feat: Add event information to verifyUserEmails, preventLoginWithUnverifiedEmail to identify invoking signup / login action and auth provider

resources/buildConfigDefinitions.js

@@ -158,6 +158,11 @@ function mapperFor(elt, t) {
     return wrap(t.identifier('booleanParser'));
   } else if (t.isObjectTypeAnnotation(elt)) {
     return wrap(t.identifier('objectParser'));
+  } else if (t.isUnionTypeAnnotation(elt)) {
+    const unionTypes = elt.typeAnnotation?.types || elt.types;
+    if (unionTypes?.some(type => t.isBooleanTypeAnnotation(type))) {
+      return wrap(t.identifier('booleanOrFunctionParser'));
+    }
   } else if (t.isGenericTypeAnnotation(elt)) {
     const type = elt.typeAnnotation.id.name;
     if (type == 'Adapter') {

spec/EmailVerificationToken.spec.js

@@ -288,7 +288,15 @@ describe('Email Verification Token Expiration:', () => {
     };
     const verifyUserEmails = {
       method(req) {
-        expect(Object.keys(req)).toEqual(['original', 'object', 'master', 'ip', 'installationId']);
+        expect(Object.keys(req)).toEqual([
+          'original',
+          'object',
+          'master',
+          'ip',
+          'installationId',
+          'createdWith',
+        ]);
+        expect(req.createdWith).toEqual({ action: 'signup', authProvider: 'password' });
         return false;
       },
     };
@@ -349,7 +357,15 @@ describe('Email Verification Token Expiration:', () => {
     };
     const verifyUserEmails = {
       method(req) {
-        expect(Object.keys(req)).toEqual(['original', 'object', 'master', 'ip', 'installationId']);
+        expect(Object.keys(req)).toEqual([
+          'original',
+          'object',
+          'master',
+          'ip',
+          'installationId',
+          'createdWith',
+        ]);
+        expect(req.createdWith).toEqual({ action: 'signup', authProvider: 'password' });
         if (req.object.get('username') === 'no_email') {
           return false;
         }
@@ -384,6 +400,144 @@ describe('Email Verification Token Expiration:', () => {
     expect(verifySpy).toHaveBeenCalledTimes(5);
   });
 
