kami-parse-server/spec/EmailVerificationToken.spec.js

"use strict";

const request = require('request');
const requestp = require('request-promise');
const Config = require('../src/Config');

describe("Email Verification Token Expiration: ", () => {

  it('show the invalid verification link page, if the user clicks on the verify email link after the email verify token expires', done => {
    var user = new Parse.User();
    var sendEmailOptions;
    var emailAdapter = {
      sendVerificationEmail: options => {
        sendEmailOptions = options;
      },
      sendPasswordResetEmail: () => Promise.resolve(),
      sendMail: () => {}
    }
    reconfigureServer({
      appName: 'emailVerifyToken',
      verifyUserEmails: true,
      emailAdapter: emailAdapter,
      emailVerifyTokenValidityDuration: 0.5, // 0.5 second
      publicServerURL: "http://localhost:8378/1"
    })
      .then(() => {
        user.setUsername("testEmailVerifyTokenValidity");
        user.setPassword("expiringToken");
        user.set('email', 'user@parse.com');
        return user.signUp();
      }).then(() => {
      // wait for 1 second - simulate user behavior to some extent
        setTimeout(() => {
          expect(sendEmailOptions).not.toBeUndefined();

          request.get(sendEmailOptions.link, {
            followRedirect: false,
          }, (error, response) => {
            expect(response.statusCode).toEqual(302);
            expect(response.body).toEqual('Found. Redirecting to http://localhost:8378/1/apps/invalid_verification_link.html?username=testEmailVerifyTokenValidity&appId=test');
            done();
          });
        }, 1000);
      }).catch((err) => {
        jfail(err);
        done();
      });
  });

  it('emailVerified should set to false, if the user does not verify their email before the email verify token expires', done => {
    var user = new Parse.User();
    var sendEmailOptions;
    var emailAdapter = {
      sendVerificationEmail: options => {
        sendEmailOptions = options;
      },
      sendPasswordResetEmail: () => Promise.resolve(),
      sendMail: () => {}
    }
    reconfigureServer({
      appName: 'emailVerifyToken',
      verifyUserEmails: true,
      emailAdapter: emailAdapter,
      emailVerifyTokenValidityDuration: 0.5, // 0.5 second
      publicServerURL: "http://localhost:8378/1"
    })
      .then(() => {
        user.setUsername("testEmailVerifyTokenValidity");
        user.setPassword("expiringToken");
        user.set('email', 'user@parse.com');
        return user.signUp();
      }).then(() => {
      // wait for 1 second - simulate user behavior to some extent
        setTimeout(() => {
          expect(sendEmailOptions).not.toBeUndefined();

          request.get(sendEmailOptions.link, {
            followRedirect: false,
          }, (error, response) => {
            expect(response.statusCode).toEqual(302);
            user.fetch()
              .then(() => {
                expect(user.get('emailVerified')).toEqual(false);
                done();
              })
              .catch(() => {
                jfail(error);
                done();
              });
          });
        }, 1000);
      }).catch((error) => {
        jfail(error);
        done();
      });
  });

  it('if user clicks on the email verify link before email verification token expiration then show the verify email success page', done => {
    var user = new Parse.User();
    var sendEmailOptions;
    var emailAdapter = {
      sendVerificationEmail: options => {
        sendEmailOptions = options;
      },
      sendPasswordResetEmail: () => Promise.resolve(),
      sendMail: () => {}
    }
    reconfigureServer({
      appName: 'emailVerifyToken',
      verifyUserEmails: true,
      emailAdapter: emailAdapter,
      emailVerifyTokenValidityDuration: 5, // 5 seconds
      publicServerURL: "http://localhost:8378/1"
    })
      .then(() => {
        user.setUsername("testEmailVerifyTokenValidity");
        user.setPassword("expiringToken");
        user.set('email', 'user@parse.com');
        return user.signUp();
      }).then(() => {
        request.get(sendEmailOptions.link, {
          followRedirect: false,
        }, (error, response) => {
          expect(response.statusCode).toEqual(302);
          expect(response.body).toEqual('Found. Redirecting to http://localhost:8378/1/apps/verify_email_success.html?username=testEmailVerifyTokenValidity');
          done();
        });
      }).catch((error) => {
        jfail(error);
        done();
      });
  });

