Merge pull request #3312 from strongloop/fix/change-password-validation

Check max password length in User.changePassword
This commit is contained in:
Miroslav Bajtoš 2017-03-28 15:59:07 +02:00 committed by GitHub
commit f736da64f4
2 changed files with 26 additions and 1 deletions

View File

@ -421,6 +421,12 @@ module.exports = function(User) {
return cb(err);
}
try {
User.validatePassword(newPassword);
} catch (err) {
return cb(err);
}
const delta = {password: newPassword};
this.patchAttributes(delta, options, (err, updated) => cb(err));
});

View File

@ -449,6 +449,25 @@ describe('User', function() {
});
});
});
it('rejects changePassword when new password is longer than 72 chars', function() {
return User.create({email: 'test@example.com', password: pass72Char})
.then(u => u.changePassword(pass72Char, pass73Char))
.then(
success => { throw new Error('changePassword should have failed'); },
err => {
expect(err.message).to.match(/Password too long/);
// workaround for chai problem
// object tested must be an array, an object, or a string,
// but error given
const props = Object.assign({}, err);
expect(props).to.contain({
code: 'PASSWORD_TOO_LONG',
statusCode: 422,
});
});
});
});
describe('Access-hook for queries with email NOT case-sensitive', function() {
@ -1339,7 +1358,7 @@ describe('User', function() {
err => {
// workaround for chai problem
// object tested must be an array, an object, or a string,
// but error given
// but error given
const props = Object.assign({}, err);
expect(props).to.contain({
code: 'USER_NOT_FOUND',