Commit Graph

210 Commits

Author SHA1 Message Date
Miroslav Bajtoš 6808159427 Allow tokens with eternal TTL (value -1)
- Add a new User setting 'allowEternalTokens'
 - Enhance 'AccessToken.validate' to support eternal tokens with ttl
   value -1 when the user model allows it.
2016-10-10 13:27:22 +02:00
Loay 5f5e874564 Validate non-email property partial update 2016-10-03 15:45:52 -04:00
Candy 640f3a8ca7 Update globalization structure 2016-09-22 11:58:00 +02:00
David Cheung d544ae1bf8 Support uniqueness for realm users 2016-09-20 11:26:56 -04:00
Simon Ho c3ba632aa3 Merge pull request #2743 from strongloop/docs-for-kv-model
Add docs for KeyValue model
2016-09-19 15:29:47 -07:00
Loay bcc2d99a95 Invalidate sessions after email change 2016-09-19 10:24:30 -04:00
Simon Ho 845b73d4eb Add docs for KeyValue model 2016-09-18 19:45:13 -07:00
Miroslav Bajtoš 21ff383eb3 Fix double-slash in confirmation URL
Fix the code building the URL used in the email-verification email
to prevent double-slash in the URL when e.g. restApiRoot is '/'.

Before:

  http://example.com//users/confirm?...

Now:

  http://example.com/users/confirm?...
2016-09-13 08:52:49 +02:00
Miroslav Bajtoš 9a75ee6f30 Rework email validation to use isemail
Drop hand-crafted RegExp in favour of a 3rd-party module that supports
RFC5321, RFC5322 and other relevant standards.
2016-09-06 14:09:00 +02:00
Simon Ho 9db0682b07 Add remoting for KeyValue model TTL feature 2016-08-29 14:46:41 -07:00
Setogit 0f5136d072 Apply g.f to literal strings 2016-08-27 22:42:21 -07:00
Loay 5567917c12 Allow resetPassword if emailVerified 2016-08-26 13:11:42 -04:00
Benjamin Kroeger 4ff9a4c2ef streamline use if `self` 2016-08-25 12:51:51 +02:00
Benjamin Kroeger 01c1656fc2 resolve related models from correct registry
Also modify setup of test servers when ACL was used, force the app
to `loadBuiltinModels` with localRegistry.
2016-08-25 12:51:29 +02:00
Miroslav Bajtoš 88e4de5341 KeyValueModel: add API for listing keys
- Expose "keys()" at "GET /keys"
 - Add a dummy implementation for "iterateKeys" to serve a useful error
   message when the model is not attached correctly.
2016-08-18 10:50:45 +02:00
Rand McKinney 01a9fa2ab2 Update acl.js
Fix typo in JS doc.
2016-08-16 10:14:17 -07:00
Miroslav Bajtoš eec326dc80 Revert globalization of Swagger descriptions 2016-08-15 11:06:05 +02:00
Loay 7aebf0d132 Add bcrypt validation 2016-08-12 21:34:50 -04:00
Miroslav Bajtoš a259e59afc common: add KeyValueModel 2016-08-10 14:15:22 +02:00
Candy bb9a1b5b24 Update globalization string 2016-08-05 15:49:43 -04:00
Candy b52a7217a9 Add globalization 2016-08-04 15:08:16 -04:00
Miroslav Bajtoš 98816217c9 test: use local registry in test fixtures
Use local registry in test fixtures to prevent collision in globally
shared models.

