[#468] added record auth verification, password reset and email change request event hooks

2022-12-03 14:50:02 +02:00
parent 02f72638b8
commit 604009bd10
22 changed files with 1013 additions and 142 deletions
@@ -4,6 +4,8 @@ package forms

 import (
 	"regexp"
+
+	"github.com/pocketbase/pocketbase/models"
 )

 // base ID value regex pattern
@@ -13,7 +15,8 @@ var idRegex = regexp.MustCompile(`^[^\@\#\$\&\|\.\,\'\"\\\/\s]+$`)
 // Usually used in combination with InterceptorFunc.
 type InterceptorNextFunc = func() error

-// InterceptorFunc defines a single interceptor function that will execute the provided next func handler.
+// InterceptorFunc defines a single interceptor function that
+// will execute the provided next func handler.
 type InterceptorFunc func(next InterceptorNextFunc) InterceptorNextFunc

 // runInterceptors executes the provided list of interceptors.
@@ -21,6 +24,21 @@ func runInterceptors(next InterceptorNextFunc, interceptors ...InterceptorFunc)
 	for i := len(interceptors) - 1; i >= 0; i-- {
 		next = interceptors[i](next)
 	}
-
 	return next()
 }
+
+// InterceptorWithRecordNextFunc is a Record interceptor handler function.
+// Usually used in combination with InterceptorWithRecordFunc.
+type InterceptorWithRecordNextFunc = func(record *models.Record) error
+
+// InterceptorWithRecordFunc defines a single Record interceptor function
+// that will execute the provided next func handler.
+type InterceptorWithRecordFunc func(next InterceptorWithRecordNextFunc) InterceptorWithRecordNextFunc
+
+// runInterceptorsWithRecord executes the provided list of Record interceptors.
+func runInterceptorsWithRecord(record *models.Record, next InterceptorWithRecordNextFunc, interceptors ...InterceptorWithRecordFunc) error {
+	for i := len(interceptors) - 1; i >= 0; i-- {
+		next = interceptors[i](next)
+	}
+	return next(record)
+}
@@ -367,12 +367,12 @@ func TestCollectionUpsertValidateAndSubmit(t *testing.T) {
 		}

 		// check interceptor calls
-		expectInterceptorCall := 1
+		expectInterceptorCalls := 1
 		if len(s.expectedErrors) > 0 {
-			expectInterceptorCall = 0
+			expectInterceptorCalls = 0
 		}
-		if interceptorCalls != expectInterceptorCall {
-			t.Errorf("[%s] Expected interceptor to be called %d, got %d", s.testName, expectInterceptorCall, interceptorCalls)
+		if interceptorCalls != expectInterceptorCalls {
+			t.Errorf("[%s] Expected interceptor to be called %d, got %d", s.testName, expectInterceptorCalls, interceptorCalls)
 		}

 		// check errors
@@ -113,7 +113,10 @@ func (form *RecordEmailChangeConfirm) parseToken(token string) (*models.Record,

 // Submit validates and submits the auth record email change confirmation form.
 // On success returns the updated auth record associated to `form.Token`.
-func (form *RecordEmailChangeConfirm) Submit() (*models.Record, error) {
+//
+// You can optionally provide a list of InterceptorWithRecordFunc to
+// further modify the form behavior before persisting it.
+func (form *RecordEmailChangeConfirm) Submit(interceptors ...InterceptorWithRecordFunc) (*models.Record, error) {
 	if err := form.Validate(); err != nil {
 		return nil, err
 	}
@@ -127,8 +130,12 @@ func (form *RecordEmailChangeConfirm) Submit() (*models.Record, error) {
 	authRecord.SetVerified(true)
 	authRecord.RefreshTokenKey() // invalidate old tokens

