Merge pull request #1789 from simoami/master

PasswordReset fix for #1374 and #947 Close #1789
2015-11-02 13:04:12 +01:00 · 2015-11-02 13:04:12 +01:00 · 8af1b0bdfb
parent 32085475ed 403e677155
commit 8af1b0bdfb
2 changed files with 38 additions and 25 deletions
--- a/common/models/user.js
+++ b/common/models/user.js
@ -506,35 +506,39 @@ module.exports = function(User) {
    var ttl = UserModel.settings.resetPasswordTokenTTL || DEFAULT_RESET_PW_TTL;

    options = options || {};
-    if (typeof options.email === 'string') {
-      UserModel.findOne({ where: {email: options.email} }, function(err, user) {
-        if (err) {
-          cb(err);
-        } else if (user) {
-          // create a short lived access token for temp login to change password
-          // TODO(ritch) - eventually this should only allow password change
-          user.accessTokens.create({ttl: ttl}, function(err, accessToken) {
-            if (err) {
-              cb(err);
-            } else {
-              cb();
-              UserModel.emit('resetPasswordRequest', {
-                email: options.email,
-                accessToken: accessToken,
-                user: user
-              });
-            }
-          });
-        } else {
-          cb();
-        }
-      });
-    } else {
-      var err = new Error('email is required');
+    if (typeof options.email !== 'string') {
+      var err = new Error('Email is required');
      err.statusCode = 400;
      err.code = 'EMAIL_REQUIRED';
      cb(err);
+      return cb.promise;
    }
+
+    UserModel.findOne({ where: {email: options.email} }, function(err, user) {
+      if (err) {
+        return cb(err);
+      }
+      if (!user) {
+        err = new Error('Email not found');
+        err.statusCode = 404;
+        err.code = 'EMAIL_NOT_FOUND';
+        return cb(err);
+      }
+      // create a short lived access token for temp login to change password
+      // TODO(ritch) - eventually this should only allow password change
+      user.accessTokens.create({ttl: ttl}, function(err, accessToken) {
+        if (err) {
+          return cb(err);
+        }
+        cb();
+        UserModel.emit('resetPasswordRequest', {
+          email: options.email,
+          accessToken: accessToken,
+          user: user
+        });
+      });
+    });
+
    return cb.promise;
  };

--- a/test/user.test.js
+++ b/test/user.test.js
@ -1383,6 +1383,15 @@ describe('User', function() {
          });
      });

+      it('Reports when email is not found', function(done) {
+        User.resetPassword({ email: 'unknown@email.com' }, function(err) {
+          assert(err);
+          assert.equal(err.code, 'EMAIL_NOT_FOUND');
+          assert.equal(err.statusCode, 404);
+          done();
+        });
+      });
+
      it('Creates a temp accessToken to allow a user to change password', function(done) {
        var calledBack = false;