  it('if user clicks on the email verify link before email verification token expiration then emailVerified should be true', done => {
    var user = new Parse.User();
    var sendEmailOptions;
    var emailAdapter = {
      sendVerificationEmail: options => {
        sendEmailOptions = options;
      },
      sendPasswordResetEmail: () => Promise.resolve(),
      sendMail: () => {}
    }
    reconfigureServer({
      appName: 'emailVerifyToken',
      verifyUserEmails: true,
      emailAdapter: emailAdapter,
      emailVerifyTokenValidityDuration: 5, // 5 seconds
      publicServerURL: "http://localhost:8378/1"
    })
      .then(() => {
        user.setUsername("testEmailVerifyTokenValidity");
        user.setPassword("expiringToken");
        user.set('email', 'user@parse.com');
        return user.signUp();
      }).then(() => {
        request.get(sendEmailOptions.link, {
          followRedirect: false,
        }, (error, response) => {
          expect(response.statusCode).toEqual(302);
          user.fetch()
            .then(() => {
              expect(user.get('emailVerified')).toEqual(true);
              done();
            })
            .catch((error) => {
              jfail(error);
              done();
            });
        });
      }).catch((error) => {
        jfail(error);
        done();
      });
  });

  it('if user clicks on the email verify link before email verification token expiration then user should be able to login', done => {
    var user = new Parse.User();
    var sendEmailOptions;
    var emailAdapter = {
      sendVerificationEmail: options => {
        sendEmailOptions = options;
      },
      sendPasswordResetEmail: () => Promise.resolve(),
      sendMail: () => {}
    }
    reconfigureServer({
      appName: 'emailVerifyToken',
      verifyUserEmails: true,
      emailAdapter: emailAdapter,
      emailVerifyTokenValidityDuration: 5, // 5 seconds
      publicServerURL: "http://localhost:8378/1"
    })
      .then(() => {
        user.setUsername("testEmailVerifyTokenValidity");
        user.setPassword("expiringToken");
        user.set('email', 'user@parse.com');
        return user.signUp();
      }).then(() => {
        request.get(sendEmailOptions.link, {
          followRedirect: false,
        }, (error, response) => {
          expect(response.statusCode).toEqual(302);
          Parse.User.logIn("testEmailVerifyTokenValidity", "expiringToken")
            .then(user => {
              expect(typeof user).toBe('object');
              expect(user.get('emailVerified')).toBe(true);
              done();
            })
            .catch((error) => {
              jfail(error);
              done();
            });
        });
      }).catch((error) => {
        jfail(error);
        done();
      });
  });

  it('sets the _email_verify_token_expires_at and _email_verify_token fields after user SignUp', done => {
    var user = new Parse.User();
    var sendEmailOptions;
    var emailAdapter = {
      sendVerificationEmail: options => {
        sendEmailOptions = options;
      },
      sendPasswordResetEmail: () => Promise.resolve(),
      sendMail: () => {}
    }
    reconfigureServer({
      appName: 'emailVerifyToken',
      verifyUserEmails: true,
      emailAdapter: emailAdapter,
      emailVerifyTokenValidityDuration: 5, // 5 seconds
      publicServerURL: 'http://localhost:8378/1'
    })
      .then(() => {
        user.setUsername('sets_email_verify_token_expires_at');
        user.setPassword('expiringToken');
        user.set('email', 'user@parse.com');
        return user.signUp();
      })
      .then(() => {
        const config = Config.get('test');
        return config.database.find('_User', {username: 'sets_email_verify_token_expires_at'});
      })
      .then(results => {
        expect(results.length).toBe(1);
        const user = results[0];
        expect(typeof user).toBe('object');
        expect(user.emailVerified).toEqual(false);
        expect(typeof user._email_verify_token).toBe('string');
        expect(typeof user._email_verify_token_expires_at).toBe('object');
        expect(sendEmailOptions).toBeDefined();
        done();
      })
      .catch(error => {
        jfail(error);
        done();
      });
  });

