fix: Issue #4142 (#4144)

* Tweaks test in order to show the error - Session is effectively created when it should not * Do not create a session when users need verified accounts on signup
2017-09-11 11:07:39 -04:00
parent 839a117246
commit a660a0c25f
2 changed files with 9 additions and 1 deletions
--- a/src/RestWrite.js
+++ b/src/RestWrite.js
@@ -548,6 +548,11 @@ RestWrite.prototype.createSessionTokenIfNeeded = function() {
  if (this.query) {
    return;
  }
+  if (!this.storage['authProvider'] // signup call, with
+      && this.config.preventLoginWithUnverifiedEmail // no login without verification
+      && this.config.verifyUserEmails) { // verification is on
+    return; // do not create the session token in that case!
+  }
  return this.createSessionToken();
 }