joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add event information to verifyUserEmails, preventLoginWithUnverifiedEmail to identify invoking signup / login action and auth provider (#9963)

Browse Source
This commit is contained in:
Palixir
2026-02-06 04:48:35 +01:00
committed by GitHub
parent 617de9989b
commit ed98c15f90
12 changed files with 350 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
src/Options/index.js
View File

@@ -43,6 +43,22 @@ type RequestKeywordDenylist = {
key: string | any,
value: any,
};
type EmailVerificationRequest = {
original?: any,
object: any,
master?: boolean,
ip?: string,
installationId?: string,
createdWith?: {
action: 'login' | 'signup',
authProvider: string,
},
resendRequest?: boolean,
};
type SendEmailVerificationRequest = {
user: any,
master?: boolean,
};
export interface ParseServerOptions {
/* Your Parse Application ID
@@ -174,18 +190,25 @@ export interface ParseServerOptions {
/* Max file size for uploads, defaults to 20mb
:DEFAULT: 20mb */
maxUploadSize: ?string;
/* Set to `true` to require users to verify their email address to complete the sign-up process. Supports a function with a return value of `true` or `false` for conditional verification.
/* Set to `true` to require users to verify their email address to complete the sign-up process. Supports a function with a return value of `true` or `false` for conditional verification. The function receives a request object that includes `createdWith` to indicate whether the invocation is for `signup` or `login` and the used auth provider.
<br><br>
The `createdWith` values per scenario:
<ul><li>Password signup: `{ action: 'signup', authProvider: 'password' }`</li><li>Auth provider signup: `{ action: 'signup', authProvider: '<provider>' }`</li><li>Password login: `{ action: 'login', authProvider: 'password' }`</li><li>Auth provider login: function not invoked; auth provider login bypasses email verification</li><li>Resend verification email: `createdWith` is `undefined`; use the `resendRequest` property to identify those</li></ul>
Default is `false`.
:DEFAULT: false */
verifyUserEmails: ?(boolean | void);
/* Set to `true` to prevent a user from logging in if the email has not yet been verified and email verification is required.
verifyUserEmails: ?(boolean | (EmailVerificationRequest => boolean | Promise<boolean>));
/* Set to `true` to prevent a user from logging in if the email has not yet been verified and email verification is required. Supports a function with a return value of `true` or `false` for conditional prevention. The function receives a request object that includes `createdWith` to indicate whether the invocation is for `signup` or `login` and the used auth provider.
<br><br>
The `createdWith` values per scenario:
<ul><li>Password signup: `{ action: 'signup', authProvider: 'password' }`</li><li>Auth provider signup: `{ action: 'signup', authProvider: '<provider>' }`</li><li>Password login: `{ action: 'login', authProvider: 'password' }`</li><li>Auth provider login: function not invoked; auth provider login bypasses email verification</li></ul>
Default is `false`.
<br>
Requires option `verifyUserEmails: true`.
:DEFAULT: false */
preventLoginWithUnverifiedEmail: ?boolean;
preventLoginWithUnverifiedEmail: ?(
| boolean
| (EmailVerificationRequest => boolean | Promise<boolean>)
);
/* If set to `true` it prevents a user from signing up if the email has not yet been verified and email verification is required. In that case the server responds to the sign-up with HTTP status 400 and a Parse Error 205 `EMAIL_NOT_FOUND`. If set to `false` the server responds with HTTP status 200, and client SDKs return an unauthenticated Parse User without session token. In that case subsequent requests fail until the user's email address is verified.
<br><br>
Default is `false`.
@@ -214,7 +237,10 @@ export interface ParseServerOptions {
Default is `true`.
<br>
:DEFAULT: true */
sendUserEmailVerification: ?(boolean | void);
sendUserEmailVerification: ?(
| boolean
| (SendEmailVerificationRequest => boolean | Promise<boolean>)
);
/* The account lockout policy for failed login attempts. */
accountLockout: ?AccountLockoutOptions;
/* The password policy for enforcing password related rules. */