  it('unsets the _email_verify_token_expires_at and _email_verify_token fields in the User class if email verification is successful', done => {
    var user = new Parse.User();
    var sendEmailOptions;
    var emailAdapter = {
      sendVerificationEmail: options => {
        sendEmailOptions = options;
      },
      sendPasswordResetEmail: () => Promise.resolve(),
      sendMail: () => {}
    }
    reconfigureServer({
      appName: 'emailVerifyToken',
      verifyUserEmails: true,
      emailAdapter: emailAdapter,
      emailVerifyTokenValidityDuration: 5, // 5 seconds
      publicServerURL: "http://localhost:8378/1"
    })
      .then(() => {
        user.setUsername("unsets_email_verify_token_expires_at");
        user.setPassword("expiringToken");
        user.set('email', 'user@parse.com');
        return user.signUp();
      })
      .then(() => {
        request.get(sendEmailOptions.link, {
          followRedirect: false,
        }, (error, response) => {
          expect(response.statusCode).toEqual(302);
          const config = Config.get('test');
          return config.database.find('_User', {username: 'unsets_email_verify_token_expires_at'}).then((results) => {
            expect(results.length).toBe(1);
            return results[0];
          })
            .then(user => {
              expect(typeof user).toBe('object');
              expect(user.emailVerified).toEqual(true);
              expect(typeof user._email_verify_token).toBe('undefined');
              expect(typeof user._email_verify_token_expires_at).toBe('undefined');
              done();
            })
            .catch(error => {
              jfail(error);
              done();
            });
        });
      })
      .catch(error => {
        jfail(error);
        done();
      });
  });

  it('clicking on the email verify link by an email VERIFIED user that was setup before enabling the expire email verify token should show email verify email success', done => {
    var user = new Parse.User();
    var sendEmailOptions;
    var emailAdapter = {
      sendVerificationEmail: options => {
        sendEmailOptions = options;
      },
      sendPasswordResetEmail: () => Promise.resolve(),
      sendMail: () => {}
    }
    var serverConfig = {
      appName: 'emailVerifyToken',
      verifyUserEmails: true,
      emailAdapter: emailAdapter,
      publicServerURL: "http://localhost:8378/1"
    };

    // setup server WITHOUT enabling the expire email verify token flag
    reconfigureServer(serverConfig)
      .then(() => {
        user.setUsername("testEmailVerifyTokenValidity");
        user.setPassword("expiringToken");
        user.set('email', 'user@parse.com');
        return user.signUp();
      })
      .then(() => {
        return new Promise((resolve, reject) => {
          request.get(sendEmailOptions.link, { followRedirect: false, })
            .on('error', error => reject(error))
            .on('response', (response) => {
              expect(response.statusCode).toEqual(302);
              resolve(user.fetch());
            });
        });
      })
      .then(() => {
        expect(user.get('emailVerified')).toEqual(true);
        // RECONFIGURE the server i.e., ENABLE the expire email verify token flag
        serverConfig.emailVerifyTokenValidityDuration = 5; // 5 seconds
        return reconfigureServer(serverConfig);
      })
      .then(() => {
        request.get(sendEmailOptions.link, {
          followRedirect: false,
        }, (error, response) => {
          expect(response.statusCode).toEqual(302);
          expect(response.body).toEqual('Found. Redirecting to http://localhost:8378/1/apps/verify_email_success.html?username=testEmailVerifyTokenValidity');
          done();
        });
      })
      .catch((error) => {
        jfail(error);
        done();
      });
  });

  it('clicking on the email verify link by an email UNVERIFIED user that was setup before enabling the expire email verify token should show invalid verficiation link page', done => {
    var user = new Parse.User();
    var sendEmailOptions;
    var emailAdapter = {
      sendVerificationEmail: options => {
        sendEmailOptions = options;
      },
      sendPasswordResetEmail: () => Promise.resolve(),
      sendMail: () => {}
    }
    var serverConfig = {
      appName: 'emailVerifyToken',
      verifyUserEmails: true,
      emailAdapter: emailAdapter,
      publicServerURL: "http://localhost:8378/1"
    };

