Check max password length in User.changePassword
This commit is contained in:
parent
048110ee01
commit
b550cdcf43
|
@ -421,6 +421,12 @@ module.exports = function(User) {
|
||||||
return cb(err);
|
return cb(err);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
try {
|
||||||
|
User.validatePassword(newPassword);
|
||||||
|
} catch (err) {
|
||||||
|
return cb(err);
|
||||||
|
}
|
||||||
|
|
||||||
const delta = {password: newPassword};
|
const delta = {password: newPassword};
|
||||||
this.patchAttributes(delta, options, (err, updated) => cb(err));
|
this.patchAttributes(delta, options, (err, updated) => cb(err));
|
||||||
});
|
});
|
||||||
|
|
|
@ -449,6 +449,25 @@ describe('User', function() {
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
|
it('rejects changePassword when new password is longer than 72 chars', function() {
|
||||||
|
return User.create({email: 'test@example.com', password: pass72Char})
|
||||||
|
.then(u => u.changePassword(pass72Char, pass73Char))
|
||||||
|
.then(
|
||||||
|
success => { throw new Error('changePassword should have failed'); },
|
||||||
|
err => {
|
||||||
|
expect(err.message).to.match(/Password too long/);
|
||||||
|
|
||||||
|
// workaround for chai problem
|
||||||
|
// object tested must be an array, an object, or a string,
|
||||||
|
// but error given
|
||||||
|
const props = Object.assign({}, err);
|
||||||
|
expect(props).to.contain({
|
||||||
|
code: 'PASSWORD_TOO_LONG',
|
||||||
|
statusCode: 422,
|
||||||
|
});
|
||||||
|
});
|
||||||
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
describe('Access-hook for queries with email NOT case-sensitive', function() {
|
describe('Access-hook for queries with email NOT case-sensitive', function() {
|
||||||
|
|
Loading…
Reference in New Issue