🛡️ refactor: enhance email verification process (#5485)

2025-12-18 01:10:14 +01:00 · 2025-01-27 02:57:03 +01:00 · 2025-01-27 02:57:03 +01:00 · e7de9c1576
commit e7de9c1576
parent 12a9a07eb0
2 changed files with 36 additions and 29 deletions
--- a/api/server/services/AuthService.js
+++ b/api/server/services/AuthService.js
@ -108,31 +108,46 @@ const sendVerificationEmail = async (user) => {
 */
 const verifyEmail = async (req) => {
  const { email, token } = req.body;
-  let emailVerificationData = await findToken({ email: decodeURIComponent(email) });
+  const decodedEmail = decodeURIComponent(email);
+
+  const user = await findUser({ email: decodedEmail }, 'email _id emailVerified');
+
+  if (!user) {
+    logger.warn(`[verifyEmail] [User not found] [Email: ${decodedEmail}]`);
+    return new Error('User not found');
+  }
+
+  if (user.emailVerified) {
+    logger.info(`[verifyEmail] Email already verified [Email: ${decodedEmail}]`);
+    return { message: 'Email already verified', status: 'success' };
+  }
+
+  let emailVerificationData = await findToken({ email: decodedEmail });

  if (!emailVerificationData) {
-    logger.warn(`[verifyEmail] [No email verification data found] [Email: ${email}]`);
+    logger.warn(`[verifyEmail] [No email verification data found] [Email: ${decodedEmail}]`);
    return new Error('Invalid or expired password reset token');
  }

  const isValid = bcrypt.compareSync(token, emailVerificationData.token);

  if (!isValid) {
-    logger.warn(`[verifyEmail] [Invalid or expired email verification token] [Email: ${email}]`);
+    logger.warn(
+      `[verifyEmail] [Invalid or expired email verification token] [Email: ${decodedEmail}]`,
+    );
    return new Error('Invalid or expired email verification token');
  }

  const updatedUser = await updateUser(emailVerificationData.userId, { emailVerified: true });
  if (!updatedUser) {
-    logger.warn(`[verifyEmail] [User not found] [Email: ${email}]`);
-    return new Error('User not found');
+    logger.warn(`[verifyEmail] [User update failed] [Email: ${decodedEmail}]`);
+    return new Error('Failed to update user verification status');
  }

  await deleteTokens({ token: emailVerificationData.token });
-  logger.info(`[verifyEmail] Email verification successful. [Email: ${email}]`);
-  return { message: 'Email verification was successful' };
+  logger.info(`[verifyEmail] Email verification successful [Email: ${decodedEmail}]`);
+  return { message: 'Email verification was successful', status: 'success' };
 };
-
 /**
 * Register a new user.
 * @param {MongoUser} user <email, password, name, username>
--- a/client/src/components/Auth/VerifyEmail.tsx
+++ b/client/src/components/Auth/VerifyEmail.tsx
@ -14,7 +14,6 @@ function RequestPasswordReset() {
  const [headerText, setHeaderText] = useState<string>('');
  const [showResendLink, setShowResendLink] = useState<boolean>(false);
  const [verificationStatus, setVerificationStatus] = useState<boolean>(false);
-
  const token = useMemo(() => params.get('token') || '', [params]);
  const email = useMemo(() => params.get('email') || '', [params]);

@ -26,9 +25,8 @@ function RequestPasswordReset() {
          clearInterval(timer);
          navigate('/c/new', { replace: true });
          return 0;
-        } else {
-          return prevCountdown - 1;
        }
+        return prevCountdown - 1;
      });
    }, 1000);
  }, [navigate]);
@ -39,11 +37,10 @@ function RequestPasswordReset() {
      setVerificationStatus(true);
      countdownRedirect();
    },
-    onError: () => {
+    onError: (error: unknown) => {
+      setHeaderText(localize('com_auth_email_verification_failed') + ' 😢');
      setShowResendLink(true);
      setVerificationStatus(true);
-      setHeaderText(localize('com_auth_email_verification_failed') + ' 😢');
-      setCountdown(0);
    },
  });

@ -54,7 +51,6 @@ function RequestPasswordReset() {
    },
    onError: () => {
      setHeaderText(localize('com_auth_email_resent_failed') + ' 😢');
-      countdownRedirect();
    },
    onMutate: () => setShowResendLink(false),
  });
@ -64,26 +60,22 @@ function RequestPasswordReset() {
  };

  useEffect(() => {
-    if (verifyEmailMutation.isLoading || verificationStatus) {
+    if (verificationStatus || verifyEmailMutation.isLoading) {
      return;
    }

    if (token && email) {
-      verifyEmailMutation.mutate({
-        email,
-        token,
-      });
-      return;
-    } else if (email) {
+      verifyEmailMutation.mutate({ email, token });
+    } else {
+      if (email) {
        setHeaderText(localize('com_auth_email_verification_failed_token_missing') + ' 😢');
      } else {
        setHeaderText(localize('com_auth_email_verification_invalid') + ' 🤨');
      }
-
      setShowResendLink(true);
      setVerificationStatus(true);
-    setCountdown(0);
-  }, [localize, token, email, verificationStatus, verifyEmailMutation]);
+    }
+  }, [token, email, verificationStatus, verifyEmailMutation]);

  const VerificationSuccess = () => (
    <div className="flex flex-col items-center justify-center">