    // setup server WITHOUT enabling the expire email verify token flag
    reconfigureServer(serverConfig)
      .then(() => {
        user.setUsername("testEmailVerifyTokenValidity");
        user.setPassword("expiringToken");
        user.set('email', 'user@parse.com');
        return user.signUp();
      })
      .then(() => {
      // just get the user again - DO NOT email verify the user
        return user.fetch();
      })
      .then(() => {
        expect(user.get('emailVerified')).toEqual(false);
        // RECONFIGURE the server i.e., ENABLE the expire email verify token flag
        serverConfig.emailVerifyTokenValidityDuration = 5; // 5 seconds
        return reconfigureServer(serverConfig);
      })
      .then(() => {
        request.get(sendEmailOptions.link, {
          followRedirect: false,
        }, (error, response) => {
          expect(response.statusCode).toEqual(302);
          expect(response.body).toEqual('Found. Redirecting to http://localhost:8378/1/apps/invalid_verification_link.html?username=testEmailVerifyTokenValidity&appId=test');
          done();
        });
      })
      .catch((error) => {
        jfail(error);
        done();
      });
  });

  it('setting the email on the user should set a new email verification token and new expiration date for the token when expire email verify token flag is set', done => {

    const user = new Parse.User();
    let userBeforeEmailReset;

    let sendEmailOptions;
    const emailAdapter = {
      sendVerificationEmail: options => {
        sendEmailOptions = options;
      },
      sendPasswordResetEmail: () => Promise.resolve(),
      sendMail: () => {}
    };
    const serverConfig = {
      appName: 'emailVerifyToken',
      verifyUserEmails: true,
      emailAdapter: emailAdapter,
      emailVerifyTokenValidityDuration: 5, // 5 seconds
      publicServerURL: "http://localhost:8378/1"
    };

    reconfigureServer(serverConfig)
      .then(() => {
        user.setUsername("newEmailVerifyTokenOnEmailReset");
        user.setPassword("expiringToken");
        user.set('email', 'user@parse.com');
        return user.signUp();
      })
      .then(() => {
        const config = Config.get('test');
        return config.database.find('_User', {username: 'newEmailVerifyTokenOnEmailReset'}).then((results) => {
          return results[0];
        });
      })
      .then(userFromDb => {
        expect(typeof userFromDb).toBe('object');
        userBeforeEmailReset = userFromDb;

        // trigger another token generation by setting the email
        user.set('email', 'user@parse.com');
        return new Promise((resolve) => {
        // wait for half a sec to get a new expiration time
          setTimeout(() => resolve(user.save()), 500);
        });
      })
      .then(() => {
        const config = Config.get('test');
        return config.database.find('_User', {username: 'newEmailVerifyTokenOnEmailReset'}).then((results) => {
          return results[0];
        });
      })
      .then(userAfterEmailReset => {
        expect(typeof userAfterEmailReset).toBe('object');
        expect(userBeforeEmailReset._email_verify_token).not.toEqual(userAfterEmailReset._email_verify_token);
        expect(userBeforeEmailReset._email_verify_token_expires_at).not.toEqual(userAfterEmailReset.__email_verify_token_expires_at);
        expect(sendEmailOptions).toBeDefined();
        done();
      })
      .catch((error) => {
        jfail(error);
        done();
      });
  });

  it('should send a new verification email when a resend is requested and the user is UNVERIFIED', done => {
    var user = new Parse.User();
    var sendEmailOptions;
    var sendVerificationEmailCallCount = 0;
    var emailAdapter = {
      sendVerificationEmail: options => {
        sendEmailOptions = options;
        sendVerificationEmailCallCount++;
      },
      sendPasswordResetEmail: () => Promise.resolve(),
      sendMail: () => {}
    }
    reconfigureServer({
      appName: 'emailVerifyToken',
      verifyUserEmails: true,
      emailAdapter: emailAdapter,
      emailVerifyTokenValidityDuration: 5, // 5 seconds
      publicServerURL: 'http://localhost:8378/1'
    })
      .then(() => {
        user.setUsername('resends_verification_token');
        user.setPassword('expiringToken');
        user.set('email', 'user@parse.com');
        return user.signUp();
      })
      .then(() => {
        expect(sendVerificationEmailCallCount).toBe(1);

