From 4480cd92ab71aada01fc6e76d7310959755737ea Mon Sep 17 00:00:00 2001
From: Loay <loay@users.noreply.github.com>
Date: Thu, 16 Jun 2016 02:20:33 -0400
Subject: [PATCH] Fix verificationToken bug #2440

---
 common/models/user.js |  2 +-
 test/user.test.js     | 15 +++++++++++++++
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/common/models/user.js b/common/models/user.js
index 4263e354..d6c958ab 100644
--- a/common/models/user.js
+++ b/common/models/user.js
@@ -474,7 +474,7 @@ module.exports = function(User) {
         fn(err);
       } else {
         if (user && user.verificationToken === token) {
-          user.verificationToken = undefined;
+          user.verificationToken = null;
           user.emailVerified = true;
           user.save(function(err) {
             if (err) {
diff --git a/test/user.test.js b/test/user.test.js
index 28e9650c..2fd77870 100644
--- a/test/user.test.js
+++ b/test/user.test.js
@@ -1422,6 +1422,21 @@ describe('User', function() {
         }, done);
       });
 
+      it('sets verificationToken to null after confirmation', function(done) {
+        testConfirm(function(result, done) {
+          User.confirm(result.uid, result.token, false, function(err) {
+            if (err) return done(err);
+
+            // Verify by loading user data stored in the datasource
+            User.findById(result.uid, function(err, user) {
+              if (err) return done(err);
+              expect(user).to.have.property('verificationToken', null);
+              done();
+            });
+          });
+        }, done);
+      });
+
       it('Should report 302 when redirect url is set', function(done) {
         testConfirm(function(result, done) {
           request(app)