-	if err := form.dao.SaveRecord(authRecord); err != nil {
-		return nil, err
+	interceptorsErr := runInterceptorsWithRecord(authRecord, func(m *models.Record) error {
+		return form.dao.SaveRecord(m)
+	}, interceptors...)
+
+	if interceptorsErr != nil {
+		return nil, interceptorsErr
 	}

 	return authRecord, nil
@@ -2,10 +2,12 @@ package forms_test

 import (
 	"encoding/json"
+	"errors"
 	"testing"

 	validation "github.com/go-ozzo/ozzo-validation/v4"
 	"github.com/pocketbase/pocketbase/forms"
+	"github.com/pocketbase/pocketbase/models"
 	"github.com/pocketbase/pocketbase/tests"
 	"github.com/pocketbase/pocketbase/tools/security"
 )
@@ -82,7 +84,24 @@ func TestRecordEmailChangeConfirmValidateAndSubmit(t *testing.T) {
 			continue
 		}

-		record, err := form.Submit()
+		interceptorCalls := 0
+		interceptor := func(next forms.InterceptorWithRecordNextFunc) forms.InterceptorWithRecordNextFunc {
+			return func(r *models.Record) error {
+				interceptorCalls++
+				return next(r)
+			}
+		}
+
+		record, err := form.Submit(interceptor)
+
+		// check interceptor calls
+		expectInterceptorCalls := 1
+		if len(s.expectedErrors) > 0 {
+			expectInterceptorCalls = 0
+		}
+		if interceptorCalls != expectInterceptorCalls {
+			t.Errorf("[%d] Expected interceptor to be called %d, got %d", i, expectInterceptorCalls, interceptorCalls)
+		}

 		// parse errors
 		errs, ok := err.(validation.Errors)
@@ -124,3 +143,58 @@ func TestRecordEmailChangeConfirmValidateAndSubmit(t *testing.T) {
 		}
 	}
 }
+
+func TestRecordEmailChangeConfirmInterceptors(t *testing.T) {
+	testApp, _ := tests.NewTestApp()
+	defer testApp.Cleanup()
+
+	authCollection, err := testApp.Dao().FindCollectionByNameOrId("users")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	authRecord, err := testApp.Dao().FindAuthRecordByEmail("users", "test@example.com")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	form := forms.NewRecordEmailChangeConfirm(testApp, authCollection)
+	form.Token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoUmVjb3JkIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZW1haWwiOiJ0ZXN0QGV4YW1wbGUuY29tIiwibmV3RW1haWwiOiJ0ZXN0X25ld0BleGFtcGxlLmNvbSIsImV4cCI6MjIwODk4NTI2MX0.hmR7Ye23C68tS1LgHgYgT7NBJczTad34kzcT4sqW3FY"
+	form.Password = "1234567890"
+	interceptorEmail := authRecord.Email()
+	testErr := errors.New("test_error")
+
+	interceptor1Called := false
+	interceptor1 := func(next forms.InterceptorWithRecordNextFunc) forms.InterceptorWithRecordNextFunc {
+		return func(record *models.Record) error {
+			interceptor1Called = true
+			return next(record)
+		}
+	}
+
+	interceptor2Called := false
+	interceptor2 := func(next forms.InterceptorWithRecordNextFunc) forms.InterceptorWithRecordNextFunc {
+		return func(record *models.Record) error {
+			interceptorEmail = record.Email()
+			interceptor2Called = true
+			return testErr
+		}
+	}
+
+	_, submitErr := form.Submit(interceptor1, interceptor2)
+	if submitErr != testErr {
+		t.Fatalf("Expected submitError %v, got %v", testErr, submitErr)
+	}
+
+	if !interceptor1Called {
+		t.Fatalf("Expected interceptor1 to be called")
+	}
+
+	if !interceptor2Called {
+		t.Fatalf("Expected interceptor2 to be called")
+	}
+
+	if interceptorEmail == authRecord.Email() {
+		t.Fatalf("Expected the form model to be filled before calling the interceptors")
+	}
+}
@@ -61,10 +61,15 @@ func (form *RecordEmailChangeRequest) checkUniqueEmail(value any) error {
 }

 // Submit validates and sends the change email request.
-func (form *RecordEmailChangeRequest) Submit() error {
+//
+// You can optionally provide a list of InterceptorWithRecordFunc to
+// further modify the form behavior before persisting it.
+func (form *RecordEmailChangeRequest) Submit(interceptors ...InterceptorWithRecordFunc) error {
 	if err := form.Validate(); err != nil {
 		return err
 	}