+  it('provides createdWith on signup when verification blocks session creation', async () => {
+    const verifyUserEmails = {
+      method: params => {
+        expect(params.object).toBeInstanceOf(Parse.User);
+        expect(params.createdWith).toEqual({ action: 'signup', authProvider: 'password' });
+        return true;
+      },
+    };
+    const verifySpy = spyOn(verifyUserEmails, 'method').and.callThrough();
+    await reconfigureServer({
+      appName: 'emailVerifyToken',
+      verifyUserEmails: verifyUserEmails.method,
+      preventLoginWithUnverifiedEmail: true,
+      preventSignupWithUnverifiedEmail: true,
+      emailAdapter: MockEmailAdapterWithOptions({
+        fromAddress: 'parse@example.com',
+        apiKey: 'k',
+        domain: 'd',
+      }),
+      publicServerURL: 'http://localhost:8378/1',
+    });
+
+    const user = new Parse.User();
+    user.setUsername('signup_created_with');
+    user.setPassword('pass');
+    user.setEmail('signup@example.com');
+    const res = await user.signUp().catch(e => e);
+    expect(res.message).toBe('User email is not verified.');
+    expect(user.getSessionToken()).toBeUndefined();
+    expect(verifySpy).toHaveBeenCalledTimes(2); // before signup completion and on preventLoginWithUnverifiedEmail
+  });
+
+  it('provides createdWith with auth provider on login verification', async () => {
+    const user = new Parse.User();
+    user.setUsername('user_created_with_login');
+    user.setPassword('pass');
+    user.set('email', 'login@example.com');
+    await user.signUp();
+
+    const verifyUserEmails = {
+      method: async params => {
+        expect(params.object).toBeInstanceOf(Parse.User);
+        expect(params.createdWith).toEqual({ action: 'login', authProvider: 'password' });
+        return true;
+      },
+    };
+    const verifyUserEmailsSpy = spyOn(verifyUserEmails, 'method').and.callThrough();
+    await reconfigureServer({
+      appName: 'emailVerifyToken',
+      publicServerURL: 'http://localhost:8378/1',
+      verifyUserEmails: verifyUserEmails.method,
+      preventLoginWithUnverifiedEmail: verifyUserEmails.method,
+      preventSignupWithUnverifiedEmail: true,
+      emailAdapter: MockEmailAdapterWithOptions({
+        fromAddress: 'parse@example.com',
+        apiKey: 'k',
+        domain: 'd',
+      }),
+    });
+
+    const res = await Parse.User.logIn('user_created_with_login', 'pass').catch(e => e);
+    expect(res.code).toBe(205);
+    expect(verifyUserEmailsSpy).toHaveBeenCalledTimes(2); // before login completion and on preventLoginWithUnverifiedEmail
+  });
+
+  it('provides createdWith with auth provider on signup verification', async () => {
+    const createdWithValues = [];
+    const verifyUserEmails = {
+      method: params => {
+        createdWithValues.push(params.createdWith);
+        return true;
+      },
+    };
+    const verifySpy = spyOn(verifyUserEmails, 'method').and.callThrough();
+    await reconfigureServer({
+      appName: 'emailVerifyToken',
+      verifyUserEmails: verifyUserEmails.method,
+      preventLoginWithUnverifiedEmail: true,
+      preventSignupWithUnverifiedEmail: true,
+      emailAdapter: MockEmailAdapterWithOptions({
+        fromAddress: 'parse@example.com',
+        apiKey: 'k',
+        domain: 'd',
+      }),
+      publicServerURL: 'http://localhost:8378/1',
+    });
+
+    const provider = {
+      authData: { id: '8675309', access_token: 'jenny' },
+      shouldError: false,
+      authenticate(options) {
+        options.success(this, this.authData);
+      },
+      restoreAuthentication() {
+        return true;
+      },
+      getAuthType() {
+        return 'facebook';
+      },
+      deauthenticate() {},
+    };
+    Parse.User._registerAuthenticationProvider(provider);
+    const res = await Parse.User._logInWith('facebook').catch(e => e);
+    expect(res.message).toBe('User email is not verified.');
+    // Called once in createSessionTokenIfNeeded (no email set, so _validateEmail skips)
+    expect(verifySpy).toHaveBeenCalledTimes(1);
+    expect(createdWithValues[0]).toEqual({ action: 'signup', authProvider: 'facebook' });
+  });
+
+  it('provides createdWith for preventLoginWithUnverifiedEmail function', async () => {
+    const user = new Parse.User();
+    user.setUsername('user_prevent_login_fn');
+    user.setPassword('pass');
+    user.set('email', 'preventlogin@example.com');
+    await user.signUp();
+
+    const preventLoginCreatedWith = [];
+    await reconfigureServer({
+      appName: 'emailVerifyToken',
+      publicServerURL: 'http://localhost:8378/1',
+      verifyUserEmails: true,
+      preventLoginWithUnverifiedEmail: params => {
+        preventLoginCreatedWith.push(params.createdWith);
+        return true;
+      },
+      emailAdapter: MockEmailAdapterWithOptions({
+        fromAddress: 'parse@example.com',
+        apiKey: 'k',
+        domain: 'd',
+      }),
+    });
+
+    const res = await Parse.User.logIn('user_prevent_login_fn', 'pass').catch(e => e);
+    expect(res.code).toBe(205);
+    expect(preventLoginCreatedWith.length).toBe(1);
+    expect(preventLoginCreatedWith[0]).toEqual({ action: 'login', authProvider: 'password' });
+  });
+
   it_id('d812de87-33d1-495e-a6e8-3485f6dc3589')(it)('can conditionally send user email verification', async () => {
     const emailAdapter = {
       sendVerificationEmail: () => {},
@@ -779,6 +933,7 @@ describe('Email Verification Token Expiration:', () => {
         expect(params.master).toBeDefined();
         expect(params.installationId).toBeDefined();
         expect(params.resendRequest).toBeTrue();
+        expect(params.createdWith).toBeUndefined();
         return true;
       },
     };

spec/ValidationAndPasswordsReset.spec.js

@@ -284,6 +284,7 @@ describe('Custom Pages, Email Verification, Password Reset', () => {
         expect(params.ip).toBeDefined();
         expect(params.master).toBeDefined();
         expect(params.installationId).toBeDefined();
+        expect(params.createdWith).toEqual({ action: 'login', authProvider: 'password' });
         return true;
       },
     };

spec/buildConfigDefinitions.spec.js

@@ -133,6 +133,56 @@ describe('buildConfigDefinitions', () => {
       expect(result.property.name).toBe('arrayParser');
     });
 
