Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-26 16:46:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: handle case where email is explicitly passed into user.create, and thus is set in user hash, but confirmation request may have expired

Browse Source
This commit is contained in:
Julian Lam
2022-02-03 15:49:13 -05:00
parent 0322e984e0
commit 936562c3cb
1 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/controllers/write/users.js
View File

@@ -265,8 +265,9 @@ Users.getEmail = async (req, res) => {
}; };
Users.confirmEmail = async (req, res) => { Users.confirmEmail = async (req, res) => {
const [pending, canManage] = await Promise.all([ const [pending, current, canManage] = await Promise.all([
user.email.isValidationPending(req.params.uid, req.params.email), user.email.isValidationPending(req.params.uid, req.params.email),
user.getUserField(req.params.uid, 'email'),
privileges.admin.can('admin:users', req.uid), privileges.admin.can('admin:users', req.uid),
]); ]);
@@ -274,10 +275,13 @@ Users.confirmEmail = async (req, res) => {
helpers.notAllowed(req, res); helpers.notAllowed(req, res);
} }
if (pending) { if (pending) { // has active confirmation request
const code = await db.get(`confirm:byUid:${req.params.uid}`); const code = await db.get(`confirm:byUid:${req.params.uid}`);
await user.email.confirmByCode(code, req.session.id); await user.email.confirmByCode(code, req.session.id);
helpers.formatApiResponse(200, res); helpers.formatApiResponse(200, res);
} else if (current && current === req.params.email) { // email in user hash (i.e. email passed into user.create)
await user.email.confirmByUid(req.params.uid);
helpers.formatApiResponse(200, res);
} else { } else {
helpers.formatApiResponse(404, res); helpers.formatApiResponse(404, res);
} }