Skip to content
This repository has been archived by the owner on May 10, 2019. It is now read-only.

Commit

Permalink
collapse add email and reverification into a single wsapi and corresp…
Browse files Browse the repository at this point in the history 
…onding db call.
  • Loading branch information
@lloyd
lloyd committed Jul 10, 2012
1 parent 2828780 commit 597dd63
Show file tree
Hide file tree
Showing 11 changed files with 31 additions and 70 deletions.
3 changes: 1 addition & 2 deletions lib/db.js
View file
Expand Up @@ -103,9 +103,8 @@ exports.onReady = function(f) {
'stageUser',
'stageEmail',
'completeCreateUser',
'completeAddEmail',
'completeConfirmEmail',
'completePasswordReset',
'completeReverify',
'removeEmail',
'cancelAccount',
'updatePassword',
Expand Down
28 changes: 3 additions & 25 deletions lib/db/json.js
View file
Expand Up @@ -292,7 +292,9 @@ function getAndDeleteRowForSecret(secret, cb) {
process.nextTick(function() { cb(null, o); });
}

exports.completeAddEmail = function(secret, cb) {
// either a email re-verification, or an email addition - we treat these things
// the same
exports.completeConfirmEmail = function(secret, cb) {
getAndDeleteRowForSecret(secret, function(err, o) {
exports.emailKnown(o.email, function(err, known) {
function addIt() {
Expand Down Expand Up @@ -322,30 +324,6 @@ exports.completeAddEmail = function(secret, cb) {
});
}

exports.completeReverify = function(secret, cb) {
getAndDeleteRowForSecret(secret, function(err, o) {
exports.emailToUID(o.email, function(err, uid) {
if (err) return cb(err);

// if for some reason the email is associated with a different user now than when
// the action was initiated, error out.
if (uid !== o.existing_user) {
return cb("cannot update password, data inconsistency");
}

sync();
// flip the verification bit on all emails for the user other than the one just verified
var email = jsel.match(":has(.id:expr(x=?)) > .emails > .?", [ uid, o.email ], db.users);
if (!email.length) return cb("cannot find email");
email = email[0];
email.verified = true;
flush();

cb(err, o.email, uid);
});
});
};

exports.completeCreateUser = function(secret, cb) {
getAndDeleteRowForSecret(secret, function(err, o) {
exports.emailKnown(o.email, function(err, known) {
Expand Down
31 changes: 5 additions & 26 deletions lib/db/mysql.js
View file
Expand Up @@ -378,7 +378,9 @@ exports.completeCreateUser = function(secret, cb) {
});
};

exports.completeAddEmail = function(secret, cb) {
// either a email re-verification, or an email addition - we treat these things
// the same
exports.completeConfirmEmail = function(secret, cb) {
getAndDeleteRowForSecret(secret, function(err, o) {
if (err) return cb(err);

Expand All @@ -390,8 +392,8 @@ exports.completeAddEmail = function(secret, cb) {
return cb("data inconsistency, no numeric existing user associated with staged email address");
}

// we're adding an email address to an existing user account. add appropriate entries into
// email table
// we're adding or reverifying an email address to an existing user account. add appropriate
// entries into email table.
if (o.passwd) {
exports.updatePassword(o.existing_user, o.passwd, function(err) {
if (err) return cb('could not set user\'s password');
Expand All @@ -403,29 +405,6 @@ exports.completeAddEmail = function(secret, cb) {
});
};

exports.completeReverify = function(secret, cb) {
getAndDeleteRowForSecret(secret, function(err, o) {
if (err) return cb(err);

if (o.new_acct) return cb("this verification link is not for an re-verification");

// ensure the expected existing_user field is populated, which it must always be when
// new_acct is false
if (typeof o.existing_user !== 'number') {
return cb("data inconsistency, no numeric existing user associated with staged email address");
}

// simply flip a bit
client.query(
'UPDATE email SET verified = TRUE WHERE user = ? AND type = ? AND address = ?',
[ o.existing_user, 'secondary', o.email ],
function(err, rez) {
if (!rez || rez.affectedRows !== 1) cb("couldn't update email address");
else cb(err, o.email, o.existing_user);
});
});
};

exports.completePasswordReset = function(secret, cb) {
getAndDeleteRowForSecret(secret, function(err, o) {
if (err) return cb(err);
Expand Down
4 changes: 2 additions & 2 deletions lib/load_gen/activities/add_email.js
View file
Expand Up @@ -19,7 +19,7 @@ exports.startFunc = function(cfg, cb) {
// 5. email_addition_status is invoked some number of times while the dialog polls
// 6. landing page is loaded:
// 6a. session_context
// 6b. complete_email_addition
// 6b. complete_email_confirmation
// 7. email_addition_status returns 'complete'
// 8. a key is generated and added

Expand Down Expand Up @@ -76,7 +76,7 @@ exports.startFunc = function(cfg, cb) {
var token = r.body;

// and simulate clickthrough
wcli.post(cfg, '/wsapi/complete_email_addition', context, {
wcli.post(cfg, '/wsapi/complete_email_confirmation', context, {
token: token
}, function (err, r) {
try {
Expand Down
11 changes: 8 additions & 3 deletions lib/wsapi/complete_email_confirmation.js
View file
Expand Up @@ -2,6 +2,12 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */

