Permalink
Browse files

fix forgotten email flow: remove stale email records upon re-verifica…

…tion. closes #170
  • Loading branch information...
1 parent 55b6d99 commit 1a43a06e565d9c125de349575c9132a32aa6c5e3 @lloyd lloyd committed Aug 17, 2011
Showing with 21 additions and 3 deletions.
  1. +21 −3 browserid/lib/db_mysql.js
View
@@ -210,12 +210,30 @@ exports.gotVerificationSecret = function(secret, cb) {
var o = rows[0];
function addEmailAndPubkey(userID) {
+ // issue #170 - delete any old records with the same
+ // email address. this is necessary because
+ // gotVerificationSecret is invoked both for
+ // forgotten password flows and for new user signups.
+ // We could add an `ON DUPLICATE KEY` clause, however
+ // We actually want to invalidate all old public keys.
+ //
+ // XXX: periodic database cleanup should remove old expired
+ // keys, but this is moot once we move to certs as the
+ // server won't know about old keys
client.query(
- "INSERT INTO email(user, address) VALUES(?, ?)",
- [ userID, o.email ],
+ "DELETE FROM email WHERE address = ?",
+ [ o.email ],
function(err, info) {
if (err) { logUnexpectedError(err); cb(err); return; }
- addKeyToEmailRecord(info.insertId, o.pubkey, cb);
+ else {
+ client.query(
+ "INSERT INTO email(user, address) VALUES(?, ?)",
+ [ userID, o.email ],
+ function(err, info) {
+ if (err) { logUnexpectedError(err); cb(err); return; }
+ addKeyToEmailRecord(info.insertId, o.pubkey, cb);
+ });
+ }
});
}

0 comments on commit 1a43a06

Please sign in to comment.