parse-server icon indicating copy to clipboard operation
parse-server copied to clipboard
verified publisher icon parse-community

feat: Add event information on `verifyUserEmails`

Open coratgerl opened this issue 2 weeks ago โ€ข 6 comments

Pull Request

Issue

Fixes: https://github.com/parse-community/parse-server/issues/9505

  • [x] Add tests
  • [ ] Add changes to documentation (guides, repository pages, code comments)
  • [ ] Add security check
  • [ ] Add new Parse Error codes to Parse JS SDK

Summary by CodeRabbit

Release Notes

  • New Features
    • Added preventSignupWithUnverifiedEmail option to control signup behavior with unverified emails.
    • Added emailVerifyTokenValidityDuration and emailVerifyTokenReuseIfValid options to configure email verification token lifecycle.
    • Enhanced verifyUserEmails and preventLoginWithUnverifiedEmail options to support conditional logic based on verification context (signup vs. login and authentication method).

โœ๏ธ Tip: You can customize this high-level summary in your review settings.

coratgerl avatar Dec 06 '25 19:12 coratgerl

๐Ÿš€ Thanks for opening this pull request!

parse-github-assistant[bot] avatar Dec 06 '25 19:12 parse-github-assistant[bot]

๐Ÿ“ Walkthrough

Walkthrough

This PR implements the feature to pass invocation event information to the verifyUserEmails callback, enabling distinction between signup and login scenarios and identification of the auth provider used. The createdWith object containing action ('signup'/'login') and authProvider is now computed and injected into email verification and session creation requests across multiple flows.

Changes

Cohort / File(s) Summary
Test Updates
spec/EmailVerificationToken.spec.js, spec/ValidationAndPasswordsReset.spec.js		 Add assertions and expectations for createdWith parameter in verification flows, validating presence of action and authProvider fields in signup and login scenarios.
Option Type Definitions
src/Options/index.js		 Introduce new EmailVerificationRequest type; expand verifyUserEmails and preventLoginWithUnverifiedEmail option signatures from boolean to support function callbacks receiving EmailVerificationRequest; add new options preventSignupWithUnverifiedEmail, emailVerifyTokenValidityDuration, and emailVerifyTokenReuseIfValid.
Option Configuration & Documentation
src/Options/Definitions.js, src/Options/docs.js		 Remove action field from preventLoginWithUnverifiedEmail option; update help text and documentation to describe createdWith parameter containing signup/login action and auth provider.
Type Definitions
types/Options/index.d.ts		 Add VerifyUserEmailsRequest interface; update verifyUserEmails and preventLoginWithUnverifiedEmail signatures to accept function variants returning boolean or Promise.
Core Implementation
src/RestWrite.js		 Add public getCreatedWith() method to compute and cache createdWith object based on operation type (create/login) and auth context; integrate into email validation, session creation, and login flows.
Auth Provider Derivation
src/Routers/UsersRouter.js		 Extract authProvider from req.body.authData during login to populate createdWith.authProvider, defaulting to 'password' if absent.

Estimated code review effort

๐ŸŽฏ 3 (Moderate) | โฑ๏ธ ~20 minutes

  • src/RestWrite.js: Review the getCreatedWith() method logic for correctly identifying signup vs. login and auth provider detection; verify caching behavior and integration points across multiple request creation flows.
  • src/Routers/UsersRouter.js: Verify authProvider string derivation handles all auth data scenarios correctly and maintains backward compatibility for password-based authentication.
  • Type signature consistency: Ensure TypeScript definitions in types/Options/index.d.ts align with runtime option expansions in src/Options/index.js and implementation usage in src/RestWrite.js.

Suggested reviewers

  • mtrezza

Pre-merge checks and finishing touches

โœ… Passed checks (5 passed)
Check name Status Explanation
Title check โœ… Passed The title accurately describes the main feature added: event information (createdWith) is now passed to verifyUserEmails invocations.
Description check โœ… Passed The PR description includes the required sections from the template: Issue link, Tasks checklist, and security/license acknowledgments.
Linked Issues check โœ… Passed All coding requirements from issue #9505 are met: createdWith parameter added with action and authProvider fields to verifyUserEmails invocations, supporting conditional verification logic.
Out of Scope Changes check โœ… Passed All changes are directly aligned with issue #9505 objectives. Updates to preventLoginWithUnverifiedEmail, new preventSignupWithUnverifiedEmail option, and token lifecycle options extend the email verification feature scope appropriately.
Docstring Coverage โœ… Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
โœจ Finishing touches
  • [ ] ๐Ÿ“ Generate docstrings
๐Ÿงช Generate unit tests (beta)
  • [ ] Create PR with unit tests
  • [ ] Post copyable unit tests in a comment

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

โค๏ธ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot] avatar Dec 06 '25 19:12 coderabbitai[bot]

:white_check_mark: Snyk checks have passed. No issues have been found so far.

Status Scanner Critical High Medium Low Total (0)
:white_check_mark: Open Source Security 0 0 0 0 0 issues

:computer: Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

parseplatformorg avatar Dec 06 '25 19:12 parseplatformorg

Codecov Report

:white_check_mark: All modified and coverable lines are covered by tests. :white_check_mark: Project coverage is 92.57%. Comparing base (e78e58d) to head (cfe22b3).

Additional details and impacted files 
@@           Coverage Diff           @@
##            alpha    #9963   +/-   ##
=======================================
  Coverage   92.56%   92.57%           
=======================================
  Files         191      191           
  Lines       15544    15557   +13     
  Branches      177      177           
=======================================
+ Hits        14389    14402   +13     
  Misses       1143     1143           
  Partials       12       12

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

:rocket: New features to boost your workflow:
  • :snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • :package: JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

codecov[bot] avatar Dec 06 '25 19:12 codecov[bot]

@coratgerl let's just consider the insights already gained in existing PRs. What't the diff between your PR and https://github.com/parse-community/parse-server/pull/9651?

mtrezza avatar Dec 07 '25 13:12 mtrezza

@mtrezza

Key Improvements:

  • Full createdWith { action, authProvider } coverage: signup, login, email-update verification, and resend flows.
  • Normalizes authProvider from authData (defaults to 'password'), ensuring hooks always receive a valid provider.
  • Eliminates undefined provider risks and enforces request consistency.

Testing:

  • Adds tests for signup/login with createdWith, resend/verification args, and conditional flows.
  • Fixes anonymous/login expectations.

Bonus:

  • Updates Options/index.js with typed interfaces for object params.

coratgerl avatar Dec 07 '25 15:12 coratgerl