Fix issues discoverd in auth implementation where the global registry
was used instead of the correct local one.
2016-07-27 10:07:49 +02:00
Loay 8f7e032a01 Update user.js 2016-07-25 00:55:55 -04:00
Loay b53a22bfb3 Fix security issue 580 2016-07-22 17:48:57 -04:00
Loay ec51e833b6 Fix verificationToken bug 2016-06-17 10:21:59 -04:00
Amir Jafarian 6502309e34 Expose `Replace*` methods
*Re-mapping `updateAttributes` endpoint to use
`PATCH` and `PUT`(configurable) verb
*Exposing `replaceById` and `replaceOrCreate` via
`POST` and `PUT`(configurable) verb
2016-06-10 14:56:44 -04:00
David Cheung 817e76e424 Remove unused UserModel properties
- credentials
- challenges
- status
- created
- lastUpdated
2016-05-10 14:29:08 -04:00
Simon Ho 363bc4d6c1 Merge pull request #2310 from ambrt/ambrt-patch-1
Update user.js
2016-05-09 12:30:17 -07:00
Candy 8ab6fccdea Remove Change.handleError 2016-05-09 11:45:27 -04:00
Rik 341390a74e Update user.js
allow to change all {href} instances in user.verify() mail into generated url instead of just one
2016-05-08 13:10:56 +02:00
Simon Ho 1559db2ca3 Merge pull request #2269 from supasate/feature/do-not-allow-duplicate-role-name
Add feature to not allow duplicate role name
2016-05-04 20:42:13 -07:00
Supasate Choochaisri d4a869bddf Add feature to not allow duplicate role name
Signed-off-by: Supasate Choochaisri <supasate.c@gmail.com>
2016-05-05 08:18:17 +07:00
Ryan Graham 6964914bab
update copyright statements 2016-05-03 15:50:21 -07:00
Miroslav Bajtoš 35d9fa4b54 Fix role.isOwner to support app-local registry 2016-05-03 14:01:39 +02:00
juehou dcf88baf68 Resolver support return promise 2016-05-02 17:47:14 -04:00
Miroslav Bajtoš f9702b0ace Use eslint with loopback config
Drop jshint and jscs in favour of eslint.

Fix style violations.

While we are at this, reduce the max line length from 150 to 100.
2016-04-06 10:45:30 +02:00
Jue Hou eb09681f21 promise docs
Add promise jsdoc in loopback
2016-04-04 12:35:35 -04:00
Candy 0e637962d5 Use new strong-remoting API 2016-02-05 11:11:38 -05:00
Jue Hou d26d6ff3ed Promisify Model Change
* Change.diff
* Change.findOrCreateChange
* Change.rectifyModelChanges
* Change.prototype.currentRevision
* Change.prototype.rectify
2016-02-04 11:05:23 -05:00
Miroslav Bajtoš 0ad150cb6e Merge pull request #1851 from gausie/patch-4
Hide verificationToken from JSON output
2016-01-25 14:23:52 +01:00
Amir-61 c9be67e4d3 Merge pull request #1908 from strongloop/checkpoint_speedup
Checkpoint speedup
2016-01-19 10:25:15 -05:00
Samuel Gaus 2741d50342 Hide verificationToken
We should never be showing this publically.

Adds unit test for hiding verification token.
2016-01-12 15:48:03 +00:00
Jue Hou 865789017d Fix description for User.prototype.hasPassword 2016-01-11 14:28:10 -05:00
Amir Jafarian 08a2786b04 Checkpoint speedup 2016-01-09 01:56:13 -05:00
Miroslav Bajtoš 1b765922c9 Merge pull request #1860 from strongloop/fix/replication-performance
Fix replication performance
2015-12-08 19:32:57 +01:00
Miroslav Bajtoš 62d2b0bf0d change: skip cp lookup on no change
Modify `Change.rectify` to look up the current checkpoint only when
there was actually some change made.

This should improve the performance of `rectifyAll` when called from a
regular timer and there were no changes made since the last call.
Before this commit, `rectifyAll` would perform N calls of
`Checkpoint.current` where N is the number of model instances. With
this commit in place, no call is made.
2015-12-08 17:54:26 +01:00
Miroslav Bajtoš 6d040a98ae Merge pull request #1804 from richardpringle/master
Add case-sensitive email option for User model
2015-12-08 12:47:58 +01:00
Miroslav Bajtoš d2aaca7460 Change: correctly rectify no-change
Modify `Change.rectify()` to not make any changes to the Change instance
(most notably to not modify the `checkpoint` field) when the tracked
model instance was not changed.

