From 476f4e55c39b0ee571ac2169bbfc200e8cc04b55 Mon Sep 17 00:00:00 2001 From: James Allen Date: Fri, 13 Jul 2018 10:42:31 +0100 Subject: [PATCH] Just generate a new token on resending confirmation email --- .../Features/Security/OneTimeTokenHandler.coffee | 10 ---------- .../User/UserEmailsConfirmationHandler.coffee | 11 ----------- .../Features/User/UserEmailsController.coffee | 2 +- .../test/acceptance/coffee/UserEmailsTests.coffee | 14 +++++--------- 4 files changed, 6 insertions(+), 31 deletions(-) diff --git a/services/web/app/coffee/Features/Security/OneTimeTokenHandler.coffee b/services/web/app/coffee/Features/Security/OneTimeTokenHandler.coffee index dfae55e7cf..69c9f5b0e9 100644 --- a/services/web/app/coffee/Features/Security/OneTimeTokenHandler.coffee +++ b/services/web/app/coffee/Features/Security/OneTimeTokenHandler.coffee @@ -27,16 +27,6 @@ module.exports = return callback(error) if error? callback null, token - findValidTokenFromData: (use, data, callback = (error, token) ->) -> - db.tokens.findOne { - use: use, - data: data, - expiresAt: { $gt: new Date() }, - usedAt: { $exists: false } - }, (error, token) -> - return callback(error) if error? - return callback null, token?.token - getValueFromTokenAndExpire: (use, token, callback = (error, data) ->)-> logger.log token_start: token.slice(0,8), "getting data from #{use} token" now = new Date() diff --git a/services/web/app/coffee/Features/User/UserEmailsConfirmationHandler.coffee b/services/web/app/coffee/Features/User/UserEmailsConfirmationHandler.coffee index 53ae1fca2b..dd87570450 100644 --- a/services/web/app/coffee/Features/User/UserEmailsConfirmationHandler.coffee +++ b/services/web/app/coffee/Features/User/UserEmailsConfirmationHandler.coffee @@ -23,17 +23,6 @@ module.exports = UserEmailsConfirmationHandler = confirmEmailUrl: "#{settings.siteUrl}/user/emails/confirm?token=#{token}" EmailHandler.sendEmail emailTemplate, emailOptions, callback - resendConfirmationEmail: (user_id, email, callback = (error) ->) -> - OneTimeTokenHandler.findValidTokenFromData 'email_confirmation', { user_id, email }, (error, token) -> - return callback(error) if error? - if !token? - UserEmailsConfirmationHandler.sendConfirmationEmail user_id, email, callback - else - emailOptions = - to: email - confirmEmailUrl: "#{settings.siteUrl}/user/emails/confirm?token=#{token}" - EmailHandler.sendEmail 'confirmEmail', emailOptions, callback - confirmEmailFromToken: (token, callback = (error) ->) -> logger.log {token_start: token.slice(0,8)}, 'confirming email from token' OneTimeTokenHandler.getValueFromTokenAndExpire 'email_confirmation', token, (error, data) -> diff --git a/services/web/app/coffee/Features/User/UserEmailsController.coffee b/services/web/app/coffee/Features/User/UserEmailsController.coffee index 5c2fa5f587..1afb60b99b 100644 --- a/services/web/app/coffee/Features/User/UserEmailsController.coffee +++ b/services/web/app/coffee/Features/User/UserEmailsController.coffee @@ -71,7 +71,7 @@ module.exports = UserEmailsController = logger.log {userId, email, foundUserId: user?._id}, "email doesn't match logged in user" return res.sendStatus 422 logger.log {userId, email}, 'resending email confirmation token' - UserEmailsConfirmationHandler.resendConfirmationEmail userId, email, (error) -> + UserEmailsConfirmationHandler.sendConfirmationEmail userId, email, (error) -> return next(error) if error? res.sendStatus 200 diff --git a/services/web/test/acceptance/coffee/UserEmailsTests.coffee b/services/web/test/acceptance/coffee/UserEmailsTests.coffee index 40d0ca2244..71837f4633 100644 --- a/services/web/test/acceptance/coffee/UserEmailsTests.coffee +++ b/services/web/test/acceptance/coffee/UserEmailsTests.coffee @@ -200,8 +200,7 @@ describe "UserEmails", -> ], done describe 'resending the confirmation', -> - it 'should resend the existing token', (done) -> - token = null + it 'should generate a new token', (done) -> async.series [ (cb) => @user.request { @@ -223,7 +222,6 @@ describe "UserEmails", -> expect(tokens.length).to.equal 1 expect(tokens[0].data.email).to.equal 'reconfirmation-email@example.com' expect(tokens[0].data.user_id).to.equal @user._id - token = tokens[0].token cb() (cb) => @user.request { @@ -241,18 +239,18 @@ describe "UserEmails", -> 'data.user_id': @user._id, usedAt: { $exists: false } }, (error, tokens) => - # There should still only be one confirmation token - expect(tokens.length).to.equal 1 + # There should be two tokens now + expect(tokens.length).to.equal 2 expect(tokens[0].data.email).to.equal 'reconfirmation-email@example.com' expect(tokens[0].data.user_id).to.equal @user._id - token = tokens[0].token + expect(tokens[1].data.email).to.equal 'reconfirmation-email@example.com' + expect(tokens[1].data.user_id).to.equal @user._id cb() ], done it 'should create a new token if none exists', (done) -> # This should only be for users that have sign up with their main # emails before the confirmation system existed - token = null async.series [ (cb) => db.tokens.remove { @@ -280,12 +278,10 @@ describe "UserEmails", -> expect(tokens.length).to.equal 1 expect(tokens[0].data.email).to.equal @user.email expect(tokens[0].data.user_id).to.equal @user._id - token = tokens[0].token cb() ], done it "should not allow reconfirmation if the email doesn't match the user", (done) -> - token = null async.series [ (cb) => @user.request {