Allow password reset request for users in realms

This commit is contained in:
Bram Borggreve 2016-12-03 15:25:13 -05:00
parent 298635dad1
commit cddfb9c77d
No known key found for this signature in database
GPG Key ID: 3E5E4F27F8D464C6
2 changed files with 63 additions and 2 deletions

View File

@ -559,11 +559,12 @@ module.exports = function(User) {
};
/**
* Create a short lived acess token for temporary login. Allows users
* Create a short lived access token for temporary login. Allows users
* to change passwords if forgotten.
*
* @options {Object} options
* @prop {String} email The user's email address
* @property {String} realm The user's realm (optional)
* @callback {Function} callback
* @param {Error} err
* @promise
@ -589,7 +590,13 @@ module.exports = function(User) {
} catch (err) {
return cb(err);
}
UserModel.findOne({where: {email: options.email}}, function(err, user) {
var where = {
email: options.email,
};
if (options.realm) {
where.realm = options.realm;
}
UserModel.findOne({where: where}, function(err, user) {
if (err) {
return cb(err);
}

View File

@ -20,6 +20,8 @@ describe('User', function() {
email: 'foo1@bar.com', password: 'bar1', emailVerified: true};
var validCredentialsEmailVerifiedOverREST = {
email: 'foo2@bar.com', password: 'bar2', emailVerified: true};
var validCredentialsWithRealm = {
email: 'foo3@bar.com', password: 'bar', realm: 'foobar'};
var validCredentialsWithTTL = {email: 'foo@bar.com', password: 'bar', ttl: 3600};
var validCredentialsWithTTLAndScope = {
email: 'foo@bar.com', password: 'bar', ttl: 3600, scope: 'all'};
@ -1924,6 +1926,58 @@ describe('User', function() {
done();
});
});
describe('User.resetPassword(options, cb) requiring realm', function() {
var realmUser;
beforeEach(function(done) {
User.create(validCredentialsWithRealm, function(err, u) {
if (err) return done(err);
realmUser = u;
done();
});
});
it('Reports when email is not found in realm', function(done) {
User.resetPassword({
email: realmUser.email,
realm: 'unknown',
}, function(err) {
assert(err);
assert.equal(err.code, 'EMAIL_NOT_FOUND');
assert.equal(err.statusCode, 404);
done();
});
});
it('Creates a temp accessToken to allow user in realm to change password', function(done) {
var calledBack = false;
User.resetPassword({
email: realmUser.email,
realm: realmUser.realm,
}, function() {
calledBack = true;
});
User.once('resetPasswordRequest', function(info) {
assert(info.email);
assert(info.accessToken);
assert(info.accessToken.id);
assert.equal(info.accessToken.ttl / 60, 15);
assert(calledBack);
info.accessToken.user(function(err, user) {
if (err) return done(err);
assert.equal(user.email, realmUser.email);
done();
});
});
});
});
});
});