Merge feature/password-reset

2013-12-06 17:35:14 -08:00 · 2013-12-06 17:35:14 -08:00 · af2b8dd4ff
parent a6a135ab18 e92c46a4e4
commit af2b8dd4ff
4 changed files with 84 additions and 6 deletions
--- a/docs/api.md
+++ b/docs/api.md
@ -1,8 +1,8 @@
 ## Node.js API

- * [App](#app-object)
- * [DataSource](#data-source-object)
- * [GeoPoint](#geopoint-object)  
- * [Model](#model-object)
-  * [Remote methods and hooks](#remote-methods-and-hooks)
- * [REST API](#rest-api)
+ * [App](api-app.md)
+ * [Model](api-model.md)
+ * [Remote methods and hooks](api-model-remote.md)
+ * [DataSource](api-datasource.md)
+ * [GeoPoint](api-geopoint.md)
+ * [REST API](rest.md)
--- a/lib/models/user.js
+++ b/lib/models/user.js
@ -12,6 +12,7 @@ var Model = require('../loopback').Model
  , LocalStrategy = require('passport-local').Strategy
  , BaseAccessToken = require('./access-token')
  , DEFAULT_TTL = 1209600 // 2 weeks in seconds
+  , DEFAULT_RESET_PW_TTL = 15 * 60 // 15 mins in seconds
  , DEFAULT_MAX_TTL = 31556926; // 1 year in seconds

 /**
@ -235,6 +236,42 @@ User.confirm = function (uid, token, redirect, fn) {
    }
  });
 }
+
+User.resetPassword = function(options, cb) {
+  var UserModel = this;
+  var ttl = UserModel.settings.resetPasswordTokenTTL || DEFAULT_RESET_PW_TTL;
+
+  options = options || {};
+  if(typeof options.email === 'string') {
+    UserModel.findOne({email: options.email}, function(err, user) {
+      if(err) {
+        cb(err);
+      } else if(user) {
+        // create a short lived access token for temp login to change password
+        // TODO(ritch) - eventually this should only allow password change
+        user.accessTokens.create({ttl: ttl}, function(err, accessToken) {
+          if(err) {
+            cb(err);
+          } else {
+            cb();
+            UserModel.emit('resetPasswordRequest', {
+              email: options.email,
+              accessToken: accessToken
+            });
+          }
+        })
+      } else {
+        cb();
+      }
+    });
+  } else {
+    var err = new Error('email is required');
+    err.statusCode = 400;
+
+    cb(err);
+  }
+}
+
 /**
 * Setup an extended user model.
 */
@ -286,6 +323,16 @@ User.setup = function () {
    }
  );
  
+  loopback.remoteMethod(
+    UserModel.resetPassword,
+    {
+      accepts: [
+        {arg: 'options', type: 'object', required: true, http: {source: 'body'}}
+      ],
+      http: {verb: 'post', path: '/reset'}
+    }
+  );
+
  UserModel.on('attached', function () {
    UserModel.afterRemote('confirm', function (ctx, inst, next) {
      if(ctx.req) {
--- a/templates/reset-form.ejs
+++ b/templates/reset-form.ejs
@ -0,0 +1,3 @@
+<form>
+  
+</form>
--- a/test/user.test.js
+++ b/test/user.test.js
@ -13,6 +13,7 @@ describe('User', function(){
  
  before(function () {
    User.hasMany(AccessToken, {as: 'accessTokens', foreignKey: 'userId'});  
+    AccessToken.belongsTo(User);  
  });
  
  beforeEach(function (done) {
@ -316,4 +317,31 @@ describe('User', function(){
      });
    });
  });
+
+  describe('Password Reset', function () {
+    describe('User.resetPassword(options, cb)', function () {
+      it('Creates a temp accessToken to allow a user to change password', function (done) {
+        var calledBack = false;
+        var email = 'foo@bar.com';
+
+        User.resetPassword({
+          email: email
+        }, function () {
+          calledBack = true;
+        });
+
+        User.once('resetPasswordRequest', function (info) {
+          assert(info.email);
+          assert(info.accessToken);
+          assert(info.accessToken.id);
+          assert.equal(info.accessToken.ttl / 60, 15);
+          assert(calledBack);
+          info.accessToken.user(function (err, user) {
+            assert.equal(user.email, email);
+            done();
+          });
+        });
+      });
+    });
+  });
 });