From 482f87c38eeb9c5438ff3998aee9e88772c9f008 Mon Sep 17 00:00:00 2001
From: Loay <loay@users.noreply.github.com>
Date: Tue, 26 Jul 2016 13:19:41 -0400
Subject: [PATCH] Tighten password reset

---
 test/user.test.js | 30 +++++++++++++++++++++++++++++-
 1 file changed, 29 insertions(+), 1 deletion(-)

diff --git a/test/user.test.js b/test/user.test.js
index e3c3c6ba..71fbf7bc 100644
--- a/test/user.test.js
+++ b/test/user.test.js
@@ -1723,7 +1723,6 @@ describe('User', function() {
             if (err) return done(err);
 
             assert.equal(user.email, email);
-
             done();
           });
         });
@@ -1763,6 +1762,35 @@ describe('User', function() {
     });
   });
 
+  describe('password reset without requiring email verification', function() {
+    var email = 'foo1@bar.com';
+    it('disallows temp accessToken creation if email verification is required and done', function(done) {
+      var calledBack = false;
+
+      User.resetPassword({
+        email: 'foo1@bar.com',
+      }, function() {
+        calledBack = true;
+      });
+
+      User.once('resetPasswordRequest', function(info) {
+        assert(info.email);
+        assert(!info.accessToken);
+        assert(!info.accessToken.id);
+        assert.equal(info.accessToken.ttl / 60, 15);
+        assert(calledBack);
+        console.log(info);
+        info.accessToken.user(function(err, user) {
+          if (err) return done(err);
+
+          assert.equal(user.email, email);
+          console.log(user.emailVerified);
+          done();
+        });
+      });
+    });
+  });
+
   describe('ctor', function() {
     it('exports default Email model', function() {
       expect(User.email, 'User.email').to.be.a('function');