Merge pull request #9312 from raisedadead/fix/confirm-email-token-invalid
Error messages for invalid tokens from email links
This commit is contained in:
Berkeley Martinez
GitHub
@ -90,13 +90,66 @@ module.exports = function(User) {
|
|||||||
});
|
});
|
||||||
|
|
||||||
debug('setting up user hooks');
|
debug('setting up user hooks');
|
||||||
|
|
||||||
|
User.beforeRemote('confirm', function(ctx, _, next) {
|
||||||
|
|
||||||
|
if (!ctx.req.query) {
|
||||||
|
return ctx.res.redirect('/');
|
||||||
|
}
|
||||||
|
|
||||||
|
const uid = ctx.req.query.uid;
|
||||||
|
const token = ctx.req.query.token;
|
||||||
|
const redirect = ctx.req.query.redirect;
|
||||||
|
|
||||||
|
return User.findById(uid, (err, user) => {
|
||||||
|
|
||||||
|
if (err || !user) {
|
||||||
|
ctx.req.flash('error', {
|
||||||
|
msg: dedent`Oops, something went wrong, please try again later`
|
||||||
|
});
|
||||||
|
return ctx.res.redirect('/');
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!user.verificationToken && !user.emailVerified) {
|
||||||
|
ctx.req.flash('info', {
|
||||||
|
msg: dedent`Looks like we have your email. But you haven't
|
||||||
|
verified it yet, please login and request a fresh verification
|
||||||
|
link.`
|
||||||
|
});
|
||||||
|
return ctx.res.redirect(redirect);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!user.verificationToken && user.emailVerified) {
|
||||||
|
ctx.req.flash('info', {
|
||||||
|
msg: dedent`Looks like you have already verified your email.
|
||||||
|
Please login to continue.`
|
||||||
|
});
|
||||||
|
return ctx.res.redirect(redirect);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (user.verificationToken && user.verificationToken !== token) {
|
||||||
|
ctx.req.flash('info', {
|
||||||
|
msg: dedent`Looks like you have clicked an invalid link.
|
||||||
|
Please login and request a fresh one.`
|
||||||
|
});
|
||||||
|
return ctx.res.redirect(redirect);
|
||||||
|
}
|
||||||
|
|
||||||
|
return next();
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
User.afterRemote('confirm', function(ctx) {
|
User.afterRemote('confirm', function(ctx) {
|
||||||
|
if (!ctx.req.query) {
|
||||||
|
return ctx.res.redirect('/');
|
||||||
|
}
|
||||||
|
const redirect = ctx.req.query.redirect;
|
||||||
ctx.req.flash('success', {
|
ctx.req.flash('success', {
|
||||||
msg: [
|
msg: [
|
||||||
'Your email has been confirmed!'
|
'Your email has been confirmed!'
|
||||||
]
|
]
|
||||||
});
|
});
|
||||||
ctx.res.redirect('/');
|
return ctx.res.redirect(redirect);
|
||||||
});
|
});
|
||||||
|
|
||||||
User.beforeRemote('create', function({ req, res }, _, next) {
|
User.beforeRemote('create', function({ req, res }, _, next) {
|
||||||
|
|||||||
Reference in New Issue
Block a user