Merge pull request #9312 from raisedadead/fix/confirm-email-token-invalid
Error messages for invalid tokens from email links
This commit is contained in:
Berkeley Martinez
GitHub
@ -90,13 +90,66 @@ module.exports = function(User) {
|
||||
});
|
||||
|
||||
debug('setting up user hooks');
|
||||
|
||||
User.beforeRemote('confirm', function(ctx, _, next) {
|
||||
|
||||
if (!ctx.req.query) {
|
||||
return ctx.res.redirect('/');
|
||||
}
|
||||
|
||||
const uid = ctx.req.query.uid;
|
||||
const token = ctx.req.query.token;
|
||||
const redirect = ctx.req.query.redirect;
|
||||
|
||||
return User.findById(uid, (err, user) => {
|
||||
|
||||
if (err || !user) {
|
||||
ctx.req.flash('error', {
|
||||
msg: dedent`Oops, something went wrong, please try again later`
|
||||
});
|
||||
return ctx.res.redirect('/');
|
||||
}
|
||||
|
||||
if (!user.verificationToken && !user.emailVerified) {
|
||||
ctx.req.flash('info', {
|
||||
msg: dedent`Looks like we have your email. But you haven't
|
||||
verified it yet, please login and request a fresh verification
|
||||
link.`
|
||||
});
|
||||
return ctx.res.redirect(redirect);
|
||||
}
|
||||
|
||||
if (!user.verificationToken && user.emailVerified) {
|
||||
ctx.req.flash('info', {
|
||||
msg: dedent`Looks like you have already verified your email.
|
||||
Please login to continue.`
|
||||
});
|
||||
return ctx.res.redirect(redirect);
|
||||
}
|
||||
|
||||
if (user.verificationToken && user.verificationToken !== token) {
|
||||
ctx.req.flash('info', {
|
||||
msg: dedent`Looks like you have clicked an invalid link.
|
||||
Please login and request a fresh one.`
|
||||
});
|
||||
return ctx.res.redirect(redirect);
|
||||
}
|
||||
|
||||
return next();
|
||||
});
|
||||
});
|
||||
|
||||
User.afterRemote('confirm', function(ctx) {
|
||||
if (!ctx.req.query) {
|
||||
return ctx.res.redirect('/');
|
||||
}
|
||||
const redirect = ctx.req.query.redirect;
|
||||
ctx.req.flash('success', {
|
||||
msg: [
|
||||
'Your email has been confirmed!'
|
||||
]
|
||||
});
|
||||
ctx.res.redirect('/');
|
||||
return ctx.res.redirect(redirect);
|
||||
});
|
||||
|
||||
User.beforeRemote('create', function({ req, res }, _, next) {
|
||||
|
||||
Reference in New Issue
Block a user