From 12a9a07eb03189c504c2f575a80658bcda15813c Mon Sep 17 00:00:00 2001
From: Danny Avila <danny@librechat.ai>
Date: Sun, 26 Jan 2025 19:03:12 -0500
Subject: [PATCH 1/2] =?UTF-8?q?=F0=9F=90=9B=20fix:=20Update=20deletePrompt?=
 =?UTF-8?q?Controller=20to=20include=20user=20role=20in=20query=20(#5488)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 api/server/routes/prompts.js | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/api/server/routes/prompts.js b/api/server/routes/prompts.js
index 8338f63a3ce..e3ab5bf5d39 100644
--- a/api/server/routes/prompts.js
+++ b/api/server/routes/prompts.js
@@ -214,10 +214,7 @@ const deletePromptController = async (req, res) => {
     const { promptId } = req.params;
     const { groupId } = req.query;
     const author = req.user.id;
-    const query = { promptId, groupId, author };
-    if (req.user.role === SystemRoles.ADMIN) {
-      delete query.author;
-    }
+    const query = { promptId, groupId, author, role: req.user.role };
     const result = await deletePrompt(query);
     res.status(200).send(result);
   } catch (error) {

From e7de9c1576b3488c9b43230b27f2c136d732501f Mon Sep 17 00:00:00 2001
From: Marco Beretta <81851188+berry-13@users.noreply.github.com>
Date: Mon, 27 Jan 2025 02:57:03 +0100
Subject: [PATCH 2/2] =?UTF-8?q?=F0=9F=9B=A1=EF=B8=8F=20refactor:=20enhance?=
 =?UTF-8?q?=20email=20verification=20process=20(#5485)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 api/server/services/AuthService.js         | 31 +++++++++++++++-----
 client/src/components/Auth/VerifyEmail.tsx | 34 +++++++++-------------
 2 files changed, 36 insertions(+), 29 deletions(-)

diff --git a/api/server/services/AuthService.js b/api/server/services/AuthService.js
index 49c3c4a17d9..680a5066029 100644
--- a/api/server/services/AuthService.js
+++ b/api/server/services/AuthService.js
@@ -108,31 +108,46 @@ const sendVerificationEmail = async (user) => {
  */
 const verifyEmail = async (req) => {
   const { email, token } = req.body;
-  let emailVerificationData = await findToken({ email: decodeURIComponent(email) });
+  const decodedEmail = decodeURIComponent(email);
+
+  const user = await findUser({ email: decodedEmail }, 'email _id emailVerified');
+
+  if (!user) {
+    logger.warn(`[verifyEmail] [User not found] [Email: ${decodedEmail}]`);
+    return new Error('User not found');
+  }
+
+  if (user.emailVerified) {
+    logger.info(`[verifyEmail] Email already verified [Email: ${decodedEmail}]`);
+    return { message: 'Email already verified', status: 'success' };
+  }
+
+  let emailVerificationData = await findToken({ email: decodedEmail });
 
   if (!emailVerificationData) {
-    logger.warn(`[verifyEmail] [No email verification data found] [Email: ${email}]`);
+    logger.warn(`[verifyEmail] [No email verification data found] [Email: ${decodedEmail}]`);
     return new Error('Invalid or expired password reset token');
   }
 
   const isValid = bcrypt.compareSync(token, emailVerificationData.token);
 
   if (!isValid) {
-    logger.warn(`[verifyEmail] [Invalid or expired email verification token] [Email: ${email}]`);
+    logger.warn(
+      `[verifyEmail] [Invalid or expired email verification token] [Email: ${decodedEmail}]`,
+    );
     return new Error('Invalid or expired email verification token');
   }
 
   const updatedUser = await updateUser(emailVerificationData.userId, { emailVerified: true });
   if (!updatedUser) {
-    logger.warn(`[verifyEmail] [User not found] [Email: ${email}]`);
-    return new Error('User not found');
+    logger.warn(`[verifyEmail] [User update failed] [Email: ${decodedEmail}]`);
+    return new Error('Failed to update user verification status');
   }
 
   await deleteTokens({ token: emailVerificationData.token });
-  logger.info(`[verifyEmail] Email verification successful. [Email: ${email}]`);
-  return { message: 'Email verification was successful' };
+  logger.info(`[verifyEmail] Email verification successful [Email: ${decodedEmail}]`);
+  return { message: 'Email verification was successful', status: 'success' };
 };
-
 /**
  * Register a new user.
  * @param {MongoUser} user <email, password, name, username>
diff --git a/client/src/components/Auth/VerifyEmail.tsx b/client/src/components/Auth/VerifyEmail.tsx
index acb5abe5ad9..0af2f41959f 100644
--- a/client/src/components/Auth/VerifyEmail.tsx
+++ b/client/src/components/Auth/VerifyEmail.tsx
@@ -14,7 +14,6 @@ function RequestPasswordReset() {
   const [headerText, setHeaderText] = useState<string>('');
   const [showResendLink, setShowResendLink] = useState<boolean>(false);
   const [verificationStatus, setVerificationStatus] = useState<boolean>(false);
-
   const token = useMemo(() => params.get('token') || '', [params]);
   const email = useMemo(() => params.get('email') || '', [params]);
 
@@ -26,9 +25,8 @@ function RequestPasswordReset() {
           clearInterval(timer);
           navigate('/c/new', { replace: true });
           return 0;
-        } else {
-          return prevCountdown - 1;
         }
+        return prevCountdown - 1;
       });
     }, 1000);
   }, [navigate]);
@@ -39,11 +37,10 @@ function RequestPasswordReset() {
       setVerificationStatus(true);
       countdownRedirect();
     },
-    onError: () => {
+    onError: (error: unknown) => {
+      setHeaderText(localize('com_auth_email_verification_failed') + ' 😢');
       setShowResendLink(true);
       setVerificationStatus(true);
-      setHeaderText(localize('com_auth_email_verification_failed') + ' 😢');
-      setCountdown(0);
     },
   });
 
@@ -54,7 +51,6 @@ function RequestPasswordReset() {
     },
     onError: () => {
       setHeaderText(localize('com_auth_email_resent_failed') + ' 😢');
-      countdownRedirect();
     },
     onMutate: () => setShowResendLink(false),
   });
@@ -64,26 +60,22 @@ function RequestPasswordReset() {
   };
 
   useEffect(() => {
-    if (verifyEmailMutation.isLoading || verificationStatus) {
+    if (verificationStatus || verifyEmailMutation.isLoading) {
       return;
     }
 
     if (token && email) {
-      verifyEmailMutation.mutate({
-        email,
-        token,
-      });
-      return;
-    } else if (email) {
-      setHeaderText(localize('com_auth_email_verification_failed_token_missing') + ' 😢');
+      verifyEmailMutation.mutate({ email, token });
     } else {
-      setHeaderText(localize('com_auth_email_verification_invalid') + ' 🤨');
+      if (email) {
+        setHeaderText(localize('com_auth_email_verification_failed_token_missing') + ' 😢');
+      } else {
+        setHeaderText(localize('com_auth_email_verification_invalid') + ' 🤨');
+      }
+      setShowResendLink(true);
+      setVerificationStatus(true);
     }
-
-    setShowResendLink(true);
-    setVerificationStatus(true);
-    setCountdown(0);
-  }, [localize, token, email, verificationStatus, verifyEmailMutation]);
+  }, [token, email, verificationStatus, verifyEmailMutation]);
 
   const VerificationSuccess = () => (
     <div className="flex flex-col items-center justify-center">