/* This api is hit in two cases:
* + the final step in adding a new email to your account
* + the final step in re-verifying an email in your account after
* password reset
*/

const
db = require('../db.js'),
logger = require('../logging.js').logger,
Expand All @@ -18,11 +24,10 @@ exports.args = ['token'];
exports.i18n = false;

exports.process = function(req, res) {
// in order to complete an email addition, one of the following must be true:
// in order to complete an email confirmation, one of the following must be true:
//
// 1. you must already be authenticated as the user who initiated the verification
// 2. you must provide the password of the initiator.

db.authForVerificationSecret(req.body.token, function(err, initiator_hash, initiator_uid) {
if (err) {
logger.info("unknown verification secret: " + err);
Expand All @@ -47,7 +52,7 @@ exports.process = function(req, res) {
}

function postAuthentication() {
db.completeAddEmail(req.body.token, function(e, email, uid) {
db.completeConfirmEmail(req.body.token, function(e, email, uid) {
if (e) {
logger.warn("couldn't complete email verification: " + e);
wsapi.databaseDown(res, e);
Expand Down
2 changes: 1 addition & 1 deletion tests/db-test.js
View file
Expand Up @@ -218,7 +218,7 @@ suite.addBatch({
"makes it visible via isStaged": function(sekret, r) { assert.isTrue(r); },
"lets you verify it": {
topic: function(secret, r) {
db.completeAddEmail(secret, this.callback);
db.completeConfirmEmail(secret, this.callback);
},
"successfully": function(err, r) {
assert.isNull(err);
Expand Down
2 changes: 1 addition & 1 deletion tests/email-throttling-test.js
View file
Expand Up @@ -112,7 +112,7 @@ suite.addBatch({
suite.addBatch({
"and when we attempt to finish adding the email address": {
topic: function() {
wsapi.post('/wsapi/complete_email_addition', { token: token }).call(this);
wsapi.post('/wsapi/complete_email_confirmation', { token: token }).call(this);
},
"it works swimmingly": function(err, r) {
assert.equal(r.code, 200);
Expand Down
4 changes: 2 additions & 2 deletions tests/forgotten-pass-test.js
View file
Expand Up @@ -105,7 +105,7 @@ suite.addBatch({
suite.addBatch({
"create second account": {
topic: function() {
wsapi.post('/wsapi/complete_email_addition', { token: token }).call(this);
wsapi.post('/wsapi/complete_email_confirmation', { token: token }).call(this);
},
"account created": function(err, r) {
assert.equal(r.code, 200);
Expand Down Expand Up @@ -423,7 +423,7 @@ suite.addBatch({
suite.addBatch({
"complete reverify": {
topic: function() {
wsapi.post('/wsapi/complete_reverify', { token: token }).call(this);
wsapi.post('/wsapi/complete_email_confirmation', { token: token }).call(this);
},
"works": function(err, r) {
assert.equal(r.code, 200);
Expand Down
4 changes: 2 additions & 2 deletions tests/primary-then-secondary-test.js
View file
Expand Up @@ -122,7 +122,7 @@ suite.addBatch({
},
"which then": {
topic: function() {
wsapi.post('/wsapi/complete_email_addition', {
wsapi.post('/wsapi/complete_email_confirmation', {
token: this._token
}).call(this);
},
Expand Down Expand Up @@ -200,7 +200,7 @@ suite.addBatch({
},
"with a token": {
topic: function() {
wsapi.post('/wsapi/complete_email_addition', {
wsapi.post('/wsapi/complete_email_confirmation', {
token: this._token
}).call(this);
},
Expand Down
4 changes: 2 additions & 2 deletions tests/stalled-mysql-test.js
View file
Expand Up @@ -119,8 +119,8 @@ suite.addBatch({
assert.strictEqual(r.code, 503);
}
},
"complete_email_addition": {
topic: wsapi.post('/wsapi/complete_email_addition', {
"complete_email_confirmation": {
topic: wsapi.post('/wsapi/complete_email_confirmation', {
token: 'bogus'
}),
"fails with 503": function(err, r) {
Expand Down
8 changes: 4 additions & 4 deletions tests/verify-in-different-browser-test.js
View file
Expand Up @@ -100,7 +100,7 @@ suite.addBatch({
"then clearing cookies and completing": {
topic: function() {
wsapi.clearCookies();
wsapi.post('/wsapi/complete_email_addition', {
wsapi.post('/wsapi/complete_email_confirmation', {
token: this._token
}).call(this);
},
Expand All @@ -109,7 +109,7 @@ suite.addBatch({
},
"but succeeds": {
topic: function() {
wsapi.post('/wsapi/complete_email_addition', {
wsapi.post('/wsapi/complete_email_confirmation', {
token: this._token,
pass: TEST_PASS
}).call(this);
Expand Down Expand Up @@ -171,7 +171,7 @@ suite.addBatch({
"then clearing cookies and completing": {
topic: function() {
wsapi.clearCookies();
wsapi.post('/wsapi/complete_email_addition', {
wsapi.post('/wsapi/complete_email_confirmation', {
token: this._token
}).call(this);
},
Expand All @@ -180,7 +180,7 @@ suite.addBatch({
},
"but succeeds": {
topic: function() {
wsapi.post('/wsapi/complete_email_addition', {
wsapi.post('/wsapi/complete_email_confirmation', {
token: this._token,
pass: TEST_PASS
}).call(this);
Expand Down

0 comments on commit 597dd63

Please sign in to comment.