diff --git a/lib/models/user.js b/lib/models/user.js index c43d557f..17af8f23 100644 --- a/lib/models/user.js +++ b/lib/models/user.js @@ -154,7 +154,16 @@ User.login = function (credentials, include, fn) { include = undefined; } - include = (include || '').toLowerCase(); + include = (include || ''); + if (Array.isArray(include)) { + include = include.map(function ( val ) { + return val.toLowerCase(); + }); + }else { + include = include.toLowerCase(); + } + + var query = {}; if(credentials.email) { @@ -191,7 +200,7 @@ User.login = function (credentials, include, fn) { } else if(isMatch) { user.createAccessToken(credentials.ttl, function(err, token) { if (err) return fn(err); - if (include === 'user') { + if (Array.isArray(include) ? include.indexOf('user') !== -1 : include === 'user') { // NOTE(bajtos) We can't set token.user here: // 1. token.user already exists, it's a function injected by // "AccessToken belongsTo User" relation diff --git a/test/user.test.js b/test/user.test.js index 0bfc9240..c6680fff 100644 --- a/test/user.test.js +++ b/test/user.test.js @@ -265,6 +265,22 @@ describe('User', function(){ }); }); + it('should handle multiple `include`', function(done) { + request(app) + .post('/users/login?include=USER&include=Post') + .send(validCredentials) + .expect(200) + .expect('Content-Type', /json/) + .end(function(err, res) { + if (err) return done(err); + var token = res.body; + expect(token.user, 'body.user').to.not.equal(undefined); + expect(token.user, 'body.user') + .to.have.property('email', validCredentials.email); + done(); + }); + }); + it('Login should only allow correct credentials', function(done) { User.create({email: 'foo22@bar.com', password: 'bar'}, function(user, err) { User.login({email: 'foo44@bar.com', password: 'bar'}, function(err, accessToken) {