-	return mails.SendRecordChangeEmail(form.app, form.record, form.NewEmail)
+	return runInterceptorsWithRecord(form.record, func(m *models.Record) error {
+		return mails.SendRecordChangeEmail(form.app, m, form.NewEmail)
+	}, interceptors...)
 }
@@ -2,10 +2,12 @@ package forms_test

 import (
 	"encoding/json"
+	"errors"
 	"testing"

 	validation "github.com/go-ozzo/ozzo-validation/v4"
 	"github.com/pocketbase/pocketbase/forms"
+	"github.com/pocketbase/pocketbase/models"
 	"github.com/pocketbase/pocketbase/tests"
 )

@@ -57,7 +59,24 @@ func TestRecordEmailChangeRequestValidateAndSubmit(t *testing.T) {
 			continue
 		}

-		err := form.Submit()
+		interceptorCalls := 0
+		interceptor := func(next forms.InterceptorWithRecordNextFunc) forms.InterceptorWithRecordNextFunc {
+			return func(r *models.Record) error {
+				interceptorCalls++
+				return next(r)
+			}
+		}
+
+		err := form.Submit(interceptor)
+
+		// check interceptor calls
+		expectInterceptorCalls := 1
+		if len(s.expectedErrors) > 0 {
+			expectInterceptorCalls = 0
+		}
+		if interceptorCalls != expectInterceptorCalls {
+			t.Errorf("[%d] Expected interceptor to be called %d, got %d", i, expectInterceptorCalls, interceptorCalls)
+		}

 		// parse errors
 		errs, ok := err.(validation.Errors)
@@ -85,3 +104,46 @@ func TestRecordEmailChangeRequestValidateAndSubmit(t *testing.T) {
 		}
 	}
 }
+
+func TestRecordEmailChangeRequestInterceptors(t *testing.T) {
+	testApp, _ := tests.NewTestApp()
+	defer testApp.Cleanup()
+
+	authRecord, err := testApp.Dao().FindAuthRecordByEmail("users", "test@example.com")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	form := forms.NewRecordEmailChangeRequest(testApp, authRecord)
+	form.NewEmail = "test_new@example.com"
+	testErr := errors.New("test_error")
+
+	interceptor1Called := false
+	interceptor1 := func(next forms.InterceptorWithRecordNextFunc) forms.InterceptorWithRecordNextFunc {
+		return func(record *models.Record) error {
+			interceptor1Called = true
+			return next(record)
+		}
+	}
+
+	interceptor2Called := false
+	interceptor2 := func(next forms.InterceptorWithRecordNextFunc) forms.InterceptorWithRecordNextFunc {
+		return func(record *models.Record) error {
+			interceptor2Called = true
+			return testErr
+		}
+	}
+
+	submitErr := form.Submit(interceptor1, interceptor2)
+	if submitErr != testErr {
+		t.Fatalf("Expected submitError %v, got %v", testErr, submitErr)
+	}
+
+	if !interceptor1Called {
+		t.Fatalf("Expected interceptor1 to be called")
+	}
+
+	if !interceptor2Called {
+		t.Fatalf("Expected interceptor2 to be called")
+	}
+}
@@ -71,7 +71,10 @@ func (form *RecordPasswordResetConfirm) checkToken(value any) error {

 // Submit validates and submits the form.
 // On success returns the updated auth record associated to `form.Token`.
-func (form *RecordPasswordResetConfirm) Submit() (*models.Record, error) {
+//
+// You can optionally provide a list of InterceptorWithRecordFunc to
+// further modify the form behavior before persisting it.
+func (form *RecordPasswordResetConfirm) Submit(interceptors ...InterceptorWithRecordFunc) (*models.Record, error) {
 	if err := form.Validate(); err != nil {
 		return nil, err
 	}
@@ -88,8 +91,12 @@ func (form *RecordPasswordResetConfirm) Submit() (*models.Record, error) {
 		return nil, err
 	}