        return requestp.post({
          uri: 'http://localhost:8378/1/verificationEmailRequest',
          body: {
            email: 'user@parse.com'
          },
          headers: {
            'X-Parse-Application-Id': Parse.applicationId,
            'X-Parse-REST-API-Key': 'rest',
          },
          json: true,
          resolveWithFullResponse: true,
          simple: false // this promise is only rejected if the call itself failed
        })
          .then((response) => {
            expect(response.statusCode).toBe(200);
            expect(sendVerificationEmailCallCount).toBe(2);
            expect(sendEmailOptions).toBeDefined();
            done();
          });
      })
      .catch(error => {
        jfail(error);
        done();
      });
  });

  it('should not send a new verification email when a resend is requested and the user is VERIFIED', done => {
    var user = new Parse.User();
    var sendEmailOptions;
    var sendVerificationEmailCallCount = 0;
    var emailAdapter = {
      sendVerificationEmail: options => {
        sendEmailOptions = options;
        sendVerificationEmailCallCount++;
      },
      sendPasswordResetEmail: () => Promise.resolve(),
      sendMail: () => {}
    }
    reconfigureServer({
      appName: 'emailVerifyToken',
      verifyUserEmails: true,
      emailAdapter: emailAdapter,
      emailVerifyTokenValidityDuration: 5, // 5 seconds
      publicServerURL: 'http://localhost:8378/1'
    })
      .then(() => {
        user.setUsername('no_new_verification_token_once_verified');
        user.setPassword('expiringToken');
        user.set('email', 'user@parse.com');
        return user.signUp();
      })
      .then(() => {
        return requestp.get({
          url: sendEmailOptions.link,
          followRedirect: false,
          resolveWithFullResponse: true,
          simple: false
        })
          .then((response) => {
            expect(response.statusCode).toEqual(302);
          });
      })
      .then(() => {
        expect(sendVerificationEmailCallCount).toBe(1);

        return requestp.post({
          uri: 'http://localhost:8378/1/verificationEmailRequest',
          body: {
            email: 'user@parse.com'
          },
          headers: {
            'X-Parse-Application-Id': Parse.applicationId,
            'X-Parse-REST-API-Key': 'rest',
          },
          json: true,
          resolveWithFullResponse: true,
          simple: false // this promise is only rejected if the call itself failed
        })
          .then((response) => {
            expect(response.statusCode).toBe(400);
            expect(sendVerificationEmailCallCount).toBe(1);
            done();
          });
      })
      .catch(error => {
        jfail(error);
        done();
      });
  });

  it('should not send a new verification email if this user does not exist', done => {
    var sendEmailOptions;
    var sendVerificationEmailCallCount = 0;
    var emailAdapter = {
      sendVerificationEmail: options => {
        sendEmailOptions = options;
        sendVerificationEmailCallCount++;
      },
      sendPasswordResetEmail: () => Promise.resolve(),
      sendMail: () => {}
    }
    reconfigureServer({
      appName: 'emailVerifyToken',
      verifyUserEmails: true,
      emailAdapter: emailAdapter,
      emailVerifyTokenValidityDuration: 5, // 5 seconds
      publicServerURL: 'http://localhost:8378/1'
    })
      .then(() => {
        return requestp.post({
          uri: 'http://localhost:8378/1/verificationEmailRequest',
          body: {
            email: 'user@parse.com'
          },
          headers: {
            'X-Parse-Application-Id': Parse.applicationId,
            'X-Parse-REST-API-Key': 'rest',
          },
          json: true,
          resolveWithFullResponse: true,
          simple: false
        })
          .then(response => {
            expect(response.statusCode).toBe(400);
            expect(sendVerificationEmailCallCount).toBe(0);
            expect(sendEmailOptions).not.toBeDefined();
            done();
          });
      })
      .catch(error => {
        jfail(error);
        done();
      });
  });

