cddfb9c77d
Allow password reset request for users in realms
2017-01-05 09:47:18 -05:00
298635dad1
Merge pull request #2992 from DA-14/feature/resetPasswordRequest
...
Emit resetPasswordRequest event with options
2017-01-05 15:33:22 +01:00
d9ae32429b
Fix false emailVerified on user model update
...
Yesterday, the loopback we are using in our system was upgraded
via npm, and since the upgrade, we noticed that every time
the user model updates, the emailVerified column would change to false.
I took a look and realized there might be an error in
https://github.com/strongloop/loopback/commit/eb640d8
The intent of the commit just mention is to make emailVerified false
when the email gets changed, but notice that ctx.data.email is null
on updates, so the condition is always met and emailVerified always
becomes false.
This commit fixes the issue just mentioned.
2016-12-23 14:04:44 +09:00
29a17f39d5
Invalidate AccessTokens on password change
...
Invalidate all existing sessions (delete all access tokens)
after user's password was changed.
2016-12-12 13:30:53 +01:00
fa8bca8d6e
Emit resetPasswordRequest event with options
2016-12-09 18:14:32 +02:00
5016703f21
Remove "options.template" from Email payload
...
Fix User.confirm to exclude "options.template" when sending the
confirmation email. Certain nodemailer transport plugins are rejecting
such requests.
2016-12-06 16:18:19 +01:00
1ec7cf0a37
Turn on "no-unused-expressions" rule for eslint
...
Fix unit-tests relying on property-based assertions to use function
calls instead, using "dirty-chai" to modify chai's property checkers.
2016-11-22 15:30:04 +01:00
06cb481c3f
Update eslint to loopback config v5
...
Notable side-effects:
- loopback no longer exports "caller" and "arguments" properties
- kv-memory connector is now properly added to the connector registry
- the file "test/support.js" was finally removed
2016-11-22 14:08:02 +01:00
85da50cbc8
Add templateFn option to User#verify()
2016-11-14 16:22:10 +01:00
eb640d8da0
Require verification after email change
...
When the User model is configured to require email verification,
then any change of the email address should trigger re-verification.
2016-11-09 13:06:25 +01:00
4922f425fc
adding check of string for case insensitive emails
2016-11-01 18:13:56 -04:00
5f5e874564
Validate non-email property partial update
2016-10-03 15:45:52 -04:00
d544ae1bf8
Support uniqueness for realm users
2016-09-20 11:26:56 -04:00
bcc2d99a95
Invalidate sessions after email change
2016-09-19 10:24:30 -04:00
21ff383eb3
Fix double-slash in confirmation URL
...
Fix the code building the URL used in the email-verification email
to prevent double-slash in the URL when e.g. restApiRoot is '/'.
Before:
http://example.com//users/confirm ?...
Now:
http://example.com/users/confirm ?...
2016-09-13 08:52:49 +02:00
92a5a08671
test/user: don't attach User model twice
2016-09-09 09:02:41 +02:00
9a75ee6f30
Rework email validation to use isemail
...
Drop hand-crafted RegExp in favour of a 3rd-party module that supports
RFC5321, RFC5322 and other relevant standards.
2016-09-06 14:09:00 +02:00
5567917c12
Allow resetPassword if emailVerified
2016-08-26 13:11:42 -04:00
7aebf0d132
Add bcrypt validation
2016-08-12 21:34:50 -04:00
7546ee531d
Update dependencies to their latest versions
2016-08-03 16:17:58 +02:00
17a046d7a1
Increase timeout
2016-07-29 14:54:34 -04:00
0fa3327112
Fix test case error
2016-07-26 10:26:44 -04:00
b53a22bfb3
Fix security issue 580
2016-07-22 17:48:57 -04:00
ec51e833b6
Fix verificationToken bug
2016-06-17 10:21:59 -04:00
ddb5327e64
Update tests for strong-error-handler
...
Fix rest-adapter related test case switching to strong-error-handler
Only affect the test-cases calling rest methods
2016-06-07 13:26:18 -04:00
817e76e424
Remove unused UserModel properties
...
- credentials
- challenges
- status
- created
- lastUpdated
2016-05-10 14:29:08 -04:00
04e26fae5c
Separate error-checking and next/done logic from other logic in the test suite
...
Signed-off-by: Supasate Choochaisri <supasate.c@gmail.com>
2016-05-05 11:12:48 +07:00
6964914bab
update copyright statements
2016-05-03 15:50:21 -07:00
095dce0373
test/user: use local registry
...
