fix: Issue #4142 (#4144)

flovilmart · web-flow · commit a660a0c25fb2 · 2017-09-11T11:07:39.000-04:00
* Tweaks test in order to show the error

- Session is effectively created when it should not

* Do not create a session when users need verified accounts on signup
diff --git a/spec/ValidationAndPasswordsReset.spec.js b/spec/ValidationAndPasswordsReset.spec.js
@@ -258,7 +258,10 @@ describe("Custom Pages, Email Verification, Password Reset", () => {
         user.setUsername("zxcv");
         user.set("email", "testInvalidConfig@parse.com");
         user.signUp(null)
-          .then(() => Parse.User.logIn("zxcv", "asdf"))
+          .then((user) => {
+            expect(user.getSessionToken()).toBe(undefined);
+            return Parse.User.logIn("zxcv", "asdf");
+          })
           .then(() => {
             fail('login should have failed');
             done();
diff --git a/src/RestWrite.js b/src/RestWrite.js
@@ -548,6 +548,11 @@ RestWrite.prototype.createSessionTokenIfNeeded = function() {
   if (this.query) {
     return;
   }
+  if (!this.storage['authProvider'] // signup call, with
+      && this.config.preventLoginWithUnverifiedEmail // no login without verification
+      && this.config.verifyUserEmails) { // verification is on
+    return; // do not create the session token in that case!
+  }
   return this.createSessionToken();
 }
 

Original file line number	Diff line number	Diff line change
`@@ -548,6 +548,11 @@ RestWrite.prototype.createSessionTokenIfNeeded = function() {`
`548`	`548`	`if (this.query) {`
`549`	`549`	`return;`
`550`	`550`	`}`
	`551`	`+ if (!this.storage['authProvider'] // signup call, with`
	`552`	`+ && this.config.preventLoginWithUnverifiedEmail // no login without verification`
	`553`	`+ && this.config.verifyUserEmails) { // verification is on`
	`554`	`+ return; // do not create the session token in that case!`
	`555`	`+ }`
`551`	`556`	`return this.createSessionToken();`
`552`	`557`	`}`
`553`	`558`