This should improve the performance of change replication as it reduces
the number of unnecessary replications.

For example, before this commit, every run of `rectifyAll` would
trigger a full sync of all clients, because all change instances would
be moved to the current checkpoint.
2015-12-07 14:13:25 +01:00
David Cheung c4917819af Adding properties description for User Model
- Added description for `realm` `created` `lastUpdated` `status`
- End of line for descriptions to be peroid
2015-12-04 14:55:01 -05:00
Richard Pringle 2cca83c4ff Add case-sensitve email option for User model. 2015-12-03 13:18:49 -05:00
Simo Moujami 403e677155 Fix user.resetPassword to fail on email not found 2015-11-02 12:55:24 +01:00
Samuel Gaus 351b8026a0 Do not include redundant ports in verify links
If the protocol and port match we can ignore the port for a more
visually appealing link.
2015-10-12 16:24:30 +02:00
wusuopu ce48521efb Set application's id property only if it's empty.
Fix `Application.resetKeys()` to reset instance id only if it is not
already set. This fixes a bug where each call of resetKeys created
a new instance.
2015-10-12 11:23:33 +02:00
Felipe Oliveira Carvalho 355ff8ee41 Update comment about user ACL to reflect implementation 2015-09-11 21:57:55 -03:00
Farid Nouri Neshat 1cc25923a7 Fix options.to assertion message in user.verify 2015-08-27 00:25:09 +08:00
Raymond Feng 06cece038e Merge pull request #1584 from strongloop/feature/add-more-acl-utils
Enhance the ACL related models
2015-08-13 09:00:32 -07:00
Raymond Feng 3eb8dd55f6 Add util methods to ACL and clean up related model resolutions 2015-08-13 08:58:41 -07:00
Pradnya Baviskar 2ee7c94a4e Promisify 'Application' model 2015-08-12 09:15:24 +02:00
Miroslav Bajtoš 004baad44c Merge pull request #1501 from digitalsadhu/master
Add missing . to user model property descriptions
2015-08-06 09:40:22 +02:00
Miroslav Bajtoš aa5c9e3628 Merge pull request #1493 from PradnyaBaviskar/issue418-userModel
Promisify User model
2015-08-04 10:32:44 +02:00
Raymond Feng 66d5cc07e0 Merge pull request #1465 from FreeCodeCamp/fix/no-password
fix: exit early when password is non-string
2015-07-29 15:12:43 -07:00
Berkeley Martinez 68fd106510 fix exit early when password is non-string
closes #1437
2015-07-29 13:14:06 -07:00
Pradnya Baviskar dc987a59a9 Promisify User model 2015-07-14 13:01:46 +05:30
Miroslav Bajtoš 5ec7fd51e2 Merge pull request #1416 from strongloop/feature/searchDefaultTokenKeys
Config option: (do not) search default token keys
2015-07-09 18:03:41 +02:00
Richard Walker 83dca3e838 Add missing . to user model property descriptions 2015-07-04 22:30:45 +02:00
Raymond Feng 77bcc09107 Merge branch 'master' of https://github.com/esco/loopback into esco-master 2015-05-29 16:44:18 -07:00
Owen Brotherwood 86ed4721a5 access-token: add option "searchDefaultTokenKeys"
Set this option to false to prevent AccessToken from checking default
places like "access_token" in query.
2015-05-29 12:06:31 +02:00
Alexandru Savin f70c209526 Pass the full options object to the email send method in user verification process. 2015-05-06 15:52:07 +02:00
Miroslav Bajtoš da50d6ffb0 Merge pull request #1332 from strongloop/fix/user-login-include
Fix remoting metadata for User.login#include
2015-04-28 08:08:25 +02:00
Miroslav Bajtoš 03d9f64c82 Fix remoting metadata for User.login#include
Change the type of the "include" argument to "string array".