-	if err := form.dao.SaveRecord(authRecord); err != nil {
-		return nil, err
+	interceptorsErr := runInterceptorsWithRecord(authRecord, func(m *models.Record) error {
+		return form.dao.SaveRecord(m)
+	}, interceptors...)
+
+	if interceptorsErr != nil {
+		return nil, interceptorsErr
 	}

 	return authRecord, nil
@@ -2,10 +2,12 @@ package forms_test

 import (
 	"encoding/json"
+	"errors"
 	"testing"

 	validation "github.com/go-ozzo/ozzo-validation/v4"
 	"github.com/pocketbase/pocketbase/forms"
+	"github.com/pocketbase/pocketbase/models"
 	"github.com/pocketbase/pocketbase/tests"
 	"github.com/pocketbase/pocketbase/tools/security"
 )
@@ -76,7 +78,15 @@ func TestRecordPasswordResetConfirmValidateAndSubmit(t *testing.T) {
 			continue
 		}

-		record, submitErr := form.Submit()
+		interceptorCalls := 0
+		interceptor := func(next forms.InterceptorWithRecordNextFunc) forms.InterceptorWithRecordNextFunc {
+			return func(r *models.Record) error {
+				interceptorCalls++
+				return next(r)
+			}
+		}
+
+		record, submitErr := form.Submit(interceptor)

 		// parse errors
 		errs, ok := submitErr.(validation.Errors)
@@ -85,6 +95,15 @@ func TestRecordPasswordResetConfirmValidateAndSubmit(t *testing.T) {
 			continue
 		}

+		// check interceptor calls
+		expectInterceptorCalls := 1
+		if len(s.expectedErrors) > 0 {
+			expectInterceptorCalls = 0
+		}
+		if interceptorCalls != expectInterceptorCalls {
+			t.Errorf("[%d] Expected interceptor to be called %d, got %d", i, expectInterceptorCalls, interceptorCalls)
+		}
+
 		// check errors
 		if len(errs) > len(s.expectedErrors) {
 			t.Errorf("(%d) Expected error keys %v, got %v", i, s.expectedErrors, errs)
@@ -115,3 +134,59 @@ func TestRecordPasswordResetConfirmValidateAndSubmit(t *testing.T) {
 		}
 	}
 }
+
+func TestRecordPasswordResetConfirmInterceptors(t *testing.T) {
+	testApp, _ := tests.NewTestApp()
+	defer testApp.Cleanup()
+
+	authCollection, err := testApp.Dao().FindCollectionByNameOrId("users")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	authRecord, err := testApp.Dao().FindAuthRecordByEmail("users", "test@example.com")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	form := forms.NewRecordPasswordResetConfirm(testApp, authCollection)
+	form.Token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsImVtYWlsIjoidGVzdEBleGFtcGxlLmNvbSIsImNvbGxlY3Rpb25JZCI6Il9wYl91c2Vyc19hdXRoXyIsInR5cGUiOiJhdXRoUmVjb3JkIiwiZXhwIjoyMjA4OTg1MjYxfQ.R_4FOSUHIuJQ5Crl3PpIPCXMsoHzuTaNlccpXg_3FOg"
+	form.Password = "1234567890"
+	form.PasswordConfirm = "1234567890"
+	interceptorTokenKey := authRecord.TokenKey()
+	testErr := errors.New("test_error")
+
+	interceptor1Called := false
+	interceptor1 := func(next forms.InterceptorWithRecordNextFunc) forms.InterceptorWithRecordNextFunc {
+		return func(record *models.Record) error {
+			interceptor1Called = true
+			return next(record)
+		}
+	}
+
+	interceptor2Called := false
+	interceptor2 := func(next forms.InterceptorWithRecordNextFunc) forms.InterceptorWithRecordNextFunc {
+		return func(record *models.Record) error {
+			interceptorTokenKey = record.TokenKey()
+			interceptor2Called = true
+			return testErr
+		}
+	}
+
+	_, submitErr := form.Submit(interceptor1, interceptor2)
+	if submitErr != testErr {
+		t.Fatalf("Expected submitError %v, got %v", testErr, submitErr)
+	}
+
+	if !interceptor1Called {
+		t.Fatalf("Expected interceptor1 to be called")
+	}
+
+	if !interceptor2Called {
+		t.Fatalf("Expected interceptor2 to be called")
+	}
+
+	if interceptorTokenKey == authRecord.TokenKey() {
+		t.Fatalf("Expected the form model to be filled before calling the interceptors")
+	}
+}
@@ -59,12 +59,15 @@ func (form *RecordPasswordResetRequest) Validate() error {

