From 53eedb8a56b8cb5c0481b0543a3fa19c4ee5238d Mon Sep 17 00:00:00 2001
From: Ben Adida <ben@adida.net>
Date: Fri, 23 Sep 2011 08:12:36 -0700
Subject: [PATCH] added db api for fetching email associated with token
---
browserid/lib/db.js | 2 +-
browserid/lib/db_json.js | 6 ++++--
browserid/lib/db_mysql.js | 6 +++---
browserid/lib/wsapi.js | 12 ++++++------
browserid/tests/db-test.js | 8 ++++++++
5 files changed, 22 insertions(+), 12 deletions(-)
diff --git a/browserid/lib/db.js b/browserid/lib/db.js
index 891e50e06..6fb423216 100644
--- a/browserid/lib/db.js
+++ b/browserid/lib/db.js
@@ -99,7 +99,7 @@ exports.onReady = function(f) {
'stageUser',
'stageEmail',
'gotVerificationSecret',
- 'haveVerificationSecret',
+ 'emailForVerificationSecret',
'checkAuth',
'listEmails',
'removeEmail',
diff --git a/browserid/lib/db_json.js b/browserid/lib/db_json.js
index 3bfa8991b..781525735 100644
--- a/browserid/lib/db_json.js
+++ b/browserid/lib/db_json.js
@@ -177,8 +177,10 @@ exports.stageEmail = function(existing_email, new_email, cb) {
};
-exports.haveVerificationSecret = function(secret, cb) {
- setTimeout(function() { cb(staged.hasOwnProperty(secret)); }, 0);
+exports.emailForVerificationSecret = function(secret, cb) {
+ setTimeout(function() {
+ cb(staged[secret]? staged[secret].email:undefined);
+ }, 0);
};
exports.gotVerificationSecret = function(secret, hash, cb) {
diff --git a/browserid/lib/db_mysql.js b/browserid/lib/db_mysql.js
index 3700a7f4d..25f53ce3b 100644
--- a/browserid/lib/db_mysql.js
+++ b/browserid/lib/db_mysql.js
@@ -197,12 +197,12 @@ exports.stageUser = function(email, cb) {
});
}
-exports.haveVerificationSecret = function(secret, cb) {
+exports.emailForVerificationSecret = function(secret, cb) {
client.query(
- "SELECT COUNT(*) as N FROM staged WHERE secret = ?", [ secret ],
+ "SELECT email FROM staged WHERE secret = ?", [ secret ],
function(err, rows) {
if (err) logUnexpectedError(err);
- cb(rows && rows.length > 0 && rows[0].N > 0);
+ cb((rows && rows.length > 0) ? rows[0].email : undefined);
});
};
diff --git a/browserid/lib/wsapi.js b/browserid/lib/wsapi.js
index e27abae91..6d964f060 100644
--- a/browserid/lib/wsapi.js
+++ b/browserid/lib/wsapi.js
@@ -176,8 +176,8 @@ function setup(app) {
// if the secret is still in the database, it hasn't yet been verified and
// verification is still pending
- db.haveVerificationSecret(req.session.pendingCreation, function (haveSecret) {
- if (haveSecret) return resp.json('pending');
+ db.emailForVerificationSecret(req.session.pendingCreation, function (email) {
+ if (email) return resp.json('pending');
// if the secret isn't known, and we're not authenticated, then the user must authenticate
// (maybe they verified the URL on a different browser, or maybe they canceled the account
// creation)
@@ -202,8 +202,8 @@ function setup(app) {
// We should check to see if the verification secret is valid *before*
// bcrypting the password (which is expensive), to prevent a possible
// DoS attack.
- db.haveVerificationSecret(req.body.token, function(valid) {
- if (!valid) return resp.json(false);
+ db.emailForVerificationSecret(req.body.token, function(email) {
+ if (!email) return resp.json(false);
// now bcrypt the password
bcrypt.gen_salt(10, function (err, salt) {
@@ -282,8 +282,8 @@ function setup(app) {
} else if (!req.session.pendingAddition) {
resp.json('failed');
} else {
- db.haveVerificationSecret(req.session.pendingAddition, function (haveSecret) {
- if (haveSecret) {
+ db.emailForVerificationSecret(req.session.pendingAddition, function (email) {
+ if (email) {
return resp.json('pending');
} else {
delete req.session.pendingAddition;
diff --git a/browserid/tests/db-test.js b/browserid/tests/db-test.js
index 558bc0f90..c4c1136bf 100755
--- a/browserid/tests/db-test.js
+++ b/browserid/tests/db-test.js
@@ -105,6 +105,14 @@ suite.addBatch({
secret = r;
assert.isString(secret);
assert.strictEqual(secret.length, 48);
+ },
+ "fetch email for given secret": {
+ topic: function(secret) {
+ db.emailForVerificationSecret(secret, this.callback);
+ },
+ "matches expected email": function(storedEmail) {
+ assert.strictEqual('lloyd@nowhe.re', storedEmail);
+ }
}
}
});
--
GitLab