Merge branch 'master' of https://github.com/greaterweb/loopback into greaterweb-master
This commit is contained in:
commit
f5eac871fd
|
@ -183,20 +183,18 @@ module.exports = function(User) {
|
|||
debug('An error is reported from User.findOne: %j', err);
|
||||
fn(defaultError);
|
||||
} else if (user) {
|
||||
if (self.settings.emailVerificationRequired) {
|
||||
if (!user.emailVerified) {
|
||||
// Fail to log in if email verification is not done yet
|
||||
debug('User email has not been verified');
|
||||
err = new Error('login failed as the email has not been verified');
|
||||
err.statusCode = 401;
|
||||
return fn(err);
|
||||
}
|
||||
}
|
||||
user.hasPassword(credentials.password, function(err, isMatch) {
|
||||
if (err) {
|
||||
debug('An error is reported from User.hasPassword: %j', err);
|
||||
fn(defaultError);
|
||||
} else if (isMatch) {
|
||||
if (self.settings.emailVerificationRequired && !user.emailVerified) {
|
||||
// Fail to log in if email verification is not done yet
|
||||
debug('User email has not been verified');
|
||||
err = new Error('login failed as the email has not been verified');
|
||||
err.statusCode = 401;
|
||||
return fn(err);
|
||||
} else {
|
||||
user.createAccessToken(credentials.ttl, function(err, token) {
|
||||
if (err) return fn(err);
|
||||
if (Array.isArray(include) ? include.indexOf('user') !== -1 : include === 'user') {
|
||||
|
@ -210,6 +208,7 @@ module.exports = function(User) {
|
|||
}
|
||||
fn(err, token);
|
||||
});
|
||||
}
|
||||
} else {
|
||||
debug('The password is invalid for user %s', query.email || query.username);
|
||||
fn(defaultError);
|
||||
|
|
|
@ -7,7 +7,8 @@ var userMemory = loopback.createDataSource({
|
|||
});
|
||||
|
||||
describe('User', function() {
|
||||
var validCredentials = {email: 'foo@bar.com', password: 'bar'};
|
||||
var validCredentialsEmail = 'foo@bar.com';
|
||||
var validCredentials = {email: validCredentialsEmail, password: 'bar'};
|
||||
var validCredentialsEmailVerified = {email: 'foo1@bar.com', password: 'bar1', emailVerified: true};
|
||||
var validCredentialsEmailVerifiedOverREST = {email: 'foo2@bar.com', password: 'bar2', emailVerified: true};
|
||||
var validCredentialsWithTTL = {email: 'foo@bar.com', password: 'bar', ttl: 3600};
|
||||
|
@ -364,6 +365,15 @@ describe('User', function() {
|
|||
User.settings.emailVerificationRequired = false;
|
||||
});
|
||||
|
||||
it('Require valid and complete credentials for email verification error', function(done) {
|
||||
User.login({ email: validCredentialsEmail }, function(err, accessToken) {
|
||||
// strongloop/loopback#931
|
||||
// error message should be "login failed" and not "login failed as the email has not been verified"
|
||||
assert(err && !/verified/.test(err.message), ('expecting "login failed" error message, received: "' + err.message + '"'));
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('Login a user by without email verification', function(done) {
|
||||
User.login(validCredentials, function(err, accessToken) {
|
||||
assert(err);
|
||||
|
@ -397,6 +407,21 @@ describe('User', function() {
|
|||
});
|
||||
});
|
||||
|
||||
it('Login a user over REST require complete and valid credentials for email verification error message', function(done) {
|
||||
request(app)
|
||||
.post('/users/login')
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(401)
|
||||
.send({ email: validCredentialsEmail })
|
||||
.end(function(err, res) {
|
||||
// strongloop/loopback#931
|
||||
// error message should be "login failed" and not "login failed as the email has not been verified"
|
||||
var errorResponse = res.body.error;
|
||||
assert(errorResponse && !/verified/.test(errorResponse.message), ('expecting "login failed" error message, received: "' + errorResponse.message + '"'));
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('Login a user over REST without email verification when it is required', function(done) {
|
||||
request(app)
|
||||
.post('/users/login')
|
||||
|
|
Loading…
Reference in New Issue