Add Email Verification and Verify Password (#1144)

* Add missing methods from user routes

* Remove unsafe current user

* Refactor verifyPassword

* Add static method test for verifyPassword

* fix conflicts

Co-authored-by: Diamond Lewis <[email protected]>

Author: JeromeDeLeon

integration/test/ParseUserTest.js

@@ -936,6 +936,34 @@ describe('Parse User', () => {
     expect(user.get('authData').facebook.id).toBe('test');
   });
 
+  it('can verify user password via static method', async () => {
+    await Parse.User.signUp('asd123', 'xyz123');
+    const res = await Parse.User.verifyPassword('asd123', 'xyz123');
+    expect(typeof res).toBe('object');
+    expect(res.username).toBe('asd123');
+
+    try {
+      await Parse.User.verifyPassword('asd123', 'wrong password');
+    } catch (error) {
+      expect(error.code).toBe(101);
+      expect(error.message).toBe('Invalid username/password.');
+    }
+  });
+
+  it('can verify user password via instance method', async () => {
+    const user = await Parse.User.signUp('asd123', 'xyz123');
+    const res = await user.verifyPassword('xyz123');
+    expect(typeof res).toBe('object');
+    expect(res.username).toBe('asd123');
+
+    try {
+      await user.verifyPassword('wrong password');
+    } catch (error) {
+      expect(error.code).toBe(101);
+      expect(error.message).toBe('Invalid username/password.');
+    }
+  });
+
   it('can encrypt user', async () => {
     Parse.User.enableUnsafeCurrentUser();
     Parse.enableEncryptedUser();

src/CoreManager.js

@@ -132,6 +132,8 @@ type UserController = {
   upgradeToRevocableSession: (user: ParseUser, options: RequestOptions) => Promise;
   linkWith: (user: ParseUser, authData: AuthData) => Promise;
   removeUserFromDisk: () => Promise;
+  verifyPassword: (username: string, password: string, options: RequestOptions) => Promise;
+  requestEmailVerification: (email: string, options: RequestOptions) => Promise;
 };
 type HooksController = {
   get: (type: string, functionName?: string, triggerName?: string) => Promise;
@@ -417,6 +419,8 @@ module.exports = {
       'me',
       'requestPasswordReset',
       'upgradeToRevocableSession',
+      'requestEmailVerification',
+      'verifyPassword',
       'linkWith',
     ], controller);
     config['UserController'] = controller;

src/ParseUser.js

@@ -506,6 +506,20 @@ class ParseUser extends ParseObject {
     });
   }
 
+  /**
+   * Verify whether a given password is the password of the current user.
+   *
+   * @param {String} password A password to be verified
+   * @param {Object} options
+   * @return {Promise} A promise that is fulfilled with a user
+   *  when the password is correct.
+   */
+  verifyPassword(password: string, options?: RequestOptions): Promise<ParseUser> {
+    const username = this.getUsername() || '';
+
+    return ParseUser.verifyPassword(username, password, options);
+  }
+
   static readOnlyAttributes() {
     return ['sessionToken'];
   }
@@ -761,6 +775,69 @@ class ParseUser extends ParseObject {
     );
   }
 