+    it('should return booleanOrFunctionParser for UnionTypeAnnotation containing boolean (nullable)', () => {
+      const mockElement = {
+        type: 'UnionTypeAnnotation',
+        typeAnnotation: {
+          types: [
+            { type: 'BooleanTypeAnnotation' },
+            { type: 'FunctionTypeAnnotation' },
+          ],
+        },
+      };
+
+      const result = mapperFor(mockElement, t);
+
+      expect(t.isMemberExpression(result)).toBe(true);
+      expect(result.object.name).toBe('parsers');
+      expect(result.property.name).toBe('booleanOrFunctionParser');
+    });
+
+    it('should return booleanOrFunctionParser for UnionTypeAnnotation containing boolean (non-nullable)', () => {
+      const mockElement = {
+        type: 'UnionTypeAnnotation',
+        types: [
+          { type: 'BooleanTypeAnnotation' },
+          { type: 'FunctionTypeAnnotation' },
+        ],
+      };
+
+      const result = mapperFor(mockElement, t);
+
+      expect(t.isMemberExpression(result)).toBe(true);
+      expect(result.object.name).toBe('parsers');
+      expect(result.property.name).toBe('booleanOrFunctionParser');
+    });
+
+    it('should return undefined for UnionTypeAnnotation without boolean', () => {
+      const mockElement = {
+        type: 'UnionTypeAnnotation',
+        typeAnnotation: {
+          types: [
+            { type: 'StringTypeAnnotation' },
+            { type: 'NumberTypeAnnotation' },
+          ],
+        },
+      };
+
+      const result = mapperFor(mockElement, t);
+
+      expect(result).toBeUndefined();
+    });
+
     it('should return objectParser for unknown GenericTypeAnnotation', () => {
       const mockElement = {
         type: 'GenericTypeAnnotation',

spec/parsers.spec.js

@@ -3,6 +3,7 @@ const {
   numberOrBoolParser,
   numberOrStringParser,
   booleanParser,
+  booleanOrFunctionParser,
   objectParser,
   arrayParser,
   moduleOrObjectParser,
@@ -48,6 +49,23 @@ describe('parsers', () => {
     expect(parser(2)).toEqual(false);
   });
 
+  it('parses correctly with booleanOrFunctionParser', () => {
+    const parser = booleanOrFunctionParser;
+    // Preserves functions
+    const fn = () => true;
+    expect(parser(fn)).toBe(fn);
+    const asyncFn = async () => false;
+    expect(parser(asyncFn)).toBe(asyncFn);
+    // Parses booleans and string booleans like booleanParser
+    expect(parser(true)).toEqual(true);
+    expect(parser(false)).toEqual(false);
+    expect(parser('true')).toEqual(true);
+    expect(parser('false')).toEqual(false);
+    expect(parser('1')).toEqual(true);
+    expect(parser(1)).toEqual(true);
+    expect(parser(0)).toEqual(false);
+  });
+
   it('parses correctly with objectParser', () => {
     const parser = objectParser;
     expect(parser({ hello: 'world' })).toEqual({ hello: 'world' });

