From 1a43a06e565d9c125de349575c9132a32aa6c5e3 Mon Sep 17 00:00:00 2001
From: Lloyd Hilaiel <lloyd@hilaiel.com>
Date: Wed, 17 Aug 2011 15:56:25 +0300
Subject: [PATCH] fix forgotten email flow: remove stale email records upon
 re-verification.  closes #170

---
 browserid/lib/db_mysql.js | 24 +++++++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

diff --git a/browserid/lib/db_mysql.js b/browserid/lib/db_mysql.js
index eeef31847..45b87ef1f 100644
--- a/browserid/lib/db_mysql.js
+++ b/browserid/lib/db_mysql.js
@@ -210,12 +210,30 @@ exports.gotVerificationSecret = function(secret, cb) {
         var o = rows[0];
 
         function addEmailAndPubkey(userID) {
+          // issue #170 - delete any old records with the same
+          // email address.  this is necessary because
+          // gotVerificationSecret is invoked both for 
+          // forgotten password flows and for new user signups.
+          // We could add an `ON DUPLICATE KEY` clause, however
+          // We actually want to invalidate all old public keys.
+          //
+          // XXX: periodic database cleanup should remove old expired
+          // keys, but this is moot once we move to certs as the
+          // server won't know about old keys 
           client.query(
-            "INSERT INTO email(user, address) VALUES(?, ?)",
-            [ userID, o.email ],
+            "DELETE FROM email WHERE address = ?",
+            [ o.email ],
             function(err, info) {
               if (err) { logUnexpectedError(err); cb(err); return; }
-              addKeyToEmailRecord(info.insertId, o.pubkey, cb);
+              else {
+                client.query(
+                  "INSERT INTO email(user, address) VALUES(?, ?)",
+                  [ userID, o.email ],
+                  function(err, info) {
+                    if (err) { logUnexpectedError(err); cb(err); return; }
+                    addKeyToEmailRecord(info.insertId, o.pubkey, cb);
+                  });
+              }
             });
         }
 
-- 
GitLab