fix: Incomplete user object in verifyEmail function if both username and email are changed (#8889)

Author: mtrezza

spec/.eslintrc.json

@@ -28,6 +28,7 @@
  "fit_exclude_node_version": true,
  "it_exclude_dbs": true,
  "describe_only_db": true,
+ "fdescribe_only_db": true,
  "describe_only": true,
  "on_db": true,
  "defaultConfiguration": true,

spec/EmailVerificationToken.spec.js

@@ -127,6 +127,7 @@ describe('Email Verification Token Expiration: ', () => {
  user.set('email', 'user@parse.com');
  return user.signUp();
  })
+ .then(() => jasmine.timeout())
  .then(() => {
  request({
  url: sendEmailOptions.link,
@@ -168,6 +169,7 @@ describe('Email Verification Token Expiration: ', () => {
  user.set('email', 'user@parse.com');
  return user.signUp();
  })
+ .then(() => jasmine.timeout())
  .then(() => {
  request({
  url: sendEmailOptions.link,
@@ -215,6 +217,7 @@ describe('Email Verification Token Expiration: ', () => {
  user.set('email', 'user@parse.com');
  return user.signUp();
  })
+ .then(() => jasmine.timeout())
  .then(() => {
  request({
  url: sendEmailOptions.link,
@@ -388,6 +391,7 @@ describe('Email Verification Token Expiration: ', () => {
  user2.setPassword('expiringToken');
  user2.set('email', 'user2@example.com');
  await user2.signUp();
+ await jasmine.timeout();
  expect(user2.getSessionToken()).toBeUndefined();
  expect(sendEmailOptions).toBeDefined();
  expect(verifySpy).toHaveBeenCalledTimes(5);
@@ -422,10 +426,47 @@ describe('Email Verification Token Expiration: ', () => {
  newUser.set('email', 'user@example.com');
  await newUser.signUp();
  await Parse.User.requestEmailVerification('user@example.com');
+ await jasmine.timeout();
  expect(sendSpy).toHaveBeenCalledTimes(2);
  expect(emailSpy).toHaveBeenCalledTimes(0);
  });
 
+ it('provides full user object in email verification function on email and username change', async () => {
+ const emailAdapter = {
+ sendVerificationEmail: () => {},
+ sendPasswordResetEmail: () => Promise.resolve(),
+ sendMail: () => {},
+ };
+ const sendVerificationEmail = {
+ method(req) {
+ expect(req.user).toBeDefined();
+ expect(req.user.id).toBeDefined();
+ expect(req.user.get('createdAt')).toBeDefined();
+ expect(req.user.get('updatedAt')).toBeDefined();
+ expect(req.master).toBeDefined();
+ return false;
+ },
+ };
+ await reconfigureServer({
+ appName: 'emailVerifyToken',
+ verifyUserEmails: true,
+ emailAdapter: emailAdapter,
+ emailVerifyTokenValidityDuration: 5,
+ publicServerURL: 'http://localhost:8378/1',
+ sendUserEmailVerification: sendVerificationEmail.method,
+ });
+ const user = new Parse.User();
+ user.setPassword('password');
+ user.setUsername('new@example.com');
+ user.setEmail('user@example.com');
+ await user.save(null, { useMasterKey: true });
+
+ // Update email and username
+ user.setUsername('new@example.com');
+ user.setEmail('new@example.com');
+ await user.save(null, { useMasterKey: true });
+ });
+
  it('beforeSave options do not change existing behaviour', async () => {
  let sendEmailOptions;
  const emailAdapter = {
@@ -448,6 +489,7 @@ describe('Email Verification Token Expiration: ', () => {
  newUser.setPassword('expiringToken');
  newUser.set('email', 'user@parse.com');
  await newUser.signUp();
+ await jasmine.timeout();
  const response = await request({
  url: sendEmailOptions.link,
  followRedirects: false,
@@ -490,6 +532,7 @@ describe('Email Verification Token Expiration: ', () => {
  user.set('email', 'user@parse.com');
  return user.signUp();
  })
+ .then(() => jasmine.timeout())
  .then(() => {
  request({
  url: sendEmailOptions.link,
@@ -549,6 +592,7 @@ describe('Email Verification Token Expiration: ', () => {
  user.set('email', 'user@parse.com');
  return user.signUp();
  })
+ .then(() => jasmine.timeout())
  .then(() => {
  return request({
  url: sendEmailOptions.link,
@@ -766,6 +810,9 @@ describe('Email Verification Token Expiration: ', () => {
  })
  .then(response => {
  expect(response.status).toBe(200);
+ })
+ .then(() => jasmine.timeout())
+ .then(() => {
  expect(sendVerificationEmailCallCount).toBe(2);
  expect(sendEmailOptions).toBeDefined();
 
