From 8766d4a68d014402dd8ed70295eb3b9d8a635c0d Mon Sep 17 00:00:00 2001 From: Pradnya Baviskar Date: Mon, 23 Feb 2015 15:25:25 +0530 Subject: [PATCH] Fix "User.confirm" to always call afterRemote hook Make the "redirect" parameter optional. When the parameter is not specified, the server responds with an empty response (204). This allows API clients to call the method without the need to handle redirects and HTML responses. Even when the "redirect" parameter is included, the builtin afterRemote hook still calls next(), so that user-provided afterRemote hooks are executed too. --- common/models/user.js | 23 ++++++++--------------- package.json | 2 +- test/user.test.js | 22 ++++++++++++++++++++++ 3 files changed, 31 insertions(+), 16 deletions(-) diff --git a/common/models/user.js b/common/models/user.js index f5f1a8c0..7e27550e 100644 --- a/common/models/user.js +++ b/common/models/user.js @@ -561,7 +561,7 @@ module.exports = function(User) { accepts: [ {arg: 'uid', type: 'string', required: true}, {arg: 'token', type: 'string', required: true}, - {arg: 'redirect', type: 'string', required: true} + {arg: 'redirect', type: 'string'} ], http: {verb: 'get', path: '/confirm'} } @@ -580,21 +580,14 @@ module.exports = function(User) { UserModel.on('attached', function() { UserModel.afterRemote('confirm', function(ctx, inst, next) { - if (ctx.req) { - // replacement for deprecated req.param() - var params = ctx.req.params; - var body = ctx.req.body; - var query = ctx.req.query; - var redirectUrl = - params && params.redirect !== undefined ? params.redirect : - body && body.redirect !== undefined ? body.redirect : - query && query.redirect !== undefined ? query.redirect : - undefined; - - ctx.res.redirect(redirectUrl); - } else { - next(new Error('transport unsupported')); + if (ctx.args.redirect !== undefined) { + if (!ctx.res) { + return next(new Error('The transport does not support HTTP redirects.')); + } + ctx.res.location(ctx.args.redirect); + ctx.res.status(302); } + next(); }); }); diff --git a/package.json b/package.json index 85c4ff39..e4c603b9 100644 --- a/package.json +++ b/package.json @@ -47,7 +47,7 @@ "nodemailer-stub-transport": "~0.1.4", "serve-favicon": "^2.1.6", "stable": "^0.1.5", - "strong-remoting": "^2.11.0", + "strong-remoting": "^2.13.2", "uid2": "0.0.3", "underscore.string": "~2.3.3" }, diff --git a/test/user.test.js b/test/user.test.js index 6caeb34d..6bfc4ab7 100644 --- a/test/user.test.js +++ b/test/user.test.js @@ -858,6 +858,28 @@ describe('User', function() { }, done); }); + it('Should report 302 when redirect url is set', function(done) { + testConfirm(function(result, done) { + request(app) + .get('/users/confirm?uid=' + (result.uid) + + '&token=' + encodeURIComponent(result.token) + + '&redirect=http://foo.com/bar') + .expect(302) + .expect('Location', 'http://foo.com/bar') + .end(done); + }, done); + }); + + it('Should report 204 when redirect url is not set', function(done) { + testConfirm(function(result, done) { + request(app) + .get('/users/confirm?uid=' + (result.uid) + + '&token=' + encodeURIComponent(result.token)) + .expect(204) + .end(done); + }, done); + }); + it('Report error for invalid user id during verification', function(done) { testConfirm(function(result, done) { request(app)