parse-server: preventLoginWithUnverifiedEmail not Working
Issue Description
I am running parse-server v. 2.2.22. In my ParseServer configuration, I have preventLoginWithUnverifiedEmail = true. On signup, before a user verifies their email, it still logs them in.
My configuration:
var parse_api = new ParseServer({
databaseURI: process.env.MONGOLAB_URI ||
config.databaseURI,
// cloud: './cloud/main.js',
appId: config.parseAppId,
fileKey: config.parseFileKey,
masterKey: config.parseMasterKey,
serverURL: process.env.PARSE_SERVER_URL || config.parseServerURL,
publicServerURL: config.parsePublicServerURL,
verifyUserEmails: config.parseVerifyUserEmails,
appName: config.parseAppName,
facebookAppIds: config.facebookAppIds,
preventLoginWithUnverifiedEmail: config.parsePreventLoginWithUnverifiedEmail,
// The email adapter
emailAdapter: {
module: config.parseEmailAdapterModule,
options: {
// The address that your emails come from
fromAddress: config.parseFromEmailAddress,
// Your domain from mailgun.com
domain: config.parseEmailDomain,
// Your API key from mailgun.com
apiKey: config.parseEmailAPIKey,
}
}
});
Steps to reproduce
Please include a detailed list of steps that reproduce the issue. Include curl commands when applicable.
- Sign up a user
- Do not verify the email address
- Try and login
Expected Results
The User will be blocked from login during signup.
Actual Outcome
The User is logged no problem.
Environment Setup
- Server
- parse-server version : 2.22.22
- Localhost or remote server? Heroku
- Database
- MongoDB version: 3.2.9
- Localhost or remote server?: mLab
Logs/Trace
2016-10-13T03:55:00.897370+00:00 app[web.1]: GET /parse/login 200 103.378 ms - 341
About this issue
- Original URL
- State: closed
- Created 8 years ago
- Comments: 31 (19 by maintainers)
what we should do is simply not return the session token upon signup if the server is configured to require a verified email.