Fix creation of verification links
Fix User.prototype.verify to call `querystring.stringify` instead of concatenating query-string components directly. In particular, this fixes the bug where `options.redirect` containing a hash fragment like `#/home?arg1=value1&arg2=value2` produced incorrect URL, because the `redirect` value was not correctly encoded.
This commit is contained in:
Miroslav Bajtoš
parent
4e8252afad
commit
09b1fce34b
|
|
@ -13,6 +13,7 @@ var isEmail = require('isemail');
|
||||||
var loopback = require('../../lib/loopback');
|
var loopback = require('../../lib/loopback');
|
||||||
var utils = require('../../lib/utils');
|
var utils = require('../../lib/utils');
|
||||||
var path = require('path');
|
var path = require('path');
|
||||||
|
var qs = require('querystring');
|
||||||
var SALT_WORK_FACTOR = 10;
|
var SALT_WORK_FACTOR = 10;
|
||||||
var crypto = require('crypto');
|
var crypto = require('crypto');
|
||||||
var MAX_PASSWORD_LENGTH = 72;
|
var MAX_PASSWORD_LENGTH = 72;
|
||||||
|
|
@ -428,10 +429,10 @@ module.exports = function(User) {
|
||||||
options.host +
|
options.host +
|
||||||
displayPort +
|
displayPort +
|
||||||
urlPath +
|
urlPath +
|
||||||
'?uid=' +
|
'?' + qs.stringify({
|
||||||
options.user[pkName] +
|
uid: options.user[pkName],
|
||||||
'&redirect=' +
|
redirect: options.redirect,
|
||||||
options.redirect;
|
});
|
||||||
|
|
||||||
options.templateFn = options.templateFn || createVerificationEmailBody;
|
options.templateFn = options.templateFn || createVerificationEmailBody;
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -7,6 +7,7 @@ require('./support');
|
||||||
var loopback = require('../');
|
var loopback = require('../');
|
||||||
var User, AccessToken;
|
var User, AccessToken;
|
||||||
var async = require('async');
|
var async = require('async');
|
||||||
|
var url = require('url');
|
||||||
|
|
||||||
describe('User', function() {
|
describe('User', function() {
|
||||||
this.timeout(10000);
|
this.timeout(10000);
|
||||||
|
|
@ -1700,6 +1701,29 @@ describe('User', function() {
|
||||||
expect(result.email).to.not.have.property('template');
|
expect(result.email).to.not.have.property('template');
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
|
it('allows hash fragment in redirectUrl', function() {
|
||||||
|
return User.create({email: 'test@example.com', password: 'pass'})
|
||||||
|
.then(function(user) {
|
||||||
|
var actualVerifyHref;
|
||||||
|
return user.verify({
|
||||||
|
type: 'email',
|
||||||
|
to: user.email,
|
||||||
|
from: 'noreply@myapp.org',
|
||||||
|
redirect: '#/some-path?a=1&b=2',
|
||||||
|
templateFn: function(options, cb) {
|
||||||
|
actualVerifyHref = options.verifyHref;
|
||||||
|
cb(null, 'dummy body');
|
||||||
|
},
|
||||||
|
})
|
||||||
|
.then(function() { return actualVerifyHref; });
|
||||||
|
})
|
||||||
|
.then(function(verifyHref) {
|
||||||
|
var parsed = url.parse(verifyHref, true);
|
||||||
|
expect(parsed.query.redirect, 'redirect query')
|
||||||
|
.to.equal('#/some-path?a=1&b=2');
|
||||||
|
});
|
||||||
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
describe('User.confirm(options, fn)', function() {
|
describe('User.confirm(options, fn)', function() {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue