Merge pull request #941 from strongloop/feature/workaround-issue-251

Allow User.hashPassword/validatePassword to be overridden
This commit is contained in:
Raymond Feng 2015-01-07 14:01:03 -08:00
commit 90fd62ec0a
3 changed files with 68 additions and 12 deletions

View File

@ -453,6 +453,24 @@ module.exports = function(User) {
} }
}; };
/*!
* Hash the plain password
*/
User.hashPassword = function(plain) {
this.validatePassword(plain);
var salt = bcrypt.genSaltSync(this.settings.saltWorkFactor || SALT_WORK_FACTOR);
return bcrypt.hashSync(plain, salt);
};
User.validatePassword = function(plain) {
if (typeof plain === 'string' && plain) {
return true;
}
var err = new Error('Invalid password: ' + plain);
err.statusCode = 422;
throw err;
};
/*! /*!
* Setup an extended user model. * Setup an extended user model.
*/ */
@ -467,8 +485,7 @@ module.exports = function(User) {
this.settings.ttl = this.settings.ttl || DEFAULT_TTL; this.settings.ttl = this.settings.ttl || DEFAULT_TTL;
UserModel.setter.password = function(plain) { UserModel.setter.password = function(plain) {
var salt = bcrypt.genSaltSync(this.constructor.settings.saltWorkFactor || SALT_WORK_FACTOR); this.$password = this.constructor.hashPassword(plain);
this.$password = bcrypt.hashSync(plain, salt);
}; };
// Make sure emailVerified is not set by creation // Make sure emailVerified is not set by creation

View File

@ -22,14 +22,14 @@ describe('GeoPoint', function() {
describe('GeoPoint()', function() { describe('GeoPoint()', function() {
it('Create from string', function() { it('Create from string', function() {
var point = new GeoPoint('1.234,5.678'); var point = new GeoPoint('1.234,5.678');
assert.equal(point.lng, 1.234); assert.equal(point.lat, 1.234);
assert.equal(point.lat, 5.678); assert.equal(point.lng, 5.678);
var point2 = new GeoPoint('1.222, 5.333'); var point2 = new GeoPoint('1.222, 5.333');
assert.equal(point2.lng, 1.222); assert.equal(point2.lat, 1.222);
assert.equal(point2.lat, 5.333); assert.equal(point2.lng, 5.333);
var point3 = new GeoPoint('1.333, 5.111'); var point3 = new GeoPoint('1.333, 5.111');
assert.equal(point3.lng, 1.333); assert.equal(point3.lat, 1.333);
assert.equal(point3.lat, 5.111); assert.equal(point3.lng, 5.111);
}); });
it('Serialize as string', function() { it('Serialize as string', function() {
var str = '1.234,5.678'; var str = '1.234,5.678';
@ -38,8 +38,8 @@ describe('GeoPoint', function() {
}); });
it('Create from array', function() { it('Create from array', function() {
var point = new GeoPoint([5.555, 6.777]); var point = new GeoPoint([5.555, 6.777]);
assert.equal(point.lng, 5.555); assert.equal(point.lat, 5.555);
assert.equal(point.lat, 6.777); assert.equal(point.lng, 6.777);
}); });
it('Create as Model property', function() { it('Create as Model property', function() {
var Model = loopback.createModel('geo-model', { var Model = loopback.createModel('geo-model', {
@ -51,8 +51,8 @@ describe('GeoPoint', function() {
}); });
assert(m.geo instanceof GeoPoint); assert(m.geo instanceof GeoPoint);
assert.equal(m.geo.lng, 1.222); assert.equal(m.geo.lat, 1.222);
assert.equal(m.geo.lat, 3.444); assert.equal(m.geo.lng, 3.444);
}); });
}); });
}); });

View File

@ -135,6 +135,45 @@ describe('User', function() {
assert(u.password !== 'bar'); assert(u.password !== 'bar');
}); });
describe('custom password hash', function() {
var defaultHashPassword;
var defaultValidatePassword;
beforeEach(function() {
defaultHashPassword = User.hashPassword;
defaultValidatePassword = User.defaultValidatePassword;
User.hashPassword = function(plain) {
return plain.toUpperCase();
};
User.validatePassword = function(plain) {
if (!plain || plain.length < 3) {
throw new Error('Password must have at least 3 chars');
}
return true;
};
});
afterEach(function() {
User.hashPassword = defaultHashPassword;
});
it('Reports invalid password', function() {
try {
var u = new User({username: 'foo', password: 'aa'});
assert(false, 'Error should have been thrown');
} catch (e) {
// Ignore
}
});
it('Hashes the given password', function() {
var u = new User({username: 'foo', password: 'bar'});
assert(u.password === 'BAR');
});
});
it('Create a user over REST should remove emailVerified property', function(done) { it('Create a user over REST should remove emailVerified property', function(done) {
request(app) request(app)
.post('/users') .post('/users')