From 9be7feab04050cf32c124866a4e93fd5d9ef10f4 Mon Sep 17 00:00:00 2001
From: Tankred Hase <mail@tankredhase.de>
Date: Fri, 10 Jun 2016 13:17:28 +0200
Subject: [PATCH] Fix bug where keyId was undefined in verifyRemove link

---
 src/email/email.js                  |  4 ++--
 src/service/public-key.js           | 13 +++++++------
 test/integration/public-key-test.js |  5 ++++-
 3 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/src/email/email.js b/src/email/email.js
index 0a28dad..f047c87 100644
--- a/src/email/email.js
+++ b/src/email/email.js
@@ -70,8 +70,8 @@ class Email {
       params: {
         name: userId.name,
         baseUrl: util.url(origin),
-        keyId: encodeURIComponent(keyId),
-        nonce: encodeURIComponent(userId.nonce)
+        keyId: keyId,
+        nonce: userId.nonce
       }
     };
     return yield this._sendHelper(message);
diff --git a/src/service/public-key.js b/src/service/public-key.js
index b240fac..c35da90 100644
--- a/src/service/public-key.js
+++ b/src/service/public-key.js
@@ -221,11 +221,12 @@ class PublicKey {
    */
   *requestRemove(options) {
     let keyId = options.keyId, email = options.email, origin = options.origin;
-    let userIds = yield this._flagForRemove(keyId, email);
-    if (!userIds.length) {
+    let key = yield this._flagForRemove(keyId, email);
+    if (!key) {
       util.throw(404, 'User id not found');
     }
-    for (let userId of userIds) {
+    keyId = key.keyId; // get keyId in case request was by email
+    for (let userId of key.userIds) {
       yield this._email.send({ template:tpl.verifyRemove, userId, keyId, origin });
     }
   }
@@ -241,14 +242,14 @@ class PublicKey {
     let query = email ? { 'userIds.email':email } : { keyId };
     let key = yield this._mongo.get(query, DB_TYPE);
     if (!key) {
-      return [];
+      return;
     }
     if (email) {
       let nonce = util.random();
       yield this._mongo.update(query, { 'userIds.$.nonce':nonce }, DB_TYPE);
       let uid = key.userIds.find(u => u.email === email);
       uid.nonce = nonce;
-      return [uid];
+      return { userIds:[uid], keyId:key.keyId };
     }
     if (keyId) {
       for (let uid of key.userIds) {
@@ -256,7 +257,7 @@ class PublicKey {
         yield this._mongo.update({ 'userIds.email':uid.email }, { 'userIds.$.nonce':nonce }, DB_TYPE);
         uid.nonce = nonce;
       }
-      return key.userIds;
+      return key;
     }
   }
 
diff --git a/test/integration/public-key-test.js b/test/integration/public-key-test.js
index 145cf89..48c70dd 100644
--- a/test/integration/public-key-test.js
+++ b/test/integration/public-key-test.js
@@ -35,7 +35,7 @@ describe('Public Key Integration Tests', function() {
       return recipient.to.address === primaryEmail;
     }), sinon.match(params => {
       emailParams = params;
-      return !!params.nonce;
+      return params.nonce !== undefined && params.keyId !== undefined;
     }));
     sinon.stub(nodemailer, 'createTransport').returns({
       templateSender: () => { return sendEmailStub; }
@@ -253,18 +253,21 @@ describe('Public Key Integration Tests', function() {
       yield publicKey.verify(emailParams);
       emailParams = null;
       yield publicKey.requestRemove({ keyId, origin });
+      expect(emailParams.keyId).to.exist;
       expect(emailParams.nonce).to.exist;
     });
 
     it('should work for unverified key', function *() {
       emailParams = null;
       yield publicKey.requestRemove({ keyId, origin });
+      expect(emailParams.keyId).to.exist;
       expect(emailParams.nonce).to.exist;
     });
 
     it('should work by email address', function *() {
       emailParams = null;
       yield publicKey.requestRemove({ email:primaryEmail, origin });
+      expect(emailParams.keyId).to.exist;
       expect(emailParams.nonce).to.exist;
     });