Finish implementation of email verification on create

Author: drew-gross

spec/ParseUser.spec.js

@@ -72,7 +72,49 @@ describe('Parse.User testing', () => {
     user.signUp(null, {
       success: function(user) {
         expect(emailAdapter.sendVerificationEmail).toHaveBeenCalled();
+        user.fetch()
+        .then(() => {
+          expect(user.get('emailVerified')).toEqual(false);
+          done();
+        });
+      },
+      error: function(userAgain, error) {
+        fail('Failed to save user');
         done();
+      }
+    });
+  });
+
+  it('does not send verification email if email verification is disabled', done => {
+    var emailAdapter = {
+      sendVerificationEmail: () => Promise.resolve()
+    }
+    setServerConfiguration({
+      serverURL: 'http://localhost:8378/1',
+      appId: 'test',
+      appName: 'unused',
+      javascriptKey: 'test',
+      dotNetKey: 'windows',
+      clientKey: 'client',
+      restAPIKey: 'rest',
+      masterKey: 'test',
+      collectionPrefix: 'test_',
+      fileKey: 'test',
+      verifyUserEmails: false,
+      emailAdapter: emailAdapter,
+    });
+    spyOn(emailAdapter, 'sendVerificationEmail');
+    var user = new Parse.User();
+    user.setPassword("asdf");
+    user.setUsername("zxcv");
+    user.signUp(null, {
+      success: function(user) {
+        user.fetch()
+        .then(() => {
+          expect(emailAdapter.sendVerificationEmail.calls.count()).toEqual(0);
+          expect(user.get('emailVerified')).toEqual(undefined);
+          done();
+        });
       },
       error: function(userAgain, error) {
         fail('Failed to save user');
@@ -81,6 +123,141 @@ describe('Parse.User testing', () => {
     });
   });
 
+  it('receives the app name and user in the adapter', done => {
+    var emailAdapter = {
+      sendVerificationEmail: options => {
+        expect(options.appName).toEqual('emailing app');
+        expect(options.user.get('email')).toEqual('[email protected]');
+        done();
+      }
+    }
+    setServerConfiguration({
+      serverURL: 'http://localhost:8378/1',
+      appId: 'test',
+      appName: 'emailing app',
+      javascriptKey: 'test',
+      dotNetKey: 'windows',
+      clientKey: 'client',
+      restAPIKey: 'rest',
+      masterKey: 'test',
+      collectionPrefix: 'test_',
+      fileKey: 'test',
+      verifyUserEmails: true,
+      emailAdapter: emailAdapter,
+    });
+    var user = new Parse.User();
+    user.setPassword("asdf");
+    user.setUsername("zxcv");
+    user.set('email', '[email protected]');
+    user.signUp(null, {
+      success: () => {},
+      error: function(userAgain, error) {
+        fail('Failed to save user');
+        done();
+      }
+    });
+  })
+
+  it('when you click the link in the email it sets emailVerified to true and redirects you', done => {
+    var user = new Parse.User();
+    var emailAdapter = {
+      sendVerificationEmail: options => {
+        request.get(options.link, {
+          followRedirect: false,
+        }, (error, response, body) => {
+          expect(response.statusCode).toEqual(302);
+          expect(response.body).toEqual('Found. Redirecting to http://localhost:8378/1/verify_email_success.html?username=zxcv');
+          user.fetch()
+          .then(() => {
+            expect(user.get('emailVerified')).toEqual(true);
+            done();
+          });
+        });
+      }
+    }
+    setServerConfiguration({
+      serverURL: 'http://localhost:8378/1',
+      appId: 'test',
+      appName: 'emailing app',
+      javascriptKey: 'test',
+      dotNetKey: 'windows',
+      clientKey: 'client',
+      restAPIKey: 'rest',
+      masterKey: 'test',
+      collectionPrefix: 'test_',
+      fileKey: 'test',
+      verifyUserEmails: true,
+      emailAdapter: emailAdapter,
+    });
+    user.setPassword("asdf");
+    user.setUsername("zxcv");
+    user.set('email', '[email protected]');
+    user.signUp();
+  });
+
+  it('redirects you to invalid link if you try to verify email incorrecly', done => {
+    request.get('http://localhost:8378/1/verify_email', {
+      followRedirect: false,
+    }, (error, response, body) => {
+      expect(response.statusCode).toEqual(302);
+      expect(response.body).toEqual('Found. Redirecting to http://localhost:8378/1/invalid_link.html');
+      done()
+    });
+  });
+
+  it('redirects you to invalid link if you try to validate a nonexistant users email', done => {
+    request.get('http://localhost:8378/1/verify_email?token=asdfasdf&username=sadfasga', {
+      followRedirect: false,
+    }, (error, response, body) => {
+      expect(response.statusCode).toEqual(302);
+      expect(response.body).toEqual('Found. Redirecting to http://localhost:8378/1/invalid_link.html');
+      done();
+    });
+  });
+
+  it('does not update email verified if you use an invalid token', done => {
+    var user = new Parse.User();
+    var emailAdapter = {
+      sendVerificationEmail: options => {
+        request.get('http://localhost:8378/1/verify_email?token=invalid&username=zxcv', {
+          followRedirect: false,
+        }, (error, response, body) => {
+          expect(response.statusCode).toEqual(302);
+          expect(response.body).toEqual('Found. Redirecting to http://localhost:8378/1/invalid_link.html');
+          user.fetch()
+          .then(() => {
+            expect(user.get('emailVerified')).toEqual(false);
+            done();
+          });
+        });
+      }
+    }
+    setServerConfiguration({
+      serverURL: 'http://localhost:8378/1',
+      appId: 'test',
+      appName: 'emailing app',
+      javascriptKey: 'test',
+      dotNetKey: 'windows',
+      clientKey: 'client',
+      restAPIKey: 'rest',
+      masterKey: 'test',
+      collectionPrefix: 'test_',
+      fileKey: 'test',
+      verifyUserEmails: true,
+      emailAdapter: emailAdapter,
+    });
+    user.setPassword("asdf");
+    user.setUsername("zxcv");
+    user.set('email', '[email protected]');
+    user.signUp(null, {
+      success: () => {},
+      error: function(userAgain, error) {
+        fail('Failed to save user');
+        done();
+      }
+    });
+  });
+
   it("user login wrong username", (done) => {
     Parse.User.signUp("asdf", "zxcv", null, {
       success: function(user) {