  it('should fail if no email is supplied', done => {
    var sendEmailOptions;
    var sendVerificationEmailCallCount = 0;
    var emailAdapter = {
      sendVerificationEmail: options => {
        sendEmailOptions = options;
        sendVerificationEmailCallCount++;
      },
      sendPasswordResetEmail: () => Promise.resolve(),
      sendMail: () => {}
    }
    reconfigureServer({
      appName: 'emailVerifyToken',
      verifyUserEmails: true,
      emailAdapter: emailAdapter,
      emailVerifyTokenValidityDuration: 5, // 5 seconds
      publicServerURL: 'http://localhost:8378/1'
    })
      .then(() => {
        request.post({
          uri: 'http://localhost:8378/1/verificationEmailRequest',
          body: {},
          headers: {
            'X-Parse-Application-Id': Parse.applicationId,
            'X-Parse-REST-API-Key': 'rest',
          },
          json: true,
          resolveWithFullResponse: true,
          simple: false
        }, (err, response) => {
          expect(response.statusCode).toBe(400);
          expect(response.body.code).toBe(Parse.Error.EMAIL_MISSING);
          expect(response.body.error).toBe('you must provide an email');
          expect(sendVerificationEmailCallCount).toBe(0);
          expect(sendEmailOptions).not.toBeDefined();
          done();
        });
      })
      .catch(error => {
        jfail(error);
        done();
      });
  });

  it('should fail if email is not a string', done => {
    var sendEmailOptions;
    var sendVerificationEmailCallCount = 0;
    var emailAdapter = {
      sendVerificationEmail: options => {
        sendEmailOptions = options;
        sendVerificationEmailCallCount++;
      },
      sendPasswordResetEmail: () => Promise.resolve(),
      sendMail: () => {}
    }
    reconfigureServer({
      appName: 'emailVerifyToken',
      verifyUserEmails: true,
      emailAdapter: emailAdapter,
      emailVerifyTokenValidityDuration: 5, // 5 seconds
      publicServerURL: 'http://localhost:8378/1'
    })
      .then(() => {
        request.post({
          uri: 'http://localhost:8378/1/verificationEmailRequest',
          body: {email: 3},
          headers: {
            'X-Parse-Application-Id': Parse.applicationId,
            'X-Parse-REST-API-Key': 'rest',
          },
          json: true,
          resolveWithFullResponse: true,
          simple: false
        }, (err, response) => {
          expect(response.statusCode).toBe(400);
          expect(response.body.code).toBe(Parse.Error.INVALID_EMAIL_ADDRESS);
          expect(response.body.error).toBe('you must provide a valid email string');
          expect(sendVerificationEmailCallCount).toBe(0);
          expect(sendEmailOptions).not.toBeDefined();
          done();
        });
      })
      .catch(error => {
        jfail(error);
        done();
      });
  });

  it('client should not see the _email_verify_token_expires_at field', done => {
    var user = new Parse.User();
    var sendEmailOptions;
    var emailAdapter = {
      sendVerificationEmail: options => {
        sendEmailOptions = options;
      },
      sendPasswordResetEmail: () => Promise.resolve(),
      sendMail: () => {}
    }
    reconfigureServer({
      appName: 'emailVerifyToken',
      verifyUserEmails: true,
      emailAdapter: emailAdapter,
      emailVerifyTokenValidityDuration: 5, // 5 seconds
      publicServerURL: "http://localhost:8378/1"
    })
      .then(() => {
        user.setUsername("testEmailVerifyTokenValidity");
        user.setPassword("expiringToken");
        user.set('email', 'user@parse.com');
        return user.signUp();
      })
      .then(() => {

        user.fetch()
          .then(() => {
            expect(user.get('emailVerified')).toEqual(false);
            expect(typeof user.get('_email_verify_token_expires_at')).toBe('undefined');
            expect(sendEmailOptions).toBeDefined();
            done();
          })
          .catch(error => {
            jfail(error);
            done();
          });

      }).catch((error) => {
        jfail(error);
        done();
      });
  });

})