Skip to content

Commit eb640d8

Browse files
loaybajtos
loay
authored and
bajtos
committed
Require verification after email change
When the User model is configured to require email verification, then any change of the email address should trigger re-verification.
1 parent fcbe028 commit eb640d8

File tree

2 files changed

+77
-0
lines changed

2 files changed

+77
-0
lines changed

common/models/user.js

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -683,6 +683,19 @@ module.exports = function(User) {
683683
ctx.hookState.originalUserData = userInstances.map(function(u) {
684684
return { id: u.id, email: u.email };
685685
});
686+
if (ctx.instance) {
687+
var emailChanged = ctx.instance.email !== ctx.hookState.originalUserData[0].email;
688+
if (emailChanged && ctx.Model.settings.emailVerificationRequired) {
689+
ctx.instance.emailVerified = false;
690+
}
691+
} else {
692+
var emailChanged = ctx.hookState.originalUserData.some(function(data) {
693+
return data.email != ctx.data.email;
694+
});
695+
if (emailChanged && ctx.Model.settings.emailVerificationRequired) {
696+
ctx.data.emailVerified = false;
697+
}
698+
}
686699
next();
687700
});
688701
});

test/user.test.js

Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2193,6 +2193,70 @@ describe('User', function() {
21932193
});
21942194
});
21952195

2196+
describe('Verification after updating email', function() {
2197+
var NEW_EMAIL = '[email protected]';
2198+
var userInstance;
2199+
2200+
beforeEach(createOriginalUser);
2201+
2202+
it('sets verification to false after email update if verification is required',
2203+
function(done) {
2204+
User.settings.emailVerificationRequired = true;
2205+
async.series([
2206+
function updateUser(next) {
2207+
userInstance.updateAttribute('email', NEW_EMAIL, function(err, info) {
2208+
if (err) return next (err);
2209+
assert.equal(info.email, NEW_EMAIL);
2210+
next();
2211+
});
2212+
},
2213+
function findUser(next) {
2214+
User.findById(userInstance.id, function(err, info) {
2215+
if (err) return next (err);
2216+
assert.equal(info.email, NEW_EMAIL);
2217+
assert.equal(info.emailVerified, false);
2218+
next();
2219+
});
2220+
},
2221+
], done);
2222+
});
2223+
2224+
it('leaves verification as is after email update if verification is not required',
2225+
function(done) {
2226+
User.settings.emailVerificationRequired = false;
2227+
async.series([
2228+
function updateUser(next) {
2229+
userInstance.updateAttribute('email', NEW_EMAIL, function(err, info) {
2230+
if (err) return next (err);
2231+
assert.equal(info.email, NEW_EMAIL);
2232+
next();
2233+
});
2234+
},
2235+
function findUser(next) {
2236+
User.findById(userInstance.id, function(err, info) {
2237+
if (err) return next (err);
2238+
assert.equal(info.email, NEW_EMAIL);
2239+
assert.equal(info.emailVerified, true);
2240+
next();
2241+
});
2242+
},
2243+
], done);
2244+
});
2245+
2246+
function createOriginalUser(done) {
2247+
var userData = {
2248+
email: '[email protected]',
2249+
password: 'bar',
2250+
emailVerified: true,
2251+
};
2252+
User.create(userData, function(err, instance) {
2253+
if (err) return done(err);
2254+
userInstance = instance;
2255+
done();
2256+
});
2257+
}
2258+
});
2259+
21962260
describe('password reset with/without email verification', function() {
21972261
it('allows resetPassword by email if email verification is required and done',
21982262
function(done) {

0 commit comments

Comments
 (0)