 // Submit validates and submits the form.
 // On success, sends a password reset email to the `form.Email` auth record.
-func (form *RecordPasswordResetRequest) Submit() error {
+//
+// You can optionally provide a list of InterceptorWithRecordFunc to
+// further modify the form behavior before persisting it.
+func (form *RecordPasswordResetRequest) Submit(interceptors ...InterceptorWithRecordFunc) error {
 	if err := form.Validate(); err != nil {
 		return err
 	}

-	authRecord, err := form.dao.FindFirstRecordByData(form.collection.Id, schema.FieldNameEmail, form.Email)
+	authRecord, err := form.dao.FindAuthRecordByEmail(form.collection.Id, form.Email)
 	if err != nil {
 		return err
 	}
@@ -75,12 +78,14 @@ func (form *RecordPasswordResetRequest) Submit() error {
 		return errors.New("You've already requested a password reset.")
 	}

-	if err := mails.SendRecordPasswordReset(form.app, authRecord); err != nil {
-		return err
-	}
-
 	// update last sent timestamp
 	authRecord.Set(schema.FieldNameLastResetSentAt, types.NowDateTime())

-	return form.dao.SaveRecord(authRecord)
+	return runInterceptorsWithRecord(authRecord, func(m *models.Record) error {
+		if err := mails.SendRecordPasswordReset(form.app, m); err != nil {
+			return err
+		}
+
+		return form.dao.SaveRecord(m)
+	}, interceptors...)
 }
@@ -2,10 +2,12 @@ package forms_test

 import (
 	"encoding/json"
+	"errors"
 	"testing"
 	"time"

 	"github.com/pocketbase/pocketbase/forms"
+	"github.com/pocketbase/pocketbase/models"
 	"github.com/pocketbase/pocketbase/tests"
 	"github.com/pocketbase/pocketbase/tools/types"
 )
@@ -64,7 +66,24 @@ func TestRecordPasswordResetRequestSubmit(t *testing.T) {
 			continue
 		}

-		err := form.Submit()
+		interceptorCalls := 0
+		interceptor := func(next forms.InterceptorWithRecordNextFunc) forms.InterceptorWithRecordNextFunc {
+			return func(r *models.Record) error {
+				interceptorCalls++
+				return next(r)
+			}
+		}
+
+		err := form.Submit(interceptor)
+
+		// check interceptor calls
+		expectInterceptorCalls := 1
+		if s.expectError {
+			expectInterceptorCalls = 0
+		}
+		if interceptorCalls != expectInterceptorCalls {
+			t.Errorf("[%d] Expected interceptor to be called %d, got %d", i, expectInterceptorCalls, interceptorCalls)
+		}

 		hasErr := err != nil
 		if hasErr != s.expectError {
@@ -95,3 +114,57 @@ func TestRecordPasswordResetRequestSubmit(t *testing.T) {
 		}
 	}
 }
+
+func TestRecordPasswordResetRequestInterceptors(t *testing.T) {
+	testApp, _ := tests.NewTestApp()
+	defer testApp.Cleanup()
+
+	authCollection, err := testApp.Dao().FindCollectionByNameOrId("users")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	authRecord, err := testApp.Dao().FindAuthRecordByEmail("users", "test@example.com")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	form := forms.NewRecordPasswordResetRequest(testApp, authCollection)
+	form.Email = authRecord.Email()
+	interceptorLastResetSentAt := authRecord.LastResetSentAt()
+	testErr := errors.New("test_error")
+
+	interceptor1Called := false
+	interceptor1 := func(next forms.InterceptorWithRecordNextFunc) forms.InterceptorWithRecordNextFunc {
+		return func(record *models.Record) error {
+			interceptor1Called = true
+			return next(record)
+		}
+	}
+
+	interceptor2Called := false
+	interceptor2 := func(next forms.InterceptorWithRecordNextFunc) forms.InterceptorWithRecordNextFunc {
+		return func(record *models.Record) error {
+			interceptorLastResetSentAt = record.LastResetSentAt()
+			interceptor2Called = true
+			return testErr
+		}
+	}
+
+	submitErr := form.Submit(interceptor1, interceptor2)
+	if submitErr != testErr {
+		t.Fatalf("Expected submitError %v, got %v", testErr, submitErr)
+	}
+
+	if !interceptor1Called {
+		t.Fatalf("Expected interceptor1 to be called")
+	}
+
+	if !interceptor2Called {
+		t.Fatalf("Expected interceptor2 to be called")
+	}
+
+	if interceptorLastResetSentAt.String() == authRecord.LastResetSentAt().String() {
+		t.Fatalf("Expected the form model to be filled before calling the interceptors")
+	}
+}
@@ -76,7 +76,10 @@ func (form *RecordVerificationConfirm) checkToken(value any) error {

