Merge feature/password-reset

docs/api.md

@@ -1,8 +1,8 @@
 ## Node.js API
 
- * [App](#app-object)
+ * [App](api-app.md)
- * [DataSource](#data-source-object)
+ * [Model](api-model.md)
- * [GeoPoint](#geopoint-object)  
+ * [Remote methods and hooks](api-model-remote.md)
- * [Model](#model-object)
+ * [DataSource](api-datasource.md)
-  * [Remote methods and hooks](#remote-methods-and-hooks)
+ * [GeoPoint](api-geopoint.md)
- * [REST API](#rest-api)
+ * [REST API](rest.md)

lib/models/user.js

@@ -12,6 +12,7 @@ var Model = require('../loopback').Model
   , LocalStrategy = require('passport-local').Strategy
   , BaseAccessToken = require('./access-token')
   , DEFAULT_TTL = 1209600 // 2 weeks in seconds
+  , DEFAULT_RESET_PW_TTL = 15 * 60 // 15 mins in seconds
   , DEFAULT_MAX_TTL = 31556926; // 1 year in seconds
 
 /**
@@ -235,6 +236,42 @@ User.confirm = function (uid, token, redirect, fn) {
     }
   });
 }
+
+User.resetPassword = function(options, cb) {
+  var UserModel = this;
+  var ttl = UserModel.settings.resetPasswordTokenTTL || DEFAULT_RESET_PW_TTL;
+
+  options = options || {};
+  if(typeof options.email === 'string') {
+    UserModel.findOne({email: options.email}, function(err, user) {
+      if(err) {
+        cb(err);
+      } else if(user) {
+        // create a short lived access token for temp login to change password
+        // TODO(ritch) - eventually this should only allow password change
+        user.accessTokens.create({ttl: ttl}, function(err, accessToken) {
+          if(err) {
+            cb(err);
+          } else {
+            cb();
+            UserModel.emit('resetPasswordRequest', {
+              email: options.email,
+              accessToken: accessToken
+            });
+          }
+        })
+      } else {
+        cb();
+      }
+    });
+  } else {
+    var err = new Error('email is required');
+    err.statusCode = 400;
+
+    cb(err);
+  }
+}
+
 /**
  * Setup an extended user model.
  */
@@ -286,6 +323,16 @@ User.setup = function () {
     }
   );
   
+  loopback.remoteMethod(
+    UserModel.resetPassword,
+    {
+      accepts: [
+        {arg: 'options', type: 'object', required: true, http: {source: 'body'}}
+      ],
+      http: {verb: 'post', path: '/reset'}
+    }
+  );
+
   UserModel.on('attached', function () {
     UserModel.afterRemote('confirm', function (ctx, inst, next) {
       if(ctx.req) {

templates/reset-form.ejs

@@ -0,0 +1,3 @@
+<form>
+  
+</form>

test/user.test.js

@@ -13,6 +13,7 @@ describe('User', function(){
   
   before(function () {
     User.hasMany(AccessToken, {as: 'accessTokens', foreignKey: 'userId'});  
+    AccessToken.belongsTo(User);  
   });
   
   beforeEach(function (done) {
@@ -316,4 +317,31 @@ describe('User', function(){
       });
     });
   });
+
+  describe('Password Reset', function () {
+    describe('User.resetPassword(options, cb)', function () {
+      it('Creates a temp accessToken to allow a user to change password', function (done) {
+        var calledBack = false;
+        var email = 'foo@bar.com';
+
+        User.resetPassword({
+          email: email
+        }, function () {
+          calledBack = true;
+        });
+
+        User.once('resetPasswordRequest', function (info) {
+          assert(info.email);
+          assert(info.accessToken);
+          assert(info.accessToken.id);
+          assert.equal(info.accessToken.ttl / 60, 15);
+          assert(calledBack);
+          info.accessToken.user(function (err, user) {
+            assert.equal(user.email, email);
+            done();
+          });
+        });
+      });
+    });
+  });
 });