Fix User.resetPassword to call createAccessToken()

This allows User subclasses to override the algorithm used for building
one-time access tokens for password recovery.
This commit is contained in:
João Ribeiro 2016-12-11 03:12:54 +00:00 committed by Miroslav Bajtoš
parent ff53933085
commit e63fea83f7
2 changed files with 14 additions and 1 deletions

View File

@ -615,7 +615,7 @@ module.exports = function(User) {
return cb(err); return cb(err);
} }
user.accessTokens.create({ttl: ttl}, function(err, accessToken) { user.createAccessToken(ttl, function(err, accessToken) {
if (err) { if (err) {
return cb(err); return cb(err);
} }

View File

@ -1895,6 +1895,19 @@ describe('User', function() {
}); });
}); });
it('calls createAccessToken() to create the token', function(done) {
User.prototype.createAccessToken = function(ttl, cb) {
cb(null, new AccessToken({id: 'custom-token'}));
};
User.resetPassword({email: options.email}, function() {});
User.once('resetPasswordRequest', function(info) {
expect(info.accessToken.id).to.equal('custom-token');
done();
});
});
it('Password reset over REST rejected without email address', function(done) { it('Password reset over REST rejected without email address', function(done) {
request(app) request(app)
.post('/test-users/reset') .post('/test-users/reset')