@@ -917,6 +964,7 @@ describe('Email Verification Token Expiration: ', () => {
  'Content-Type': 'application/json',
  },
  });
+ await jasmine.timeout();
  expect(response.status).toBe(200);
  expect(sendVerificationEmailCallCount).toBe(2);
  expect(sendEmailOptions).toBeDefined();
@@ -959,6 +1007,7 @@ describe('Email Verification Token Expiration: ', () => {
  user.set('email', 'user@parse.com');
  return user.signUp();
  })
+ .then(() => jasmine.timeout())
  .then(() => {
  return request({
  url: sendEmailOptions.link,
@@ -1197,6 +1246,7 @@ describe('Email Verification Token Expiration: ', () => {
  user.set('email', 'user@parse.com');
  return user.signUp();
  })
+ .then(() => jasmine.timeout())
  .then(() => {
  request({
  url: sendEmailOptions.link,

spec/PagesRouter.spec.js

@@ -749,6 +749,7 @@ describe('Pages Router', () => {
  user.setPassword('examplePassword');
  user.set('email', 'mail@example.com');
  await user.signUp();
+ await jasmine.timeout();
 
  const link = sendVerificationEmail.calls.all()[0].args[0].link;
  const linkWithLocale = new URL(link);
@@ -777,6 +778,7 @@ describe('Pages Router', () => {
  user.setPassword('examplePassword');
  user.set('email', 'mail@example.com');
  await user.signUp();
+ await jasmine.timeout();
 
  const link = sendVerificationEmail.calls.all()[0].args[0].link;
  const linkWithLocale = new URL(link);
@@ -830,6 +832,7 @@ describe('Pages Router', () => {
  user.setPassword('examplePassword');
  user.set('email', 'mail@example.com');
  await user.signUp();
+ await jasmine.timeout();
 
  const link = sendVerificationEmail.calls.all()[0].args[0].link;
  const linkWithLocale = new URL(link);
@@ -846,6 +849,8 @@ describe('Pages Router', () => {
  const locale = linkResponse.headers['x-parse-page-param-locale'];
  const username = linkResponse.headers['x-parse-page-param-username'];
  const publicServerUrl = linkResponse.headers['x-parse-page-param-publicserverurl'];
+ await jasmine.timeout();
+
  const invalidVerificationPagePath = pageResponse.calls.all()[0].args[0];
  expect(appId).toBeDefined();
  expect(locale).toBe(exampleLocale);
@@ -1190,14 +1195,14 @@ describe('Pages Router', () => {
  user.setPassword('examplePassword');
  user.set('email', 'mail@example.com');
  await user.signUp();
+ await jasmine.timeout();
 
  const link = sendVerificationEmail.calls.all()[0].args[0].link;
  const linkResponse = await request({
  url: link,
  followRedirects: false,
  });
  expect(linkResponse.status).toBe(200);
-
  const pagePath = pageResponse.calls.all()[0].args[0];
  expect(pagePath).toMatch(new RegExp(`\/${pages.emailVerificationSuccess.defaultFile}`));
  });

spec/Parse.Push.spec.js

@@ -2,14 +2,12 @@
 
 const request = require('../lib/request');
 
-const sleep = ms => new Promise(resolve => setTimeout(resolve, ms));
-
 const pushCompleted = async pushId => {
  const query = new Parse.Query('_PushStatus');
  query.equalTo('objectId', pushId);
  let result = await query.first({ useMasterKey: true });
  while (!(result && result.get('status') === 'succeeded')) {
- await sleep(100);
+ await jasmine.timeout();
  result = await query.first({ useMasterKey: true });
  }
 };

spec/ParseHooks.spec.js

@@ -190,7 +190,7 @@ describe('Hooks', () => {
 
  it('should fail trying to create two times the same function', done => {
  Parse.Hooks.createFunction('my_new_function', 'http://url.com')
- .then(() => new Promise(resolve => setTimeout(resolve, 100)))
+ .then(() => jasmine.timeout())
  .then(
  () => {
  return Parse.Hooks.createFunction('my_new_function', 'http://url.com');

spec/ParseUser.spec.js

@@ -3067,6 +3067,7 @@ describe('Parse.User testing', () => {
  },
  });
  })
+ .then(() => jasmine.timeout())
  .then(() => {
  expect(emailCalled).toBe(true);
  expect(emailOptions).not.toBeUndefined();

spec/PushController.spec.js

@@ -26,14 +26,12 @@ const successfulIOS = function (body, installations) {
  return Promise.all(promises);
 };
 
