verdnatura-mirror
/
loopback
mirror of https://github.com/strongloop/loopback.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Hide verificationToken 

We should never be showing this publically.

Adds unit test for hiding verification token.

This is a back-port of pull request #1851 from gausie/patch-4
This commit is contained in:
Miroslav Bajtoš 2016-01-26 13:51:37 +01:00
parent 870e1010a8
commit a0a1083564
2 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
common/models/user.json
View File

@ -32,7 +32,7 @@
"options": { "options": {
"caseSensitiveEmail": true "caseSensitiveEmail": true
}, },
"hidden": ["password"], "hidden": ["password", "verificationToken"],
"acls": [ "acls": [
{ {
"principalType": "ROLE", "principalType": "ROLE",

6
test/user.test.js
View File

@ -1320,6 +1320,12 @@ describe('User', function() {
}); });
}); });
it('should hide verification tokens from user JSON', function(done) {
var user = new User({email: 'bar@bat.com', password: 'bar', verificationToken: 'a-token' });
var data = user.toJSON();
assert(!('verificationToken' in data));
done();
});
}); });
describe('User.confirm(options, fn)', function() { describe('User.confirm(options, fn)', function() {