verdnatura-mirror
/
loopback
mirror of https://github.com/strongloop/loopback.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'greaterweb-master'

This commit is contained in:
Raymond Feng 2015-01-07 16:35:43 -08:00
parent 065872847f f5eac871fd
commit 497678e4a1
2 changed files with 47 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
common/models/user.js
View File

@ -183,33 +183,32 @@ module.exports = function(User) {
debug('An error is reported from User.findOne: %j', err); debug('An error is reported from User.findOne: %j', err);
fn(defaultError); fn(defaultError);
} else if (user) { } else if (user) {
if (self.settings.emailVerificationRequired) {
if (!user.emailVerified) {
// Fail to log in if email verification is not done yet
debug('User email has not been verified');
err = new Error('login failed as the email has not been verified');
err.statusCode = 401;
return fn(err);
}
}
user.hasPassword(credentials.password, function(err, isMatch) { user.hasPassword(credentials.password, function(err, isMatch) {
if (err) { if (err) {
debug('An error is reported from User.hasPassword: %j', err); debug('An error is reported from User.hasPassword: %j', err);
fn(defaultError); fn(defaultError);
} else if (isMatch) { } else if (isMatch) {
user.createAccessToken(credentials.ttl, function(err, token) { if (self.settings.emailVerificationRequired && !user.emailVerified) {
if (err) return fn(err); // Fail to log in if email verification is not done yet
if (Array.isArray(include) ? include.indexOf('user') !== -1 : include === 'user') { debug('User email has not been verified');
// NOTE(bajtos) We can't set token.user here: err = new Error('login failed as the email has not been verified');
// 1. token.user already exists, it's a function injected by err.statusCode = 401;
// "AccessToken belongsTo User" relation return fn(err);
// 2. ModelBaseClass.toJSON() ignores own properties, thus } else {
// the value won't be included in the HTTP response user.createAccessToken(credentials.ttl, function(err, token) {
// See also loopback#161 and loopback#162 if (err) return fn(err);
token.__data.user = user; if (Array.isArray(include) ? include.indexOf('user') !== -1 : include === 'user') {
} // NOTE(bajtos) We can't set token.user here:
fn(err, token); // 1. token.user already exists, it's a function injected by
}); // "AccessToken belongsTo User" relation
// 2. ModelBaseClass.toJSON() ignores own properties, thus
// the value won't be included in the HTTP response
// See also loopback#161 and loopback#162
token.__data.user = user;
}
fn(err, token);
});
}
} else { } else {
debug('The password is invalid for user %s', query.email || query.username); debug('The password is invalid for user %s', query.email || query.username);
fn(defaultError); fn(defaultError);

27
test/user.test.js
View File

@ -7,7 +7,8 @@ var userMemory = loopback.createDataSource({
}); });
describe('User', function() { describe('User', function() {
var validCredentials = {email: 'foo@bar.com', password: 'bar'}; var validCredentialsEmail = 'foo@bar.com';
var validCredentials = {email: validCredentialsEmail, password: 'bar'};
var validCredentialsEmailVerified = {email: 'foo1@bar.com', password: 'bar1', emailVerified: true}; var validCredentialsEmailVerified = {email: 'foo1@bar.com', password: 'bar1', emailVerified: true};
var validCredentialsEmailVerifiedOverREST = {email: 'foo2@bar.com', password: 'bar2', emailVerified: true}; var validCredentialsEmailVerifiedOverREST = {email: 'foo2@bar.com', password: 'bar2', emailVerified: true};
var validCredentialsWithTTL = {email: 'foo@bar.com', password: 'bar', ttl: 3600}; var validCredentialsWithTTL = {email: 'foo@bar.com', password: 'bar', ttl: 3600};
@ -364,6 +365,15 @@ describe('User', function() {
User.settings.emailVerificationRequired = false; User.settings.emailVerificationRequired = false;
}); });
it('Require valid and complete credentials for email verification error', function(done) {
User.login({ email: validCredentialsEmail }, function(err, accessToken) {
// strongloop/loopback#931
// error message should be "login failed" and not "login failed as the email has not been verified"
assert(err && !/verified/.test(err.message), ('expecting "login failed" error message, received: "' + err.message + '"'));
done();
});
});
it('Login a user by without email verification', function(done) { it('Login a user by without email verification', function(done) {
User.login(validCredentials, function(err, accessToken) { User.login(validCredentials, function(err, accessToken) {
assert(err); assert(err);
@ -397,6 +407,21 @@ describe('User', function() {
}); });
}); });
it('Login a user over REST require complete and valid credentials for email verification error message', function(done) {
request(app)
.post('/users/login')
.expect('Content-Type', /json/)
.expect(401)
.send({ email: validCredentialsEmail })
.end(function(err, res) {
// strongloop/loopback#931
// error message should be "login failed" and not "login failed as the email has not been verified"
var errorResponse = res.body.error;
assert(errorResponse && !/verified/.test(errorResponse.message), ('expecting "login failed" error message, received: "' + errorResponse.message + '"'));
done();
});
});
it('Login a user over REST without email verification when it is required', function(done) { it('Login a user over REST without email verification when it is required', function(done) {
request(app) request(app)
.post('/users/login') .post('/users/login')