-const sleep = ms => new Promise(resolve => setTimeout(resolve, ms));
-
 const pushCompleted = async pushId => {
  const query = new Parse.Query('_PushStatus');
  query.equalTo('objectId', pushId);
  let result = await query.first({ useMasterKey: true });
  while (!(result && result.get('status') === 'succeeded')) {
- await sleep(100);
+ await jasmine.timeout();
  result = await query.first({ useMasterKey: true });
  }
 };
@@ -562,7 +560,7 @@ describe('PushController', () => {
  });
  const pushStatusId = await sendPush(payload, {}, config, auth);
  // it is enqueued so it can take time
- await sleep(1000);
+ await jasmine.timeout(1000);
  Parse.serverURL = 'http://localhost:8378/1'; // GOOD url
  const result = await Parse.Push.getPushStatus(pushStatusId);
  expect(result).toBeDefined();
@@ -801,7 +799,7 @@ describe('PushController', () => {
  });
  await Parse.Object.saveAll(installations);
  await pushController.sendPush(payload, {}, config, auth);
- await sleep(1000);
+ await jasmine.timeout(1000);
  const query = new Parse.Query('_PushStatus');
  const results = await query.find({ useMasterKey: true });
  expect(results.length).toBe(1);
@@ -856,7 +854,7 @@ describe('PushController', () => {
  const config = Config.get(Parse.applicationId);
  await Parse.Object.saveAll(installations);
  await pushController.sendPush(payload, {}, config, auth);
- await sleep(1000);
+ await jasmine.timeout(1000);
  const query = new Parse.Query('_PushStatus');
  const results = await query.find({ useMasterKey: true });
  expect(results.length).toBe(1);

spec/UserController.spec.js

@@ -1,16 +1,12 @@
 const emailAdapter = require('./support/MockEmailAdapter');
+const Config = require('../lib/Config');
+const Auth = require('../lib/Auth');
 
 describe('UserController', () => {
- const user = {
- _email_verify_token: 'testToken',
- username: 'testUser',
- email: 'test@example.com',
- };
-
  describe('sendVerificationEmail', () => {
  describe('parseFrameURL not provided', () => {
- it('uses publicServerURL', async done => {
- const server = await reconfigureServer({
+ it('uses publicServerURL', async () => {
+ await reconfigureServer({
  publicServerURL: 'http://www.example.com',
  customPages: {
  parseFrameURL: undefined,
@@ -19,20 +15,33 @@ describe('UserController', () => {
  emailAdapter,
  appName: 'test',
  });
+
+ let emailOptions;
  emailAdapter.sendVerificationEmail = options => {
- expect(options.link).toEqual(
- 'http://www.example.com/apps/test/verify_email?token=testToken&username=testUser'
- );
- emailAdapter.sendVerificationEmail = () => Promise.resolve();
- done();
+ emailOptions = options;
+ return Promise.resolve();
  };
- server.config.userController.sendVerificationEmail(user);
+
+ const username = 'verificationUser';
+ const user = new Parse.User();
+ user.setUsername(username);
+ user.setPassword('pass');
+ user.setEmail('verification@example.com');
+ await user.signUp();
+
+ const config = Config.get('test');
+ const rawUser = await config.database.find('_User', { username }, {}, Auth.maintenance(config));
+ const rawUsername = rawUser[0].username;
+ const rawToken = rawUser[0]._email_verify_token;
+ expect(rawToken).toBeDefined();
+ expect(rawUsername).toBe(username);
+ expect(emailOptions.link).toEqual(`http://www.example.com/apps/test/verify_email?token=${rawToken}&username=${username}`);
  });
  });
 
  describe('parseFrameURL provided', () => {
- it('uses parseFrameURL and includes the destination in the link parameter', async done => {
- const server = await reconfigureServer({
+ it('uses parseFrameURL and includes the destination in the link parameter', async () => {
+ await reconfigureServer({
  publicServerURL: 'http://www.example.com',
  customPages: {
  parseFrameURL: 'http://someother.example.com/handle-parse-iframe',
@@ -41,14 +50,27 @@ describe('UserController', () => {
  emailAdapter,
  appName: 'test',
  });
+
+ let emailOptions;
  emailAdapter.sendVerificationEmail = options => {
- expect(options.link).toEqual(
- 'http://someother.example.com/handle-parse-iframe?link=%2Fapps%2Ftest%2Fverify_email&token=testToken&username=testUser'
- );
- emailAdapter.sendVerificationEmail = () => Promise.resolve();
- done();
+ emailOptions = options;
+ return Promise.resolve();
  };
- server.config.userController.sendVerificationEmail(user);
+
+ const username = 'verificationUser';
+ const user = new Parse.User();
+ user.setUsername(username);
+ user.setPassword('pass');
+ user.setEmail('verification@example.com');
+ await user.signUp();
+
+ const config = Config.get('test');
+ const rawUser = await config.database.find('_User', { username }, {}, Auth.maintenance(config));
+ const rawUsername = rawUser[0].username;
+ const rawToken = rawUser[0]._email_verify_token;
+ expect(rawToken).toBeDefined();
+ expect(rawUsername).toBe(username);
+ expect(emailOptions.link).toEqual(`http://someother.example.com/handle-parse-iframe?link=%2Fapps%2Ftest%2Fverify_email&token=${rawToken}&username=${username}`);
  });
  });
  });