src/Config.js

@@ -26,6 +26,7 @@ export class Config {
 
     this.verifyUserEmails = cacheInfo.verifyUserEmails;
     this.emailAdapter = cacheInfo.emailAdapter;
+    this.appName = cacheInfo.appName;
 
     this.database = DatabaseAdapter.getDatabaseConnection(applicationId);
     this.filesController = cacheInfo.filesController;

src/RestWrite.js

@@ -405,7 +405,6 @@ RestWrite.prototype.transformUser = function() {
                                 'Account already exists for this username');
         }
         if (this.config.verifyUserEmails && this.data.email) {
-          this.data.emailVerified = false;
           this.data._perishable_token = cryptoUtils.randomString(25);
         }
         return Promise.resolve();

src/Routers/UsersRouter.js

@@ -9,6 +9,7 @@ import Auth           from '../Auth';
 import passwordCrypto from '../password';
 import RestWrite      from '../RestWrite';
 let cryptoUtils = require('../cryptoUtils');
+let triggers = require('../triggers');
 
 export class UsersRouter extends ClassesRouter {
   handleFind(req) {
@@ -28,6 +29,7 @@ export class UsersRouter extends ClassesRouter {
 
     if (req.config.verifyUserEmails) {
       req.body._email_verify_token = cryptoUtils.randomString(25);
+      req.body.emailVerified = false;
     }
 
     let p = super.handleCreate(req);
@@ -39,7 +41,7 @@ export class UsersRouter extends ClassesRouter {
         req.config.emailAdapter.sendVerificationEmail({
           appName: req.config.appName,
           link: link,
-          user: req.auth.user,
+          user: triggers.inflate('_User', req.body),
         });
       });
     }

src/index.js

@@ -147,9 +147,10 @@ function ParseServer({
     oauth: oauth,
     verifyUserEmails: verifyUserEmails,
     emailAdapter: emailAdapter,
+    appName: appName,
   };
 
-  // To maintain compatibility. TODO: Remove in v2.1
+  // To maintain compatibility. TODO: Remove in some version that breaks backwards compatability
   if (process.env.FACEBOOK_APP_ID) {
     cache.apps[appId]['facebookAppIds'].push(process.env.FACEBOOK_APP_ID);
   }
@@ -164,9 +165,11 @@ function ParseServer({
 
   // File handling needs to be before default middlewares are applied
   api.use('/', new FilesRouter().getExpressRouter());
-  api.use('/request_password_reset', passwordReset.reset(appName, appId));
-  api.get('/password_reset_success', passwordReset.success);
-  api.get('/verify_email', verifyEmail);
+  if (process.env.PARSE_EXPERIMENTAL_EMAIL_VERIFICATION_ENABLED || process.env.TESTING == 1) {
+    api.use('/request_password_reset', passwordReset.reset(appName, appId));
+    api.get('/password_reset_success', passwordReset.success);
+    api.get('/verify_email', verifyEmail(appId, serverURL));
+  }
 
   // TODO: separate this from the regular ParseServer object
   if (process.env.TESTING == 1) {

src/verifyEmail.js

@@ -1,43 +1,26 @@
-function verifyEmail (appId) {
+function verifyEmail(appId, serverURL) {
   var DatabaseAdapter = require('./DatabaseAdapter');
   var database = DatabaseAdapter.getDatabaseConnection(appId);
-  return function  (req, res) {
+  return (req, res) => {
     var token = req.query.token;
     var username = req.query.username;
-
-    Promise.resolve()
-    .then(()=>{
-      var error = null;
-      if (!token || !username) {
-        error = "Unable to verify email, check the URL and try again";
-      }
-      return Promise.resolve(error)
-    })
-    .then((error)=>{
-      if (error) {
-        return Promise.resolve(error);
-      }
-      return database.find('_User', {email: username})
-      .then((results)=>{
-        if (!results.length) {
-          return Promise.resolve("Could not find email " + username + " check the URL and try again");
+    if (!token || !username) {
+      res.redirect(302, serverURL + '/invalid_link.html');
+      return;
+    }
+    database.collection('_User').then(coll => {
+      // Need direct database access because verification token is not a parse field
+      coll.findAndModify({
+        username: username,
+        _email_verify_token: token,
+      }, null, {$set: {emailVerified: true}}, (err, doc) => {
+        if (err || !doc.value) {
+          res.redirect(302, serverURL + '/invalid_link.html');
+        } else {
+          res.redirect(302, serverURL + '/verify_email_success.html?username=' + username);
         }
-
-        var user = results[0];
-        return database.update("_User", {email: username}, {emailVerified: true}, {acl:[user.objectId]})
-          .then(()=>Promise.resolve())
-      })
-
-    })
-      .then((error)=>{
-        res.render('email-verified', {
-          email: username,
-          error: error
-        })
-      })
-    .catch(()=>{
-      res.status(404).render('not-found')
-    })
+      });
+    });
   }
 }