Rework User tests to not depend on `app.autoAttach()` and global shared
registry of Models. Instead, each tests creates a fresh app instance
with a new in-memory datasource and a new set of Models.
2016-05-03 14:01:39 +02:00
f9702b0ace
Use eslint with loopback config
...
Drop jshint and jscs in favour of eslint.
Fix style violations.
While we are at this, reduce the max line length from 150 to 100.
2016-04-06 10:45:30 +02:00
ab5254fcba
test: remove errant console.log from test
...
Using console.log like this can result in invalid xml when the xunit
reporter is used.
2016-02-04 08:35:37 -08:00
2741d50342
Hide verificationToken
...
We should never be showing this publically.
Adds unit test for hiding verification token.
2016-01-12 15:48:03 +00:00
2cca83c4ff
Add case-sensitve email option for User model.
2015-12-03 13:18:49 -05:00
403e677155
Fix user.resetPassword to fail on email not found
2015-11-02 12:55:24 +01:00
351b8026a0
Do not include redundant ports in verify links
...
If the protocol and port match we can ignore the port for a more
visually appealing link.
2015-10-12 16:24:30 +02:00
dc987a59a9
Promisify User model
2015-07-14 13:01:46 +05:30
12e19e36ea
Upgrade test fixtures to use LB 2.x layout
2015-04-20 09:23:44 -07:00
699bc7aa97
test: remove global autoAttach
2015-04-07 15:25:18 +02:00
713001913e
Ability to pass in custom verification token generator
...
This commit adds the ability for the developer to use a custom token generator function for the user.verify(...) method. By default, the system will still use the crypto.randomBytes() method if no option is provided.
2015-03-19 16:56:38 -04:00
78550a9bc5
Pass options from User.login to createAccessToken
...
It will allow subclass of User to create access token based on additional
properties such as 'scope'.
2015-03-02 14:48:08 -08:00
3c43eccac7
Merge pull request #1120 from PradnyaBaviskar/lb-issue-416
...
Fix "User.confirm" to always call afterRemote hook
Close #1120
2015-02-25 14:26:07 +01:00
8766d4a68d
Fix "User.confirm" to always call afterRemote hook
...
Make the "redirect" parameter optional. When the parameter is not
specified, the server responds with an empty response (204). This allows
API clients to call the method without the need to handle redirects
and HTML responses.
Even when the "redirect" parameter is included, the builtin afterRemote
hook still calls next(), so that user-provided afterRemote hooks
are executed too.
2015-02-25 14:20:47 +01:00
13e618bff2
Skip hashing password if it's already hashed
...
See https://github.com/strongloop/loopback-datasource-juggler/issues/471
2015-02-24 16:36:51 -08:00
c2236c393b
Upgrade jscs to ~1.11 via grunt-jscs ^1.5
2015-02-20 15:31:15 +01:00
a18fa176a8
Fix the test case
2015-01-30 08:52:45 -08:00
a028d9d198
Add error code property to known error responses.
...
Enhance the error objects with a `code` property containing
a machine-readable string code describing the error, for example
INVALID_TOKEN or USER_NOT_FOUND.
Also improve 404 error messages to include the model name.
2015-01-21 19:04:47 +01:00
f5eac871fd
Merge branch 'master' of https://github.com/greaterweb/loopback into greaterweb-master
2015-01-07 16:35:00 -08:00
90fd62ec0a
Merge pull request #941 from strongloop/feature/workaround-issue-251
...
Allow User.hashPassword/validatePassword to be overridden
2015-01-07 14:01:03 -08:00
b7db9808b2
Allow User.hashPassword/validatePassword to be overridden
...
See https://github.com/strongloop/loopback/issues/251
2015-01-06 16:03:30 -08:00
62bb63b4f2
Additional password reset unit tests for API and REST
...
- strongloop/loopback#944
2015-01-06 10:31:53 -05:00
Bram Borggreve
Miroslav Bajtoš
박대선
Miroslav Bajtoš
Sergey Reus
Loay
Adrien Kiren
Dhaval Trivedi
David Cheung
jannyHou
Supasate Choochaisri
Ryan Graham
Ryan Graham
Samuel Gaus
Richard Pringle
Simo Moujami
Pradnya Baviskar
Raymond Feng
Miroslav Bajtoš
jakerella
Ron Edgecomb
Raymond Feng