verdnatura-mirror
/
loopback
mirror of https://github.com/strongloop/loopback.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix parallel user pass

This commit is contained in:
loay 2017-09-29 09:07:21 -04:00
parent 0f40ca8f8e
commit 5725859a59
2 changed files with 13394 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13316
package-lock.json generated Normal file
View File

File diff suppressed because it is too large Load Diff

79
test/user.test.js
View File

@ -14,7 +14,7 @@ var extend = require('util')._extend;
const Promise = require('bluebird');
const waitForEvent = require('./helpers/wait-for-event');
var User, AccessToken;
var User, AccessToken, BasicUser, AdminUser;
describe('User', function() {
this.timeout(10000);
@ -71,16 +71,47 @@ describe('User', function() {
// Speed up the password hashing algorithm for tests
saltWorkFactor: 4,
});
BasicUser = app.registry.createModel({
name: 'BasicUser',
base: 'User',
http: {path: 'test-basic'},
// forceId is set to false for the purpose of updating the same affected user within the
// `Email Update` test cases.
forceId: false,
// Speed up the password hashing algorithm for tests
saltWorkFactor: 4,
});
AdminUser = app.registry.createModel({
name: 'AdminUser',
base: 'User',
http: {path: 'test-basic'},
// forceId is set to false for the purpose of updating the same affected user within the
// `Email Update` test cases.
forceId: false,
// Speed up the password hashing algorithm for tests
saltWorkFactor: 4,
});
app.model(User, {dataSource: 'db'});
app.model(BasicUser, {dataSource: 'db'});
app.model(AdminUser, {dataSource: 'db'});
AccessToken = app.registry.getModel('AccessToken');
app.model(AccessToken, {dataSource: 'db'});
User.email = Email;
BasicUser.email=Email;
AdminUser.email=Email;
// Update the AccessToken relation to use the subclass of User
AccessToken.belongsTo(User, {as: 'user', foreignKey: 'userId'});
AccessToken.belongsTo(BasicUser, {as: 'user', foreignKey: 'userId'});
AccessToken.belongsTo(AdminUser, {as: 'user', foreignKey: 'userId'});
User.hasMany(AccessToken, {as: 'accessTokens', foreignKey: 'userId'});
BasicUser.hasMany(AccessToken, {as: 'accessTokens', foreignKey: 'userId'});
AdminUser.hasMany(AccessToken, {as: 'accessTokens', foreignKey: 'userId'});
// Speed up the password hashing algorithm
// for tests using the built-in User model
@ -2428,6 +2459,52 @@ describe('User', function() {
.expect(200));
});
it('should reject password reset role/user relations', function(done) {
var accessToken2, AdminUserReset;
async.series([
function(next) {
BasicUser.create({ name: 'BU', email: 'u@example.com', password: 'foobar'}, function(err, user) {
console.log(user);
if (err) return done(err);
next();
});
},
function(next) {
AdminUser.create({name: 'AU', email: 'a@example.com', password: 'foobar'}, function(err, user) {
AdminUserReset = user;
console.log(user);
if (err) return done(err);
next();
});
},
function(next) {
User.login({email:'u@example.com', password: 'foobar'}, function(err, accessToken1) {
accessToken2 = accessToken1;
if (err) return next(err);
console.log(accessToken1);
assert(accessToken1.userId);
next();
});
},
function(next) {
return triggerPasswordReset(AdminUserReset.email)
.then(info => {
// Make a REST request to change the password
return request(app)
.patch(`/test-basic/1`)
.set('Authorization', accessToken2.id)
.send({password: 'new-pass'})
.expect(401);
})
.then(() => {
// Call login to verify the password was changed
const credentials = {email: AdminUserReset.email, password: 'new-pass'};
return User.login(credentials);
});
},
], done);
});
describe('User.resetPassword(options, cb) requiring realm', function() {
var realmUser;