update code

2016-08-03 14:22:41 -04:00 · 2016-08-03 14:22:41 -04:00 · 0f3522e28d
parent 76a390d03e
commit 0f3522e28d
2 changed files with 43 additions and 14 deletions
--- a/common/models/user.js
+++ b/common/models/user.js
@ -560,19 +560,32 @@ module.exports = function(User) {
        err.code = 'EMAIL_NOT_FOUND';
        return cb(err);
      }
+      if (user && user.emailVerified) {
+        user.accessTokens.create({ ttl: ttl }, function(err, accessToken) {
+          if (err) {
+            return cb(err);
+          }
+          cb();
+          UserModel.emit('resetPasswordRequest', {
+            email: options.email,
+            user: user,
+          });
+        });
+      } else if (user && !user.emailVerified) {
      // create a short lived access token for temp login to change password
      // TODO(ritch) - eventually this should only allow password change
-      user.accessTokens.create({ ttl: ttl }, function(err, accessToken) {
-        if (err) {
-          return cb(err);
-        }
-        cb();
-        UserModel.emit('resetPasswordRequest', {
-          email: options.email,
-          accessToken: accessToken,
-          user: user,
+        user.accessTokens.create({ ttl: ttl }, function(err, accessToken) {
+          if (err) {
+            return cb(err);
+          }
+          cb();
+          UserModel.emit('resetPasswordRequest', {
+            email: options.email,
+            accessToken: accessToken,
+            user: user,
+          });
        });
-      });
+      }
    });

    return cb.promise;
--- a/test/user.test.js
+++ b/test/user.test.js
@ -1685,7 +1685,8 @@ describe('User', function() {

  describe('password reset without requiring email verification', function() {
    var email = 'foo1@bar.com';
-    it('disallows temp accessToken creation if email verification is required and done', function(done) {
+    it('disallows temp accessToken creation if email verification is required and done',
+    function(done) {
      var calledBack = false;

      User.resetPassword({
@ -1697,15 +1698,30 @@ describe('User', function() {
      User.once('resetPasswordRequest', function(info) {
        assert(info.email);
        assert(!info.accessToken);
-        assert(!info.accessToken.id);
+        assert(calledBack);
+        done();
+      });
+    });
+    it('creates accessToken if email has not been verified', function(done) {
+      var email = 'foo@bar.com';
+      var calledBack = false;
+
+      User.resetPassword({
+        email: 'foo@bar.com',
+      }, function() {
+        calledBack = true;
+      });
+
+      User.once('resetPasswordRequest', function(info) {
+        assert(info.email);
+        assert(info.accessToken);
+        assert(info.accessToken.id);
        assert.equal(info.accessToken.ttl / 60, 15);
        assert(calledBack);
-        console.log(info);
        info.accessToken.user(function(err, user) {
          if (err) return done(err);

          assert.equal(user.email, email);
-          console.log(user.emailVerified);
          done();
        });
      });