The type used to be "string" before and thus requests sending multiple
include items were technically incorrect.
2015-04-24 08:58:30 +02:00
Raymond Feng bdc741520e Disable inclusion of User.accessTokens 2015-04-20 11:44:07 -07:00
Edmond Lau ef7c1439b6 fixed the missing '.' in various description fields. 2015-04-15 09:47:38 -04:00
Miroslav Bajtoš cf2acb3cd2 Conflict resolution and Access control
Add end-to-end unit-tests verifying enforcement of access control during
conflict resolution.

Implement two facade methods providing REST API for Change methods used
by conflict resolution:

    PersistedModel.findLastChange
    GET /api/{model.pluralName}/{id}/changes/last

    PersistedModel.updateLastChange
    PUT /api/{model.pluralName}/{id}/changes/last

By providing these two methods on PersistedModel, replication users
don't have to expose the Change model via the REST API. What's even
more important, these two methods use the same set of ACL rules
as other (regular) PersistedModel methods.

Rework `Conflict.prototype.changes()` and `Conflict.prototype.resolve()`
to use these new facade methods.

Implement a new method `Conflict.prototype.swapParties()` that provides
better API for the situation when a conflict detected in Remote->Local
replication should be resolved locally (i.e. in the replication target).
2015-04-14 08:23:24 +02:00
Miroslav Bajtoš 9c5fe088e3 AccessControl for change replication
1) Add integration tests running change replication over REST to verify
that access control at model level is correctly enforced.

2) Implement a new access type "REPLICATE" that allows principals
to create new checkpoints, even though they don't have full WRITE
access to the model. Together with the "READ" permission, these
two types allow principals to replicate (pull) changes from the server.

Note that anybody having "WRITE" access type is automatically
granted "REPLICATE" type too.

3) Add a new model option "enableRemoteReplication" that exposes
replication methods via strong remoting, but does not configure
change rectification. This option should be used the clients
when setting up Remote models attached to the server via the remoting
connector.
2015-04-07 19:53:58 +02:00
Miroslav Bajtoš b61fae58f6 Merge pull request #1272 from strongloop/feature/after-remote-error-hook
Model.afterRemoteError hook
2015-04-07 09:47:51 +02:00
Ritchie Martori b9170751bc Add support for app level Model isolation
- `loopback.registry` is now a true global registry
 - `app.registry` is unique per app object
 - `Model.registry` is set when a Model is created using any registry method
 - `loopback.localRegistry` and `loopback({localRegistry: true})` when set to `true` this will create a `Registry` per `Application`. It defaults to `false`.
2015-04-03 11:48:45 -07:00
Miroslav Bajtoš a71c8253e2 Code cleanup, add Model._runWhenAttachedToApp 2015-04-03 10:06:49 +02:00
Miroslav Bajtoš 63e2f4b134 Improve error handling in replication
Deprecate `Change.handleError`, it was used inconsistenly for a subset
of possible errors only. Rework all `Change` methods to always report
all errors to the caller via the callback.

Rework `PersistedModel` to report change-tracking errors via the
existing method `PersistedModel.handleChangeError`. This method
can be customized on a per-model basis to provide different error
handling.

The default implementation emits `error` event on the model class,
users can attach an event listener that can provide a custom error
handler.

NOTE: Unhandled `error` events crash the application by default.
2015-03-30 11:07:53 +02:00
Raymond Feng 548cb6ef94 Fix style issues 2015-03-27 08:59:11 -07:00
Esco Obong 957f84e989 add callback args for listByPrincipalType to jsdoc comment, pass explicit arguments to callback 2015-03-26 10:10:13 -04:00
Esco Obong 1993338c0b Merge branch 'master' of https://github.com/strongloop/loopback 2015-03-25 16:45:58 -04:00
Esco Obong 7923d036f8 mark utiltiy function as private 2015-03-25 10:10:34 -04:00
Miroslav Bajtoš 65c14c1779 Add conflict resolution API
New methods:
  conflict.resolveUsingSource(cb)
  conflict.resolveUsingTarget(cb)
  conflict.resolveManually(data, cb)
2015-03-20 17:47:07 +01:00
Miroslav Bajtoš 911d8323b4 Merge pull request #1205 from strongloop/feature/custom-verify-token-generator
Add ability to pass in custom verification token generator
2015-03-20 08:56:59 +01:00
Miroslav Bajtoš 87940a4b58 Detect 3rd-party changes made during replication
Modify `Change.diff()` to include current data revision in each
delta reported back. The current data revision is stored in
`delta.prev`.