 // Submit validates and submits the form.
 // On success returns the verified auth record associated to `form.Token`.
-func (form *RecordVerificationConfirm) Submit() (*models.Record, error) {
+//
+// You can optionally provide a list of InterceptorWithRecordFunc to
+// further modify the form behavior before persisting it.
+func (form *RecordVerificationConfirm) Submit(interceptors ...InterceptorWithRecordFunc) (*models.Record, error) {
 	if err := form.Validate(); err != nil {
 		return nil, err
 	}
@@ -89,14 +92,22 @@ func (form *RecordVerificationConfirm) Submit() (*models.Record, error) {
 		return nil, err
 	}

-	if record.Verified() {
-		return record, nil // already verified
+	wasVerified := record.Verified()
+
+	if !wasVerified {
+		record.SetVerified(true)
 	}

-	record.SetVerified(true)
+	interceptorsErr := runInterceptorsWithRecord(record, func(m *models.Record) error {
+		if wasVerified {
+			return nil // already verified
+		}

-	if err := form.dao.SaveRecord(record); err != nil {
-		return nil, err
+		return form.dao.SaveRecord(m)
+	}, interceptors...)
+
+	if interceptorsErr != nil {
+		return nil, interceptorsErr
 	}

 	return record, nil
@@ -2,9 +2,11 @@ package forms_test

 import (
 	"encoding/json"
+	"errors"
 	"testing"

 	"github.com/pocketbase/pocketbase/forms"
+	"github.com/pocketbase/pocketbase/models"
 	"github.com/pocketbase/pocketbase/tests"
 	"github.com/pocketbase/pocketbase/tools/security"
 )
@@ -54,7 +56,24 @@ func TestRecordVerificationConfirmValidateAndSubmit(t *testing.T) {
 			continue
 		}

-		record, err := form.Submit()
+		interceptorCalls := 0
+		interceptor := func(next forms.InterceptorWithRecordNextFunc) forms.InterceptorWithRecordNextFunc {
+			return func(r *models.Record) error {
+				interceptorCalls++
+				return next(r)
+			}
+		}
+
+		record, err := form.Submit(interceptor)
+
+		// check interceptor calls
+		expectInterceptorCalls := 1
+		if s.expectError {
+			expectInterceptorCalls = 0
+		}
+		if interceptorCalls != expectInterceptorCalls {
+			t.Errorf("[%d] Expected interceptor to be called %d, got %d", i, expectInterceptorCalls, interceptorCalls)
+		}

