@accounts/password - npm Package Compare versions

Comparing version 0.9.2 to 0.9.3

__tests__/accounts-password.ts

@@ -391,6 +391,9 @@ import { set } from 'lodash';
   describe('sendVerificationEmail', () => {
-    const email = 'john.doe@gmail.com';
+    const unverifiedEmail = 'john.doe@gmail.com';
     const verifiedEmail = 'john.doe2@gmail.com';
     const validUser = {
-      emails: [{ address: email }, { address: verifiedEmail, verified: true }],
+      emails: [
+        { address: unverifiedEmail, verified: false },
+        { address: verifiedEmail, verified: true },
+      ],
     };
@@ -411,3 +414,3 @@
       try {
-        await password.sendVerificationEmail(email);
+        await password.sendVerificationEmail(unverifiedEmail);
         throw new Error();
@@ -419,2 +422,19 @@ } catch (err) {
 
+    it('should not send email if email is already verified', async () => {
+      const findUserByEmail = jest.fn(() => Promise.resolve(validUser));
+      const addEmailVerificationToken = jest.fn(() => Promise.resolve());
+      const prepareMail = jest.fn(() => Promise.resolve());
+      const sanitizeUser = jest.fn(() => Promise.resolve());
+      const sendMail = jest.fn(() => Promise.resolve());
+      password.setStore({ findUserByEmail, addEmailVerificationToken } as any);
+      password.server = {
+        prepareMail,
+        options: { sendMail },
+        sanitizeUser,
+      } as any;
+      set(password.server, 'options.emailTemplates', {});
+      await password.sendVerificationEmail(verifiedEmail);
+      expect(addEmailVerificationToken).not.toBeCalled();
+    });
+
     it('send email to first unverified email', async () => {
@@ -433,3 +453,3 @@ const findUserByEmail = jest.fn(() => Promise.resolve(validUser));
       set(password.server, 'options.emailTemplates', {});
-      await password.sendVerificationEmail(verifiedEmail);
+      await password.sendVerificationEmail(unverifiedEmail);
       expect(addEmailVerificationToken.mock.calls[0].length).toBe(3);
@@ -453,3 +473,3 @@ expect(prepareMail.mock.calls[0].length).toBe(6);
       set(password.server, 'options.emailTemplates', {});
-      await password.sendVerificationEmail(email);
+      await password.sendVerificationEmail(unverifiedEmail);
       expect(addEmailVerificationToken.mock.calls[0].length).toBe(3);
@@ -456,0 +476,0 @@ expect(prepareMail.mock.calls[0].length).toBe(6);

lib/accounts-password.d.ts

@@ -104,2 +104,3 @@ import { User, TokenRecord, DatabaseInterface, AuthenticationService, HashAlgorithm, ConnectionInformations, LoginResult } from '@accounts/types';
      * Defaults to the first unverified email in the list.
+     * If the address is already verified we do not send any email.
      * @returns {Promise<void>} - Return a Promise.
@@ -106,0 +107,0 @@ */

lib/accounts-password.js

@@ -305,2 +305,3 @@ "use strict";
      * Defaults to the first unverified email in the list.
+     * If the address is already verified we do not send any email.
      * @returns {Promise<void>} - Return a Promise.
@@ -310,3 +311,3 @@ */
         return __awaiter(this, void 0, void 0, function () {
-            var user, token, resetPasswordMail;
+            var user, emailRecord, token, resetPasswordMail;
             return __generator(this, function (_a) {
@@ -328,2 +329,6 @@ switch (_a.label) {
                         }
+                        emailRecord = lodash_1.find(user.emails, function (email) { return email.address.toLowerCase() === address.toLocaleLowerCase(); });
+                        if (!emailRecord || emailRecord.verified) {
+                            return [2 /*return*/];
+                        }
                         token = server_1.generateRandomToken();
@@ -330,0 +335,0 @@ return [4 /*yield*/, this.db.addEmailVerificationToken(user.id, address, token)];

package.json

 {
   "name": "@accounts/password",
-  "version": "0.9.2",
+  "version": "0.9.3",
   "license": "MIT",
@@ -27,3 +27,3 @@ "main": "lib/index.js",
   "dependencies": {
-    "@accounts/two-factor": "^0.9.2",
+    "@accounts/two-factor": "^0.9.3",
     "bcryptjs": "^2.4.3",
@@ -33,8 +33,8 @@ "lodash": "^4.17.11"
   "devDependencies": {
-    "@accounts/server": "^0.9.2",
-    "@accounts/types": "^0.9.2",
+    "@accounts/server": "^0.9.3",
+    "@accounts/types": "^0.9.3",
     "@types/bcryptjs": "2.4.2",
-    "@types/jest": "23.3.12",
-    "@types/lodash": "4.14.119",
-    "@types/node": "10.12.18",
+    "@types/jest": "23.3.13",
+    "@types/lodash": "4.14.120",
+    "@types/node": "10.12.21",
     "jest": "23.6.0",
@@ -41,0 +41,0 @@ "rimraf": "2.6.3"

src/accounts-password.ts

@@ -283,2 +283,3 @@ import { trim, isEmpty, pick, isString, isPlainObject, find, includes, defer } from 'lodash';
    * Defaults to the first unverified email in the list.
+   * If the address is already verified we do not send any email.
    * @returns {Promise<void>} - Return a Promise.
@@ -299,2 +300,12 @@ */
     }
+
+    // Do not send an email if the address is already verified
+    const emailRecord = find(
+      user.emails,
+      (email: EmailRecord) => email.address.toLowerCase() === address.toLocaleLowerCase()
+    );
+    if (!emailRecord || emailRecord.verified) {
+      return;
+    }
+
     const token = generateRandomToken();
@@ -301,0 +312,0 @@ await this.db.addEmailVerificationToken(user.id, address, token);

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Worsened metrics

Total package byte prevSize

116439

decreased by-63.51%

Number of package files

55

decreased by-27.63%

Lines of code

2228

decreased by-21.47%

Dependency changes

• Updated@accounts/two-factor@^0.9.3