Description
New Feature / Enhancement Checklist
- I am not disclosing a vulnerability.
- I am not just asking a question.
- I have searched through existing issues.
Current Limitation
It's currently not possible to verify a user password if email verification is required and the user's email has not been verified. Even when using the master key, a request to REST API /verifyPassword fails with Parse error 205.
Feature / Enhancement Description
Introduce new request option ignoreEmailVerification that together with the master or maintenance key allows to verify a user password ignoring the email verification status.
Example Use Case
It may be necessary to verify a user password irrespective of email verification status, for example to allow a user to change an incorrectly entered email that could not be verified because it is incorrect. A developer can write a Cloud Function that does just that.
Alternatives / Workarounds
Use maintenance key and compare hashed passwords, which is discouraged for many reasons.