Modify `PersistedModel.bulkUpdate()` to check that the current data
revision matches `delta.prev` and report a conflict if a third party
has modified the database under our hands.

Fix `Change` implementation and tests so that they are no longer
attempting to create instances with duplicate ids.
(This used to work because the memory connector was silently
converting such requests to updateOrCreate/findOrCreate.)
2015-03-20 08:19:59 +01:00
jakerella 713001913e Ability to pass in custom verification token generator
This commit adds the ability for the developer to use a custom token generator function for the user.verify(...) method. By default, the system will still use the crypto.randomBytes() method if no option is provided.
2015-03-19 16:56:38 -04:00
Esco Obong 551261ec16 fix linting errors 2015-03-13 18:30:53 -04:00
Esco Obong c764c09837 fix lint erros 2015-03-13 16:53:26 -04:00
Esco Obong 7a990d745c Merge remote-tracking branch 'upstream/master' 2015-03-13 15:06:00 -04:00
Esco Obong 8cc558a991 consolidate Role methods roles, applications, and users into one, add query param to allow for pagination and restricting fields 2015-03-13 11:50:30 -04:00
Esco Obong 74018019b4 fix implementation of Role methods: users,roles, and applications 2015-03-12 14:58:08 -04:00
crandmck 1cabd74308 Remove duplicate cb func from getRoles and other doc cleanup 2015-03-12 11:15:36 -07:00
Benjamin Boudreau 2d08e656b8 Handling owner being a relation/function 2015-03-11 10:25:40 -04:00
Miroslav Bajtoš e59493ec40 Merge pull request #1176 from strongloop/feature/more-replication-improvements
Prevent more kinds of false replication conflicts
2015-03-06 07:27:16 +01:00
ulion 9f705139f8 Static ACL support array of properties now 2015-03-06 06:24:09 +08:00
Miroslav Bajtoš 76d9244448 Prevent more kinds of false replication conflicts
Rework the Change model to merge changes made within the same
Checkpoint.

Rework `replicate()` to run multiple iteration until there were no
changes replicated. This ensures that the target model is left in
a clean state with no pending changes associated with the latest
(current) checkpoint.
2015-03-05 14:15:02 +01:00
Miroslav Bajtoš b381c5df7e Add more debug logs to replication 2015-03-04 15:00:53 +01:00
Miroslav Bajtoš 2885317634 Merge pull request #1157 from strongloop/feature/replication-improvements
Replication improvements: Checkpoint
2015-03-04 08:45:19 +01:00
Miroslav Bajtoš 3d5c8a7443 Checkpoint: start with seq=1 instead of seq=0
Since the seq behaves in many senses like an id, it should meet
the usual expectation people have about ids. Using only truthy values
is one of them.
2015-03-03 19:37:11 +01:00
Miroslav Bajtoš 628e3a30ca Return new checkpoints in callback of replicate()
Extend `PersistedModel.replicate` to pass the newly created checkpoints
as the third callback argument.

The typical usage of these values is to pass them as the `since`
argument of the next `replicate()` call.

    global.since = -1;

    function sync(cb) {
      LocalModel.replicate(
        since,
        RemoteModel,
        function(err, conflicts, cps)
          if (err) return cb(err);
          if (!conflicts.length) {
            since = cps;
            return cb();
          }
          // resolve conflicts and try again
        });
    }
2015-03-03 19:37:11 +01:00