purpose of this async/await
+    // structure is to avoid unnecessarily executing subsequent functions if previous ones fail in the
+    // conditional statement below, as a developer may decide to execute expensive operations in them
+    const verifyUserEmails = async () => this.config.verifyUserEmails === true || (typeof this.config.verifyUserEmails === 'function' && await Promise.resolve(this.config.verifyUserEmails(request)) === true);
+    const preventLoginWithUnverifiedEmail = async () => this.config.preventLoginWithUnverifiedEmail === true || (typeof this.config.preventLoginWithUnverifiedEmail === 'function' && await Promise.resolve(this.config.preventLoginWithUnverifiedEmail(request)) === true);
+    // If verification is required
+    if (await verifyUserEmails() && await preventLoginWithUnverifiedEmail()) {
+      this.storage.rejectSignup = true;
      return;
    }
  }