verdnatura-mirror
/
loopback
mirror of https://github.com/strongloop/loopback.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1789 from simoami/master 

PasswordReset fix for #1374 and #947

Close #1789
This commit is contained in:
Miroslav Bajtoš 2015-11-02 13:04:12 +01:00
parent 32085475ed 403e677155
commit 8af1b0bdfb
2 changed files with 38 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
common/models/user.js
View File

@ -506,35 +506,39 @@ module.exports = function(User) {
var ttl = UserModel.settings.resetPasswordTokenTTL || DEFAULT_RESET_PW_TTL; var ttl = UserModel.settings.resetPasswordTokenTTL || DEFAULT_RESET_PW_TTL;
options = options || {}; options = options || {};
if (typeof options.email === 'string') { if (typeof options.email !== 'string') {
UserModel.findOne({ where: {email: options.email} }, function(err, user) { var err = new Error('Email is required');
if (err) {
cb(err);
} else if (user) {
// create a short lived access token for temp login to change password
// TODO(ritch) - eventually this should only allow password change
user.accessTokens.create({ttl: ttl}, function(err, accessToken) {
if (err) {
cb(err);
} else {
cb();
UserModel.emit('resetPasswordRequest', {
email: options.email,
accessToken: accessToken,
user: user
});
}
});
} else {
cb();
}
});
} else {
var err = new Error('email is required');
err.statusCode = 400; err.statusCode = 400;
err.code = 'EMAIL_REQUIRED'; err.code = 'EMAIL_REQUIRED';
cb(err); cb(err);
return cb.promise;
} }
UserModel.findOne({ where: {email: options.email} }, function(err, user) {
if (err) {
return cb(err);
}
if (!user) {
err = new Error('Email not found');
err.statusCode = 404;
err.code = 'EMAIL_NOT_FOUND';
return cb(err);
}
// create a short lived access token for temp login to change password
// TODO(ritch) - eventually this should only allow password change
user.accessTokens.create({ttl: ttl}, function(err, accessToken) {
if (err) {
return cb(err);
}
cb();
UserModel.emit('resetPasswordRequest', {
email: options.email,
accessToken: accessToken,
user: user
});
});
});
return cb.promise; return cb.promise;
}; };

9
test/user.test.js
View File

@ -1383,6 +1383,15 @@ describe('User', function() {
}); });
}); });
it('Reports when email is not found', function(done) {
User.resetPassword({ email: 'unknown@email.com' }, function(err) {
assert(err);
assert.equal(err.code, 'EMAIL_NOT_FOUND');
assert.equal(err.statusCode, 404);
done();
});
});
it('Creates a temp accessToken to allow a user to change password', function(done) { it('Creates a temp accessToken to allow a user to change password', function(done) {
var calledBack = false; var calledBack = false;