src/Options/Definitions.js

@@ -473,8 +473,8 @@ module.exports.ParseServerOptions = {
   preventLoginWithUnverifiedEmail: {
     env: 'PARSE_SERVER_PREVENT_LOGIN_WITH_UNVERIFIED_EMAIL',
     help:
-      'Set to `true` to prevent a user from logging in if the email has not yet been verified and email verification is required.<br><br>Default is `false`.<br>Requires option `verifyUserEmails: true`.',
-    action: parsers.booleanParser,
+      'Set to `true` to prevent a user from logging in if the email has not yet been verified and email verification is required. Supports a function with a return value of `true` or `false` for conditional prevention. The function receives a request object that includes `createdWith` to indicate whether the invocation is for `signup` or `login` and the used auth provider.<br><br>Default is `false`.<br>Requires option `verifyUserEmails: true`.',
+    action: parsers.booleanOrFunctionParser,
     default: false,
   },
   preventSignupWithUnverifiedEmail: {
@@ -574,6 +574,7 @@ module.exports.ParseServerOptions = {
     env: 'PARSE_SERVER_SEND_USER_EMAIL_VERIFICATION',
     help:
       'Set to `false` to prevent sending of verification email. Supports a function with a return value of `true` or `false` for conditional email sending.<br><br>Default is `true`.<br>',
+    action: parsers.booleanOrFunctionParser,
     default: true,
   },
   serverCloseComplete: {
@@ -630,7 +631,8 @@ module.exports.ParseServerOptions = {
   verifyUserEmails: {
     env: 'PARSE_SERVER_VERIFY_USER_EMAILS',
     help:
-      'Set to `true` to require users to verify their email address to complete the sign-up process. Supports a function with a return value of `true` or `false` for conditional verification.<br><br>Default is `false`.',
+      'Set to `true` to require users to verify their email address to complete the sign-up process. Supports a function with a return value of `true` or `false` for conditional verification. The function receives a request object that includes `createdWith` to indicate whether the invocation is for `signup` or `login` and the used auth provider. The `createdWith` property is `undefined` for resend verification email requests; use the `resendRequest` property to identify those.<br><br>Default is `false`.',
+    action: parsers.booleanOrFunctionParser,
     default: false,
   },
   webhookKey: {

src/Options/index.js

@@ -43,6 +43,18 @@ type RequestKeywordDenylist = {
   key: string | any,
   value: any,
 };
+type EmailVerificationRequest = {
+  original?: any,
+  object: any,
+  master?: boolean,
+  ip?: string,
+  installationId?: string,
+  createdWith?: {
+    action: 'login' | 'signup',
+    authProvider: string,
+  },
+  resendRequest?: boolean,
+};
 
 export interface ParseServerOptions {
   /* Your Parse Application ID
@@ -174,18 +186,21 @@ export interface ParseServerOptions {
   /* Max file size for uploads, defaults to 20mb
   :DEFAULT: 20mb */
   maxUploadSize: ?string;
-  /* Set to `true` to require users to verify their email address to complete the sign-up process. Supports a function with a return value of `true` or `false` for conditional verification.
+  /* Set to `true` to require users to verify their email address to complete the sign-up process. Supports a function with a return value of `true` or `false` for conditional verification. The function receives a request object that includes `createdWith` to indicate whether the invocation is for `signup` or `login` and the used auth provider. The `createdWith` property is `undefined` for resend verification email requests; use the `resendRequest` property to identify those.
   <br><br>
   Default is `false`.
   :DEFAULT: false */
-  verifyUserEmails: ?(boolean | void);
-  /* Set to `true` to prevent a user from logging in if the email has not yet been verified and email verification is required.
+  verifyUserEmails: ?(boolean | (EmailVerificationRequest => boolean | Promise<boolean>));
+  /* Set to `true` to prevent a user from logging in if the email has not yet been verified and email verification is required. Supports a function with a return value of `true` or `false` for conditional prevention. The function receives a request object that includes `createdWith` to indicate whether the invocation is for `signup` or `login` and the used auth provider.
   <br><br>
   Default is `false`.
   <br>
   Requires option `verifyUserEmails: true`.
   :DEFAULT: false */
-  preventLoginWithUnverifiedEmail: ?boolean;
+  preventLoginWithUnverifiedEmail: ?(
+    | boolean
+    | (EmailVerificationRequest => boolean | Promise<boolean>)
+  );
   /* If set to `true` it prevents a user from signing up if the email has not yet been verified and email verification is required. In that case the server responds to the sign-up with HTTP status 400 and a Parse Error 205 `EMAIL_NOT_FOUND`. If set to `false` the server responds with HTTP status 200, and client SDKs return an unauthenticated Parse User without session token. In that case subsequent requests fail until the user's email address is verified.
   <br><br>
   Default is `false`.