make verifyEmail public, use firebase admin

Author: fehmer

backend/src/api/controllers/user.ts

@@ -85,6 +85,7 @@ import {
   UpdateUserNameRequest,
   UpdateUserProfileRequest,
   UpdateUserProfileResponse,
+  VerifyEmailRequest,
 } from "@monkeytype/contracts/users";
 import { MILLISECONDS_IN_DAY } from "@monkeytype/util/date-and-time";
 import { MonkeyRequest } from "../types";
@@ -241,9 +242,30 @@ export async function sendVerificationEmail(
   return new MonkeyResponse("Email sent", null);
 }
 
-export async function verifyEmail(req: MonkeyRequest): Promise<MonkeyResponse> {
-  const { uid, email, emailVerified } = req.ctx.decodedToken;
-  await UserDAL.updateEmail(uid, email, emailVerified);
+export async function verifyEmail(
+  req: MonkeyRequest<undefined, VerifyEmailRequest>
+): Promise<MonkeyResponse> {
+  const { email } = req.body;
+
+  const { data: firebaseUser } = await tryCatch(
+    FirebaseAdmin().auth().getUserByEmail(email)
+  );
+
+  if (firebaseUser === undefined || firebaseUser === null) {
+    throw new MonkeyError(404, "not found", "verify email");
+  }
+
+  await UserDAL.updateEmail(
+    firebaseUser.uid,
+    email,
+    firebaseUser.emailVerified
+  );
+
+  void addImportantLog(
+    "user_verify_email",
+    `emailVerified changed to ${firebaseUser.emailVerified} for email ${email}`,
+    firebaseUser.uid
+  );
 
   return new MonkeyResponse("emailVerify updated.", null);
 }
@@ -616,13 +638,13 @@ export async function getUser(req: MonkeyRequest): Promise<GetUserResponse> {
   // soft-migrate user.emailVerified for existing users, update status if it has changed
   const { email, emailVerified } = req.ctx.decodedToken;
   if (emailVerified !== undefined && emailVerified !== userInfo.emailVerified) {
+    await UserDAL.updateEmail(uid, email, emailVerified);
+    userInfo.emailVerified = emailVerified;
     void addImportantLog(
       "user_verify_email",
-      `emailVerified changed to ${emailVerified} for email ${email}`,
+      `soft-migrate emailVerified changed to ${emailVerified} for email ${email}`,
       uid
     );
-    await UserDAL.updateEmail(uid, email, emailVerified);
-    userInfo.emailVerified = emailVerified;
   }
 
   const userData: User = {

frontend/src/email-handler.html

@@ -190,20 +190,23 @@
     }
 
     function handleVerifyEmail(actionCode, continueUrl) {
-      applyActionCode(Auth, actionCode)
+      var email = null;
+      checkActionCode(Auth, actionCode)
+        .then((info) => {
+          // Get the email address
+          email = info["data"]["email"];
+
+          return applyActionCode(Auth, actionCode);
+        })
+
         .then(async (resp) => {
           // Email address has been verified.
-          const token =
-            Auth.currentUser !== undefined
-              ? await Auth.currentUser.getIdToken(true)
-              : undefined;
-          const url = envConfig.backendUrl + "/users/verifyEmail";
-
-          await fetch(url, {
-            method: "GET",
+
+          await fetch(envConfig.backendUrl + "/users/verifyEmail", {
+            method: "POST",
+            body: JSON.stringify({ email }),
             headers: {
               "Content-Type": "application/json",
-              Authorization: `Bearer ${token}`,
             },
           });
 

packages/contracts/src/users.ts

@@ -308,6 +308,11 @@ export const ReportUserRequestSchema = z.object({
 });
 export type ReportUserRequest = z.infer<typeof ReportUserRequestSchema>;
 
+export const VerifyEmailRequestSchema = z.object({
+  email: UserEmailSchema,
+});
+export type VerifyEmailRequest = z.infer<typeof VerifyEmailRequestSchema>;
+
 export const ForgotPasswordEmailRequestSchema = z.object({
   captcha: z.string(),
   email: UserEmailSchema,
@@ -875,13 +880,14 @@ export const usersContract = c.router(
     verifyEmail: {
       summary: "verify email",
       description: "Verify the user email",
-      method: "GET",
+      method: "POST",
       path: "/verifyEmail",
+      body: VerifyEmailRequestSchema.strict(),
       responses: {
         200: MonkeyResponseSchema,
       },
       metadata: meta({
-        authenticationOptions: { noCache: true },
+        authenticationOptions: { isPublic: true },
         rateLimit: "userVerifyEmail",
       }),
     },