 		hasErr := err != nil
 		if hasErr != s.expectError {
@@ -77,3 +96,57 @@ func TestRecordVerificationConfirmValidateAndSubmit(t *testing.T) {
 		}
 	}
 }
+
+func TestRecordVerificationConfirmInterceptors(t *testing.T) {
+	testApp, _ := tests.NewTestApp()
+	defer testApp.Cleanup()
+
+	authCollection, err := testApp.Dao().FindCollectionByNameOrId("users")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	authRecord, err := testApp.Dao().FindAuthRecordByEmail("users", "test@example.com")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	form := forms.NewRecordVerificationConfirm(testApp, authCollection)
+	form.Token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsImVtYWlsIjoidGVzdEBleGFtcGxlLmNvbSIsImNvbGxlY3Rpb25JZCI6Il9wYl91c2Vyc19hdXRoXyIsInR5cGUiOiJhdXRoUmVjb3JkIiwiZXhwIjoyMjA4OTg1MjYxfQ.hL16TVmStHFdHLc4a860bRqJ3sFfzjv0_NRNzwsvsrc"
+	interceptorVerified := authRecord.Verified()
+	testErr := errors.New("test_error")
+
+	interceptor1Called := false
+	interceptor1 := func(next forms.InterceptorWithRecordNextFunc) forms.InterceptorWithRecordNextFunc {
+		return func(record *models.Record) error {
+			interceptor1Called = true
+			return next(record)
+		}
+	}
+
+	interceptor2Called := false
+	interceptor2 := func(next forms.InterceptorWithRecordNextFunc) forms.InterceptorWithRecordNextFunc {
+		return func(record *models.Record) error {
+			interceptorVerified = record.Verified()
+			interceptor2Called = true
+			return testErr
+		}
+	}
+
+	_, submitErr := form.Submit(interceptor1, interceptor2)
+	if submitErr != testErr {
+		t.Fatalf("Expected submitError %v, got %v", testErr, submitErr)
+	}
+
+	if !interceptor1Called {
+		t.Fatalf("Expected interceptor1 to be called")
+	}
+
+	if !interceptor2Called {
+		t.Fatalf("Expected interceptor2 to be called")
+	}
+
+	if interceptorVerified == authRecord.Verified() {
+		t.Fatalf("Expected the form model to be filled before calling the interceptors")
+	}
+}
@@ -59,7 +59,10 @@ func (form *RecordVerificationRequest) Validate() error {

 // Submit validates and sends a verification request email
 // to the `form.Email` auth record.
-func (form *RecordVerificationRequest) Submit() error {
+//
+// You can optionally provide a list of InterceptorWithRecordFunc to
+// further modify the form behavior before persisting it.
+func (form *RecordVerificationRequest) Submit(interceptors ...InterceptorWithRecordFunc) error {
 	if err := form.Validate(); err != nil {
 		return err
 	}
@@ -73,22 +76,26 @@ func (form *RecordVerificationRequest) Submit() error {
 		return err
 	}

-	if record.GetBool(schema.FieldNameVerified) {
-		return nil // already verified
+	if !record.Verified() {
+		now := time.Now().UTC()
+		lastVerificationSentAt := record.LastVerificationSentAt().Time()
+		if (now.Sub(lastVerificationSentAt)).Seconds() < form.resendThreshold {
+			return errors.New("A verification email was already sent.")
+		}
+
+		// update last sent timestamp
+		record.SetLastVerificationSentAt(types.NowDateTime())
 	}

-	now := time.Now().UTC()
-	lastVerificationSentAt := record.LastVerificationSentAt().Time()
-	if (now.Sub(lastVerificationSentAt)).Seconds() < form.resendThreshold {
-		return errors.New("A verification email was already sent.")
-	}
+	return runInterceptorsWithRecord(record, func(m *models.Record) error {
+		if m.Verified() {
+			return nil // already verified
+		}

-	if err := mails.SendRecordVerification(form.app, record); err != nil {
-		return err
-	}
+		if err := mails.SendRecordVerification(form.app, m); err != nil {
+			return err
+		}

-	// update last sent timestamp
-	record.Set(schema.FieldNameLastVerificationSentAt, types.NowDateTime())
-
-	return form.dao.SaveRecord(record)
+		return form.dao.SaveRecord(m)
+	}, interceptors...)
 }
@@ -2,10 +2,12 @@ package forms_test

 import (
 	"encoding/json"
+	"errors"
 	"testing"
 	"time"

 	"github.com/pocketbase/pocketbase/forms"
+	"github.com/pocketbase/pocketbase/models"
 	"github.com/pocketbase/pocketbase/tests"
 	"github.com/pocketbase/pocketbase/tools/types"
 )
@@ -78,15 +80,32 @@ func TestRecordVerificationRequestSubmit(t *testing.T) {
 		// load data
 		loadErr := json.Unmarshal([]byte(s.jsonData), form)
 		if loadErr != nil {
-			t.Errorf("(%d) Failed to load form data: %v", i, loadErr)
+			t.Errorf("[%d] Failed to load form data: %v", i, loadErr)
 			continue
 		}

