Add support for resending verification email in case of expired token #3617
Conversation
…that will generate a new email verification link and email for a user identified by username in POST body -Add template and url support for invalidVerificationLink, linkSendSuccess, and linkSendFail pages. The invalidVerificationLink pages includes a button that allows the user to generate a new verification email if their current token has expired, using the new public API route -All three pages have default html that will be functional out of the box, but they can be customized in the customPages object. The custom page for invalidVerificationLink needs to handle the extraction of the username and appId from the url and the POST to generate the new link (this requires javascript) -Clicking a link for an email that has already been verified now routes to the emailVerifySuccess page instead of the invalidLink page
Implementation for allowing link resend when it's invalid.
cmmills91
changed the title
|
@cmmills91 Thanks for the great pull request! Love that feature! Can you address the issues with the lint? you can run locally with I'll start the review after! |
|
@cmmills91 updated the pull request - view changes |
|
Should I adjust unit tests as well? Looks like they're making CI tests fail |
|
Yup seems like some tests are failing now: https://travis-ci.org/ParsePlatform/parse-server/jobs/210725165#L838 |
|
@cmmills91 updated the pull request - view changes |
1 similar comment
|
@cmmills91 updated the pull request - view changes |
| @@ -0,0 +1,68 @@ | |||
| <!DOCTYPE html> | |||
| <!-- This page is displayed when someone navigates to a verify email or reset password link | |||
There was a problem hiding this comment.
not sure we should keep those comments, when serving the files
There was a problem hiding this comment.
Do you mean removing the comments from the html file entirely or is there some kind of general solution the can remove comments from the file before being sent back?
The existing invalid_link.html file already has similar set of comments (in fact, the exact same comments that appear in these files since I just copied over the contents of invalid_link and made a few alterations 😅 )
There was a problem hiding this comment.
I'm going to edit the comments on the pages to be more relevant though
| @@ -359,7 +359,7 @@ describe("Email Verification Token Expiration: ", () => { | |||
| followRedirect: false, | |||
| }, (error, response) => { | |||
| expect(response.statusCode).toEqual(302); | |||
| expect(response.body).toEqual('Found. Redirecting to http://localhost:8378/1/apps/invalid_link.html'); | |||
| expect(response.body).toEqual('Found. Redirecting to http://localhost:8378/1/apps/verify_email_success.html?username=testEmailVerifyTokenValidity'); | |||
There was a problem hiding this comment.
not sure we should change that page.
There was a problem hiding this comment.
I think it makes more sense to direct a user that page than the invalid_link or invalid_verification_link page. I made the change based on clicking on a few verification links in my inbox (that I had already verified) and more than half of them did showed the success page (small sample size though)
src/Controllers/UserController.js
Outdated
| @@ -134,6 +141,19 @@ export class UserController extends AdaptableController { | |||
| }); | |||
| } | |||
|
|
|||
| resendVerificationEmail(username) { | |||
| var self = this; | |||
There was a problem hiding this comment.
no need for self, if you're using arrow functions.
src/Controllers/UserController.js
Outdated
| throw undefined; | ||
| } | ||
| self.setEmailVerifyToken(aUser); | ||
| return self.config.database.update('_User', {username}, aUser).then(function() { |
There was a problem hiding this comment.
replace function() by () => and remove self
src/Routers/PublicAPIRouter.js
Outdated
| if (req.query.username && req.params.appId) { | ||
| return Promise.resolve({ | ||
| status: 302, | ||
| location: req.config.invalidVerificationLinkURL + '?username=' + req.query.username + '&appId=' + req.params.appId |
There was a problem hiding this comment.
can we use a template string?
src/Routers/PublicAPIRouter.js
Outdated
| @@ -140,6 +179,10 @@ export class PublicAPIRouter extends PromiseRouter { | |||
| req => { this.setConfig(req) }, | |||
| req => { return this.verifyEmail(req); }); | |||
|
|
|||
| this.route('POST', '/apps/:appId/resend_verification_email', | |||
| req => {this.setConfig(req) }, | |||
There was a problem hiding this comment.
space beween { and this
There was a problem hiding this comment.
add ; after this.setConfig(req)
src/Controllers/UserController.js
Outdated
| return this.config.database.update('_User', query, updateFields).then((document) => { | ||
| if (!document) { | ||
| throw undefined; | ||
| var self = this; |
There was a problem hiding this comment.
remove self, and replace function() by () => (arrow functions)
|
I just had a few nits here and there, otherwise that looks great! |
…emplate to construct location for invalidVerificationLink page, syntax fixes
|
@cmmills91 updated the pull request - view changes |
|
@cmmills91 updated the pull request - view changes |
public_html/link_send_fail.html
Outdated
| <!-- This page is displayed when someone navigates to a verify email link with an invalid | ||
| security token and requests a link resend. This page is displayed when the username from | ||
| the original link is invalid or if the email of that user has already been verfieid when | ||
| the resend request is made |
|
@cmmills91 sorry for the delay to get that one in, thanks for your contribution! |
Defines new public API route /apps/:appId/resend_verification_email that will generate a new email verification link and email for a user identified by username in POST body
Add default template and url support for invalid_verification_link, link_send_success, and link_send_fail pages. The invalid_verification_link page includes a button that allows the user to generate a new verification email if their current token has expired, using the new public API route
All three pages have default html that will be functional "out of the box", but they can be customized in the customPages object. The custom page for invalidVerificationLink needs to handle the extraction of the username and appId from the url and the POST to generate the new link (this requires javascript)
Clicking a link for an email that has already been verified now routes to the emailVerifySuccess page instead of the invalidLink page