From 0c67b1e7810fbeb37cfe14529929735363c7a1d6 Mon Sep 17 00:00:00 2001 From: Raymond Feng Date: Mon, 7 Jul 2014 14:09:45 -0700 Subject: [PATCH] Add an option to honor emailVerified See https://github.com/strongloop/loopback/pull/215 --- lib/models/user.js | 18 ++++++++++++ test/user.test.js | 73 +++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 90 insertions(+), 1 deletion(-) diff --git a/lib/models/user.js b/lib/models/user.js index 48a15eea..877eb36b 100644 --- a/lib/models/user.js +++ b/lib/models/user.js @@ -186,6 +186,15 @@ User.login = function (credentials, include, fn) { debug('An error is reported from User.findOne: %j', err); fn(defaultError); } else if(user) { + if (self.settings.emailVerificationRequired) { + if (!user.emailVerified) { + // Fail to log in if email verification is not done yet + debug('User email has not been verified'); + err = new Error('login failed as the email has not been verified'); + err.statusCode = 401; + return fn(err); + } + } user.hasPassword(credentials.password, function(err, isMatch) { if(err) { debug('An error is reported from User.hasPassword: %j', err); @@ -441,6 +450,15 @@ User.setup = function () { this.$password = bcrypt.hashSync(plain, salt); } + // Make sure emailVerified is not set by creation + UserModel.beforeRemote('create', function(ctx, user, next) { + var body = ctx.req.body; + if (body && body.emailVerified) { + body.emailVerified = false; + } + next(); + }); + loopback.remoteMethod( UserModel.login, { diff --git a/test/user.test.js b/test/user.test.js index 2b3805a1..1611995c 100644 --- a/test/user.test.js +++ b/test/user.test.js @@ -8,6 +8,8 @@ var userMemory = loopback.createDataSource({ describe('User', function(){ var validCredentials = {email: 'foo@bar.com', password: 'bar'}; + var validCredentialsEmailVerified = {email: 'foo1@bar.com', password: 'bar1', emailVerified: true}; + var validCredentialsEmailVerifiedOverREST = {email: 'foo2@bar.com', password: 'bar2', emailVerified: true}; var validCredentialsWithTTL = {email: 'foo@bar.com', password: 'bar', ttl: 3600}; var invalidCredentials = {email: 'foo1@bar.com', password: 'bar1'}; var incompleteCredentials = {password: 'bar1'}; @@ -30,7 +32,9 @@ describe('User', function(){ app.use(loopback.rest()); app.model(User); - User.create(validCredentials, done); + User.create(validCredentials, function(err, user) { + User.create(validCredentialsEmailVerified, done); + }); }); afterEach(function (done) { @@ -105,6 +109,18 @@ describe('User', function(){ var u = new User({username: 'foo', password: 'bar'}); assert(u.password !== 'bar'); }); + + it('Create a user over REST should remove emailVerified property', function(done) { + request(app) + .post('/users') + .expect('Content-Type', /json/) + .expect(200) + .send(validCredentialsEmailVerifiedOverREST) + .end(function(err, res){ + assert(!res.body.emailVerified); + done(); + }); + }); }); describe('User.login', function() { @@ -155,6 +171,26 @@ describe('User', function(){ }); }); }); + + it('Login a user by without email verification', function(done) { + User.settings.emailVerificationRequired = true; + User.login(validCredentials, function (err, accessToken) { + assert(err); + User.settings.emailVerificationRequired = false; + done(); + }); + }); + + it('Login a user by with email verification', function(done) { + User.settings.emailVerificationRequired = true; + User.login(validCredentialsEmailVerified, function (err, accessToken) { + assert(accessToken.userId); + assert(accessToken.id); + assert.equal(accessToken.id.length, 64); + User.settings.emailVerificationRequired = false; + done(); + }); + }); it('Login a user over REST by providing credentials', function(done) { request(app) @@ -175,6 +211,41 @@ describe('User', function(){ }); }); + it('Login a user over REST when email verification is required', function(done) { + User.settings.emailVerificationRequired = true; + request(app) + .post('/users/login') + .expect('Content-Type', /json/) + .expect(200) + .send(validCredentialsEmailVerified) + .end(function(err, res){ + if(err) return done(err); + var accessToken = res.body; + + assert(accessToken.userId); + assert(accessToken.id); + assert.equal(accessToken.id.length, 64); + assert(accessToken.user === undefined); + + User.settings.emailVerificationRequired = false; + + done(); + }); + }); + + it('Login a user over REST without email verification when it is required', function(done) { + User.settings.emailVerificationRequired = true; + request(app) + .post('/users/login') + .expect('Content-Type', /json/) + .expect(401) + .send(validCredentials) + .end(function(err, res){ + User.settings.emailVerificationRequired = false; + done(); + }); + }); + it('Login a user over REST by providing invalid credentials', function(done) { request(app) .post('/users/login')