+  /**
+   * Request an email verification.
+   *
+   * <p>Calls options.success or options.error on completion.</p>
+   *
+   * @param {String} email The email address associated with the user that
+   *     forgot their password.
+   * @param {Object} options
+   * @static
+   * @returns {Promise}
+   */
+  static requestEmailVerification(email: string, options?: RequestOptions) {
+    options = options || {};
+
+    const requestOptions = {};
+    if (options.hasOwnProperty('useMasterKey')) {
+      requestOptions.useMasterKey = options.useMasterKey;
+    }
+
+    const controller = CoreManager.getUserController();
+    return controller.requestEmailVerification(email, requestOptions);
+  }
+
+  /**
+   * Verify whether a given password is the password of the current user.
+   *
+   * @param {String} username  A username to be used for identificaiton
+   * @param {String} password A password to be verified
+   * @param {Object} options
+   * @static
+   * @returns {Promise} A promise that is fulfilled with a user
+   *  when the password is correct.
+   */
+  static verifyPassword(username: string, password: string, options?: RequestOptions) {
+    if (typeof username !== 'string') {
+      return Promise.reject(
+        new ParseError(
+          ParseError.OTHER_CAUSE,
+          'Username must be a string.'
+        )
+      );
+    }
+
+    if (typeof password !== 'string') {
+      return Promise.reject(
+        new ParseError(
+          ParseError.OTHER_CAUSE,
+          'Password must be a string.'
+        )
+      );
+    }
+
+    options = options || {};
+
+    const verificationOption = {};
+    if (options.hasOwnProperty('useMasterKey')) {
+      verificationOption.useMasterKey = options.useMasterKey;
+    }
+
+    const controller = CoreManager.getUserController();
+    return controller.verifyPassword(username, password, verificationOption);
+  }
+
   /**
    * Allow someone to define a custom User class without className
    * being rewritten to _User. The default behavior is to rewrite
@@ -1160,6 +1237,26 @@ const DefaultController = {
       }
       return user;
     });
+  },
+
+  verifyPassword(username: string, password: string, options: RequestOptions) {
+    const RESTController = CoreManager.getRESTController();
+    return RESTController.request(
+      'GET',
+      'verifyPassword',
+      { username, password },
+      options
+    );
+  },
+
+  requestEmailVerification(email: string, options: RequestOptions) {
+    const RESTController = CoreManager.getRESTController();
+    return RESTController.request(
+      'POST',
+      'verificationEmailRequest',
+      { email: email },
+      options
+    );
   }
 };
 

src/__tests__/ParseUser-test.js

@@ -1201,4 +1201,55 @@ describe('ParseUser', () => {
     expect(user.isCurrent()).toBe(false);
     expect(user.existed()).toBe(true);
   });
+
+  it('can verify user password', async () => {
+    ParseUser.enableUnsafeCurrentUser();
+    ParseUser._clearCache();
+    CoreManager.setRESTController({
+      request() {
+        return Promise.resolve({
+          objectId: 'uid2',
+          username: 'username',
+          sessionToken: '123abc'
+        }, 200);
+      },
+      ajax() {}
+    });
+    const user = await ParseUser.verifyPassword('username', 'password');
+    expect(user.objectId).toBe('uid2');
+    expect(user.username).toBe('username');
+
+    CoreManager.setRESTController({
+      request() {
+        const parseError = new ParseError(
+          ParseError.OBJECT_NOT_FOUND,
+          'Invalid username/password.'
+        );
+        return Promise.reject(parseError);
+      },
+      ajax() {}
+    });
+
+    try {
+      await ParseUser.verifyPassword('username','wrong password');
+    } catch(error) {
+      expect(error.code).toBe(101);
+      expect(error.message).toBe('Invalid username/password.');
+    }
+  });
+
+  it('can send an email verification request', () => {
+    CoreManager.setRESTController({
+      request(method, path, body) {
+        expect(method).toBe('POST');
+        expect(path).toBe("verificationEmailRequest");
+        expect(body).toEqual({ email: "[email protected]" });
+
+        return Promise.resolve({}, 200);
+      },
+      ajax() {}
+    });
+
+    ParseUser.requestEmailVerification("[email protected]");
+  });
 });

src/__tests__/RESTController-test.js

@@ -287,6 +287,8 @@ describe('RESTController', () => {
       requestPasswordReset() {},
       upgradeToRevocableSession() {},
       linkWith() {},
+      requestEmailVerification() {},
+      verifyPassword() {},
     });
 
     const xhr = {
@@ -323,6 +325,8 @@ describe('RESTController', () => {
       requestPasswordReset() {},
       upgradeToRevocableSession() {},
       linkWith() {},
+      requestEmailVerification() {},
+      verifyPassword() {},
     });
 
     const xhr = {