fix: Parse Server option emailVerifyTokenReuseIfValid: true generates new token on every email verification request (#8885)

mtrezza · web-flow · commit 0023ce448a5e · 2024-01-14T01:37:20.000+01:00
diff --git a/spec/EmailVerificationToken.spec.js b/spec/EmailVerificationToken.spec.js
@@ -897,7 +897,7 @@ describe('Email Verification Token Expiration: ', () => {
     const config = Config.get('test');
     const [userBeforeRequest] = await config.database.find('_User', {
       username: 'resends_verification_token',
-    });
+    }, {}, Auth.maintenance(config));
     // store this user before we make our email request
     expect(sendVerificationEmailCallCount).toBe(1);
     await new Promise(resolve => {
@@ -923,14 +923,14 @@ describe('Email Verification Token Expiration: ', () => {
 
     const [userAfterRequest] = await config.database.find('_User', {
       username: 'resends_verification_token',
-    });
+    }, {}, Auth.maintenance(config));
 
-    // verify that our token & expiration has been changed for this new request
+    // Verify that token & expiration haven't been changed for this new request
     expect(typeof userAfterRequest).toBe('object');
+    expect(userBeforeRequest._email_verify_token).toBeDefined();
     expect(userBeforeRequest._email_verify_token).toEqual(userAfterRequest._email_verify_token);
-    expect(userBeforeRequest._email_verify_token_expires_at).toEqual(
-      userAfterRequest._email_verify_token_expires_at
-    );
+    expect(userBeforeRequest._email_verify_token_expires_at).toBeDefined();
+    expect(userBeforeRequest._email_verify_token_expires_at).toEqual(userAfterRequest._email_verify_token_expires_at);
     done();
   });
 
diff --git a/src/Controllers/UserController.js b/src/Controllers/UserController.js
@@ -209,7 +209,7 @@ export class UserController extends AdaptableController {
       _email_verify_token &&
       new Date() < new Date(_email_verify_token_expires_at)
     ) {
-      return Promise.resolve();
+      return Promise.resolve(true);
     }
     const shouldSend = await this.setEmailVerifyToken(user, {
       object: Parse.User.fromJSON(Object.assign({ className: '_User' }, user)),
diff --git a/src/Routers/UsersRouter.js b/src/Routers/UsersRouter.js
@@ -476,7 +476,7 @@ export class UsersRouter extends ClassesRouter {
       );
     }
 
-    const results = await req.config.database.find('_User', { email: email });
+    const results = await req.config.database.find('_User', { email: email }, {}, Auth.maintenance(req.config));
     if (!results.length || results.length < 1) {
       throw new Parse.Error(Parse.Error.EMAIL_NOT_FOUND, `No user found with email ${email}`);
     }

Original file line number	Diff line number	Diff line change
`@@ -209,7 +209,7 @@ export class UserController extends AdaptableController {`
`209`	`209`	`_email_verify_token &&`
`210`	`210`	`new Date() < new Date(_email_verify_token_expires_at)`
`211`	`211`	`) {`
`212`		`- return Promise.resolve();`
	`212`	`+ return Promise.resolve(true);`
`213`	`213`	`}`
`214`	`214`	`const shouldSend = await this.setEmailVerifyToken(user, {`
`215`	`215`	`object: Parse.User.fromJSON(Object.assign({ className: '_User' }, user)),`
Original file line number	Diff line number	Diff line change
`@@ -476,7 +476,7 @@ export class UsersRouter extends ClassesRouter {`
`476`	`476`	`);`
`477`	`477`	`}`
`478`	`478`
`479`		`- const results = await req.config.database.find('_User', { email: email });`
	`479`	`+ const results = await req.config.database.find('_User', { email: email }, {}, Auth.maintenance(req.config));`
`480`	`480`	`if (!results.length \|\| results.length < 1) {`
`481`	`481`	throw new Parse.Error(Parse.Error.EMAIL_NOT_FOUND, `No user found with email ${email}`);
`482`	`482`	`}`