Actually, let's put the tokens in services.email.verificationTokens.

2026-05-02 03:01:46 -04:00 · 2012-10-15 12:18:24 -07:00
parent 28ebec8b0f
commit 072e117122
2 changed files with 12 additions and 9 deletions
--- a/packages/accounts-password/email_tests.js
+++ b/packages/accounts-password/email_tests.js
@@ -107,8 +107,8 @@
      test.equal(Meteor.user().emails.length, 1);
      test.equal(Meteor.user().emails[0].address, email2);
      test.isFalse(Meteor.user().emails[0].verified);
-      // We should NOT be publishing verification tokens!
-      test.isFalse(_.has(Meteor.user(), 'emailVerificationTokens'));
+      // We should NOT be publishing things like verification tokens!
+      test.isFalse(_.has(Meteor.user(), 'services'));
    },
    function (test, expect) {
      getVerifyEmailToken(email2, test, expect);
--- a/packages/accounts-password/passwords_server.js
+++ b/packages/accounts-password/passwords_server.js
@@ -138,13 +138,15 @@
      if (!token)
        throw new Meteor.Error(400, "Need to pass token");

-      var user = Meteor.users.findOne({'emailVerificationTokens.token': token});
+      var user = Meteor.users.findOne(
+        {'services.email.verificationTokens.token': token});
      if (!user)
        throw new Meteor.Error(403, "Verify email link expired");

-      var tokenRecord = _.find(user.emailVerificationTokens, function (t) {
-        return t.token == token;
-      });
+      var tokenRecord = _.find(user.services.email.verificationTokens,
+                               function (t) {
+                                 return t.token == token;
+                               });
      if (!tokenRecord)
        throw new Meteor.Error(403, "Verify email link expired");

@@ -166,7 +168,7 @@
        {_id: user._id,
         'emails.address': tokenRecord.address},
        {$set: {'emails.$.verified': true},
-         $pull: {emailVerificationTokens: {token: token}},
+         $pull: {'services.email.verificationTokens': {token: token}},
         $push: {'services.resume.loginTokens': stampedLoginToken}});

      this.setUserId(user._id);
@@ -234,8 +236,9 @@
      token: Meteor.uuid(),
      address: address,
      when: +(new Date)};
-    Meteor.users.update({_id: userId},
-                        {$push: {emailVerificationTokens: tokenRecord}});
+    Meteor.users.update(
+      {_id: userId},
+      {$push: {'services.email.verificationTokens': tokenRecord}});

    var verifyEmailUrl = Accounts.urls.verifyEmail(tokenRecord.token);
    Email.send({