Email Verification /verifyemail route

[jmanlapid]

Hi all,

I have this route sitting in my index.js file handling email verification links like such http://example.com/verifyemail?userId=xxxx&email=xxxx&username=xxxx. The route fires, however when I try to call a cloud function it say its unauthorized. I also tried have the user query right there in the route scope but no luck.

// returns the error message
{"message":"unauthorized"}

app.get('/verifyemail', function(req, res) {
  Parse.initialize('testappid', 'testjavascriptkey','testmasterkey');
  var query = require('url').parse(req.url,true).query;
  var userId = query.userId;
  var username = query.username;
  var email = query.email
  console.log(userId, username, email);
  Parse.Cloud.run('hello', {}).then(function(res) {
    console.log(res);
  }, function(err) {
    console.error(JSON.stringify(err));
  });
  //res.status(200).send('i verified you, you goon!');
});

[gfosco]

You shouldn't need to re-initialize Parse (or re-define it) as we've mutated the global Parse object during initialization of the ParseServer instance. Can you try removing that? If you have overwritten the Parse object, it can also be fixed by changing the serverURL to point to your server, Parse.serverURL = 'https://.....';

[jmanlapid]

Thanks for the feedback @gfosco.

I have removed that line but still getting the error unauthorized message. To clarify, the link I am sending to the user's email after the signup does not have any keys in it (javascript/master key). Its strictly just http://example.com/verifyemail?userId=xxxx&email=xxxx&username=xxxx. I also tried making a direct Parse query instead of calling a Parse Cloud function.

//verify email
app.get('/verifyemail', function(req, res) {
  var query = require('url').parse(req.url,true).query;
  var userId = query.userId;
  var username = query.username;
  var email = query.email
  console.log(userId, username, email);
  new Parse.Query(Parse.User)
  .get('objectId', userId).then(function(res) {
    res.status(200).send(res.toJSON());
  }, function(err) {
    res.status(200).send(JSON.stringify(err));
  });
});

[nlutsenko]

It actually depends on when you are mounting your endpoint - if it happens after middleware that checks the authentication on keys - it will check for key authentication on every endpoint.
Mounting this route anywhere before this line https://github.com/ParsePlatform/parse-server/blob/master/src/index.js#L131 should let you handle this route without any validation on keys.

[gfosco]

Closing this since it has been a while... If you're still having an issue with 2.1.3+, please open a new issue with more details. Thanks.