Automatically verify the account when the user successfully changed the password

[jidesoft]

New Feature / Enhancement Checklist

• I am not disclosing a vulnerability.
• I am not just asking a question.
• I have searched through existing issues.

Current Limitation

If an account is unverified, it remains unverified after the user changed the password.

Feature / Enhancement Description

I suggest the account to be updated to verified when the user clicks on the forgot password link he/she received in email. The purpose of the verification is to make sure the email address is correct. If one can receive the forgot password email, the email address must be correct.

Example Use Case

Alternatives / Workarounds

3rd Party References

[parse-github-assistant]

Thanks for opening this issue!

• 🎉 We are excited about your ideas for improvement!

[mtrezza]

Interesting thought. I think we would have to evaluate whether both processes have the same security measures, like token complexity, token expiry, etc. Otherwise the lower security process may compromise the higher one.

[jidesoft]

Thanks for the consideration. Let me know if you guys are willing to do it. This scenario had happened many times in my parse deployment. In the meantime, if you can suggest a way for me to do it myself using the cloud code, that'll be great.

[mtrezza]

Not really sure what a workaround could look like, as I don't think there is a trigger for password reset that would allow you to also set the email verified field. I suggest you ask in the forum or chat.

As for the change, it should be optional behavior that defaults to status quo, so it would require a new Parse Server option.