From e7831f6c4d53d6982c02731095fd4a5614fa49ad Mon Sep 17 00:00:00 2001 From: Bram Borggreve Date: Wed, 23 Nov 2016 18:29:43 -0500 Subject: [PATCH] Allow password reset request for users in realms --- common/models/user.js | 13 ++++++++--- test/user.test.js | 53 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 63 insertions(+), 3 deletions(-) diff --git a/common/models/user.js b/common/models/user.js index 8d1debfe..41ad6232 100644 --- a/common/models/user.js +++ b/common/models/user.js @@ -546,11 +546,12 @@ module.exports = function(User) { }; /** - * Create a short lived acess token for temporary login. Allows users + * Create a short lived access token for temporary login. Allows users * to change passwords if forgotten. * * @options {Object} options - * @prop {String} email The user's email address + * @property {String} email The user's email address + * @property {String} realm The user's realm (optional) * @callback {Function} callback * @param {Error} err */ @@ -575,7 +576,13 @@ module.exports = function(User) { } catch (err) { return cb(err); } - UserModel.findOne({ where: { email: options.email }}, function(err, user) { + var where = { + email: options.email + }; + if (options.realm) { + where.realm = options.realm; + } + UserModel.findOne({ where: where }, function(err, user) { if (err) { return cb(err); } diff --git a/test/user.test.js b/test/user.test.js index 555e0acd..f3b4b850 100644 --- a/test/user.test.js +++ b/test/user.test.js @@ -15,6 +15,7 @@ describe('User', function() { var validCredentials = {email: validCredentialsEmail, password: 'bar'}; var validCredentialsEmailVerified = {email: 'foo1@bar.com', password: 'bar1', emailVerified: true}; var validCredentialsEmailVerifiedOverREST = {email: 'foo2@bar.com', password: 'bar2', emailVerified: true}; + var validCredentialsWithRealm = {email: 'foo3@bar.com', password: 'bar', realm: 'foobar'}; var validCredentialsWithTTL = {email: 'foo@bar.com', password: 'bar', ttl: 3600}; var validCredentialsWithTTLAndScope = {email: 'foo@bar.com', password: 'bar', ttl: 3600, scope: 'all'}; var validMixedCaseEmailCredentials = {email: 'Foo@bar.com', password: 'bar'}; @@ -1878,6 +1879,58 @@ describe('User', function() { }); }); }); + + describe('User.resetPassword(options, cb) requiring realm', function() { + var realmUser; + + beforeEach(function(done) { + User.create(validCredentialsWithRealm, function(err, u) { + if (err) return done(err); + + realmUser = u; + done(); + }); + }); + + it('Reports when email is not found in realm', function(done) { + User.resetPassword({ + email: realmUser.email, + realm: 'unknown' + }, function(err) { + assert(err); + assert.equal(err.code, 'EMAIL_NOT_FOUND'); + assert.equal(err.statusCode, 404); + + done(); + }); + }); + + it('Creates a temp accessToken to allow a user in realm to change password', function(done) { + var calledBack = false; + + User.resetPassword({ + email: realmUser.email, + realm: realmUser.realm + }, function() { + calledBack = true; + }); + + User.once('resetPasswordRequest', function(info) { + assert(info.email); + assert(info.accessToken); + assert(info.accessToken.id); + assert.equal(info.accessToken.ttl / 60, 15); + assert(calledBack); + info.accessToken.user(function(err, user) { + if (err) return done(err); + + assert.equal(user.email, realmUser.email); + + done(); + }); + }); + }); + }); }); describe('Email Update', function() {