-		err := form.Submit()
+		interceptorCalls := 0
+		interceptor := func(next forms.InterceptorWithRecordNextFunc) forms.InterceptorWithRecordNextFunc {
+			return func(r *models.Record) error {
+				interceptorCalls++
+				return next(r)
+			}
+		}
+
+		err := form.Submit(interceptor)
+
+		// check interceptor calls
+		expectInterceptorCalls := 1
+		if s.expectError {
+			expectInterceptorCalls = 0
+		}
+		if interceptorCalls != expectInterceptorCalls {
+			t.Errorf("[%d] Expected interceptor to be called %d, got %d", i, expectInterceptorCalls, interceptorCalls)
+		}

 		hasErr := err != nil
 		if hasErr != s.expectError {
-			t.Errorf("(%d) Expected hasErr to be %v, got %v (%v)", i, s.expectError, hasErr, err)
+			t.Errorf("[%d] Expected hasErr to be %v, got %v (%v)", i, s.expectError, hasErr, err)
 		}

 		expectedMails := 0
@@ -94,7 +113,7 @@ func TestRecordVerificationRequestSubmit(t *testing.T) {
 			expectedMails = 1
 		}
 		if testApp.TestMailer.TotalSend != expectedMails {
-			t.Errorf("(%d) Expected %d mail(s) to be sent, got %d", i, expectedMails, testApp.TestMailer.TotalSend)
+			t.Errorf("[%d] Expected %d mail(s) to be sent, got %d", i, expectedMails, testApp.TestMailer.TotalSend)
 		}

 		if s.expectError {
@@ -103,13 +122,67 @@ func TestRecordVerificationRequestSubmit(t *testing.T) {

 		user, err := testApp.Dao().FindAuthRecordByEmail(authCollection.Id, form.Email)
 		if err != nil {
-			t.Errorf("(%d) Expected user with email %q to exist, got nil", i, form.Email)
+			t.Errorf("[%d] Expected user with email %q to exist, got nil", i, form.Email)
 			continue
 		}

 		// check whether LastVerificationSentAt was updated
 		if !user.Verified() && user.LastVerificationSentAt().Time().Sub(now.Time()) < 0 {
-			t.Errorf("(%d) Expected LastVerificationSentAt to be after %v, got %v", i, now, user.LastVerificationSentAt())
+			t.Errorf("[%d] Expected LastVerificationSentAt to be after %v, got %v", i, now, user.LastVerificationSentAt())
 		}
 	}
 }
+
+func TestRecordVerificationRequestInterceptors(t *testing.T) {
+	testApp, _ := tests.NewTestApp()
+	defer testApp.Cleanup()
+
+	authCollection, err := testApp.Dao().FindCollectionByNameOrId("users")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	authRecord, err := testApp.Dao().FindAuthRecordByEmail("users", "test@example.com")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	form := forms.NewRecordVerificationRequest(testApp, authCollection)
+	form.Email = authRecord.Email()
+	interceptorLastVerificationSentAt := authRecord.LastVerificationSentAt()
+	testErr := errors.New("test_error")
+
+	interceptor1Called := false
+	interceptor1 := func(next forms.InterceptorWithRecordNextFunc) forms.InterceptorWithRecordNextFunc {
+		return func(record *models.Record) error {
+			interceptor1Called = true
+			return next(record)
+		}
+	}
+
+	interceptor2Called := false
+	interceptor2 := func(next forms.InterceptorWithRecordNextFunc) forms.InterceptorWithRecordNextFunc {
+		return func(record *models.Record) error {
+			interceptorLastVerificationSentAt = record.LastVerificationSentAt()
+			interceptor2Called = true
+			return testErr
+		}
+	}
+
+	submitErr := form.Submit(interceptor1, interceptor2)
+	if submitErr != testErr {
+		t.Fatalf("Expected submitError %v, got %v", testErr, submitErr)
+	}
+
+	if !interceptor1Called {
+		t.Fatalf("Expected interceptor1 to be called")
+	}
+
+	if !interceptor2Called {
+		t.Fatalf("Expected interceptor2 to be called")
+	}
+
+	if interceptorLastVerificationSentAt.String() == authRecord.LastVerificationSentAt().String() {
+		t.Fatalf("Expected the form model to be filled before calling the interceptors")
+	}
+}