Fix the json arguments of SyncUser.requestEmailConfirmation #5953
Conversation
|
There's a test for this which passes. Is the test wrong, or is this just updating things to work with a newer ROS version that broke existing clients? If it's the latter, the changelog needs to mention that version. |
Realm/RLMSyncUser.mm
Outdated
| @@ -371,8 +371,7 @@ + (void)requestEmailConfirmationForAuthServer:(NSURL *)serverURL | |||
| userEmail:(NSString *)email | |||
| completion:(RLMPasswordChangeStatusBlock)completion { | |||
| [RLMSyncUpdateAccountEndpoint sendRequestToServer:serverURL | |||
| JSON:@{@"data": @{@"provider_id": email, | |||
| @"action": @"request_email_confirmation"}} | |||
| JSON:@{@"provider_id": email, @"data": @{ @"action": @"request_email_confirmation"}} | |||
|
The ROS API has never changed, so there must be something wrong with the test. Unfortunately, I'm completely unfamiliar with the test setup in Cocoa, so it's very hard for me to understand what the test does - essentially, calling this API should generate a token and send it as an email at the ROS level - it's not clear to me if the Cocoa test framework has made any modifications to the ROS codebase to allow intercepting this token and passing it back to the test framework. |
|
The test server script passes ROS a custom email handler which just write the token to a file. The test calls |
|
Ah... I think I know what' happening! ROS automatically "sends" an email confirmation email when the user registers, so I believe this is what the test is seeing and mistakenly believes that this was generated due to calling that method, when in reality it was there all along. I can modify the test slightly to assert that a token was generated immediately after logging the user in, then that a different one is generated after calling that method. |
|
@tgoyne I confirmed that this is the case. I also confirmed that the modified test fails without this fix - it fails on this line: https://github.com/realm/realm-cocoa/pull/5953/files#diff-c64398ac8b77c37143815b54e83e9427R497, because calling |
|
The failing tests seem to be unrelated to the changes in this PR, so I'll go ahead and merge it 🤞 |
The
provider_idshould have been outside thedataargument, which had caused ROS to silently ignore the request (as it was trying too hard to ensure that an attacker cannot figure out if an email is registered with the server).Fixes https://github.com/realm/realm-object-server-private/issues/1283.