verdnatura-mirror
/
loopback
mirror of https://github.com/strongloop/loopback.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Reset Password/Email verification

This commit is contained in:
Loay 2016-08-24 15:58:23 -04:00
parent f9399e53d8
commit 88b4a7e034
6 changed files with 42 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
common/models/user.js
View File

@ -574,14 +574,14 @@ module.exports = function(User) {
err.code = 'EMAIL_NOT_FOUND';
return cb(err);
}
if (user && user.emailVerified) {
UserModel.emit('resetPasswordRequest', {
email: options.email,
user: user,
});
} else if (user && !user.emailVerified) {
// create a short lived access token for temp login to change password
// TODO(ritch) - eventually this should only allow password change
if (UserModel.settings.emailVerificationRequired && !user.emailVerified) {
err = new Error(g.f('Email has not been verified'));
err.statusCode = 401;
err.code = 'RESET_FAILED_EMAIL_NOT_VERIFIED';
cb(err);
} else {
user.accessTokens.create({ ttl: ttl }, function(err, accessToken) {
if (err) {
return cb(err);

2
example/mobile-models/app.js
View File

@ -18,7 +18,6 @@ var Application = models.Application(dataSource);
app.model(Application);
var data = { pushSettings: [
{ 'platform': 'apns',
'apns': {
@ -42,7 +41,6 @@ Application.create(data, function(err, data) {
g.log('Created: %s', data.toObject());
});
Application.register('rfeng', 'MyApp', { description: g.f('My first mobile application') },
function(err, result) {
console.log(result.toObject());

1
example/simple-data-source/app.js
View File

@ -10,7 +10,6 @@ var app = loopback();
app.use(loopback.rest());
var dataSource = app.dataSource('db', { adapter: 'memory' });
var Color = dataSource.define('color', {

1
lib/persisted-model.js
View File

@ -718,7 +718,6 @@ module.exports = function(registry) {
setRemoting(PersistedModel, 'replaceById', replaceByIdOptions);
setRemoting(PersistedModel, 'find', {
description: 'Find all instances of the model matched by filter from the data source.',
accessType: 'READ',

60
test/user.test.js
View File

@ -1762,44 +1762,48 @@ describe('User', function() {
});
});
describe('password reset without requiring email verification', function() {
var email = 'foo1@bar.com';
it('disallows temp accessToken creation if email verification is required and done',
describe('password reset with/without email verification', function() {
it('allows resetPassword by email if email verification is required and done',
function(done) {
User.settings.emailVerificationRequired = true;
var email = 'foo1@bar.com';
var calledBack = false;
User.resetPassword({
email: 'foo1@bar.com',
}, function() {
calledBack = true;
});
User.once('resetPasswordRequest', function(info) {
assert(info.email);
assert(!info.accessToken);
done();
});
});
it('creates accessToken if email has not been verified', function(done) {
var email = 'foo@bar.com';
var calledBack = false;
User.resetPassword({
email: 'foo@bar.com',
}, function() {
User.resetPassword({ email: 'foo1@bar.com' }, function() {
calledBack = true;
});
User.once('resetPasswordRequest', function(info) {
assert(info.email);
assert(info.accessToken);
assert(info.accessToken.id);
assert.equal(info.accessToken.ttl / 60, 15);
assert(calledBack);
info.accessToken.user(function(err, user) {
if (err) return done(err);
assert(info.user.emailVerified);
done();
});
});
assert.equal(user.email, email);
it('disallows resetPassword by email if email verification is required and not done',
function(done) {
User.settings.emailVerificationRequired = true;
var email = 'foo@bar.com';
User.resetPassword({ email: 'foo@bar.com' }, function(err) {
assert(err);
assert.equal(err.code, 'RESET_FAILED_EMAIL_NOT_VERIFIED');
assert.equal(err.statusCode, 401);
done ();
});
});
it('allows resetPassword by email if email verification is not required',
function(done) {
User.settings.emailVerificationRequired = false;
var email = 'foo@bar.com';
User.resetPassword({ email: 'foo@bar.com' }, function(err) {
User.once('resetPasswordRequest', function(info) {
assert(info.email);
assert(info.accessToken);
assert(!info.user.emailVerified);
done();
});
});