Commit Graph

406 Commits

Author SHA1 Message Date
Ryan Graham 8fa04fd32f Merge pull request #1015 from strongloop/feature/rmg-basic-auth-support
Extend AccessToken to parse Basic auth headers
2015-01-16 10:52:02 -08:00
Ryan Graham 389b8c0e83 test: use 127.0.0.1 instead of localhost
More portable for dual-stack environments where localhost may mean
::1, which is the IPv6 equivalent of 127.0.0.1, but not actually the
same.
2015-01-15 22:53:09 -08:00
Ryan Graham fbb091e3b3 Extend AccessToken to parse Basic auth headers
Allow convenient URLs for curl and browsers such as:
 - http://some-long-token@localhost:3000/
 - http://token:some-long-token@localhost:3000/

Basic Auth specifies a 'Basic' scheme for the Authorization header
similar to how OAuth specifies 'Bearer' as an auth scheme.

Following a similar convention, extract the access token from the
Authorization header when it specifies the 'Basic' scheme, assuming
it is the larger of the <user>:<pass> segments.
2015-01-15 22:53:09 -08:00
Ryan Graham 83d8844b70 tests: fix Bearer token test 2015-01-15 22:53:09 -08:00
Raymond Feng 563a06fa7e Make sure EXECUTE access type matches READ or WRITE
See https://github.com/strongloop/loopback/issues/1011
2015-01-14 13:38:44 -08:00
Raymond Feng f5eac871fd Merge branch 'master' of https://github.com/greaterweb/loopback into greaterweb-master 2015-01-07 16:35:00 -08:00
Raymond Feng 90fd62ec0a Merge pull request #941 from strongloop/feature/workaround-issue-251
Allow User.hashPassword/validatePassword to be overridden
2015-01-07 14:01:03 -08:00
Pham Anh Tuan ca0208ddd9 Fix context middleware to preserve domains
When executing a request using a pooled connection, connectors
like MongoDB and/or MySQL rebind callbacks to the domain which
issued the request, as opposed to the domain which opened the pooled
connection.

This commit fixes the context middleware to play nicely with that
mechanism and preserve domain rebinds.
2015-01-07 10:56:10 +01:00
Raymond Feng 4a9c5b627c Fix Geo test cases 2015-01-06 16:03:37 -08:00
Raymond Feng b7db9808b2 Allow User.hashPassword/validatePassword to be overridden
See https://github.com/strongloop/loopback/issues/251
2015-01-06 16:03:30 -08:00
Raymond Feng d77c5fac1d Merge pull request #962 from clarkorz/fix/nestRemote-hooks
fix nestRemoting is nesting hooks from other relations
2015-01-06 15:29:15 -08:00
Ron Edgecomb 62bb63b4f2 Additional password reset unit tests for API and REST
- strongloop/loopback#944
2015-01-06 10:31:53 -05:00
Ron Edgecomb 9ac620c113 Small formatting update to have consistency with identical logic in other areas.
- strongloop/loopback#944
2015-01-06 10:31:52 -05:00
Ron Edgecomb 36112d2b50 Simplify the API test for invalidCredentials (removed create), move above REST calls for better grouping of tests
- strongloop/loopback#944
2015-01-06 10:31:52 -05:00
Ron Edgecomb e4a1baa4a3 Force request to send body as string, this ensures headers aren't automatically set to application/json
- strongloop/loopback#944
2015-01-06 10:31:52 -05:00
Ron Edgecomb 572a8bb423 Ensure error checking logic is in place for all REST calls, expand formatting for consistency with existing instances.
- strongloop/loopback#944
2015-01-06 10:31:52 -05:00
Ron Edgecomb 6de1da5d22 Correct invalidCredentials so that it differs from validCredentialsEmailVerified, unit test now passes as desired.
- strongloop/loopback#944
2015-01-06 10:31:52 -05:00
Ron Edgecomb 3b4cadf7a3 Update to demonstrate unit test is actually failing due to incorrect values of invalidCredentials
- strongloop/loopback#944
2015-01-06 10:31:52 -05:00
Ron Edgecomb 70f576b452 API and REST tests added to ensure complete and valid credentials are supplied for verified error message to be returned
- tests added as suggested and fail under previous version of User model
 - strongloop/loopback#931
2015-01-05 18:40:59 -05:00
Ritchie Martori 270dfc2603 Merge pull request #955 from alFReD-NSH/checkpoint-leak
Fix Change.getCheckpointModel() giving new models each call
2015-01-05 09:40:29 -08:00
Clark Wang 58f67e92d1 fix jscs warning
Signed-off-by: Clark Wang <clark.wangs@gmail.com>
2015-01-04 18:24:29 +08:00
Clark Wang 94b2a45a6c fix nestRemoting is nesting hooks from other relations
Signed-off-by: Clark Wang <clark.wangs@gmail.com>
2015-01-01 15:26:58 +08:00
Clark Wang 2f9400fc87 fix User.settings.ttl can't be overridden in sub model
Signed-off-by: Clark Wang <clark.wangs@gmail.com>
2014-12-28 16:02:37 +08:00
Farid Neshat d5d7ecd0bb Fix Change.getCheckpointModel() giving new models each call
This was a huge memory leak in our app...
2014-12-27 23:48:56 +08:00
Miroslav Bajtoš 4744aa6920 server-app: make _sortLayersByPhase stable
Fix the phase-sorting algorithm to use a stable sorting algorithm,
since the built-in `Array.prototype.sort` is not stable.
2014-12-15 08:14:26 +01:00
Miroslav Bajtoš 84af4194fb Rework phased middleware, fix several bugs
Bugs fixed:

 - express helpers like `req.get` are now available in middleware
   handlers registered via `app.middleware`

 - `req.url` does not include the mountpath prefix now, this is
   consistent with the behaviour of `app.use`

The implementation of phased middleware was completely rewritten.
 - We no longer use Phase and PhaseList objects from loopback-phase.
 - Handler functions are registered via the `Layer` mechanism used by
   express router.
 - The app keeps the layers sorted according to phases.
2014-12-12 13:25:35 +01:00
Clark Wang 9c147f1b25 fix jshint errors
Signed-off-by: Clark Wang <clark.wangs@gmail.com>
2014-12-10 19:43:55 +08:00
Clark Wang b204367aa6 fix nested remoting function throwing error will crash app
Signed-off-by: Clark Wang <clark.wangs@gmail.com>
2014-12-10 12:04:56 +08:00
Clark Wang a12c2ece28 Prepend slash for nested remoting paths
Fix remoting paths of relation methods to correctly show
in API Explorer.
2014-11-27 09:56:44 +01:00
Rob Halff 36e1f6840c fix jscs errors 2014-11-21 03:35:36 +01:00
Rob Halff a722f8c4cf 'done' is not defined 2014-11-21 02:52:11 +01:00
Rob Halff 4ee7b5f440 'memory' is already defined 2014-11-21 02:47:47 +01:00
Rob Halff 918497c365 singlequote, semicolon & /*jshint -W030 */ 2014-11-21 02:46:21 +01:00
Miroslav Bajtoš 1c1e64c09e Merge pull request #837 from strongloop/feature/scope-middleware-to-path
#794 - Scope app middleware to a list of paths
2014-11-19 19:21:34 +01:00
Miroslav Bajtoš c411fb3e40 Merge pull request #813 from strongloop/fix/AccessToken.findForRequest
AccessToken: optional `options` in findForRequest
2014-11-19 19:18:42 +01:00
Miroslav Bajtoš 2baa4b03a3 Scope app middleware to a list of paths
Add a new argument to `app.middleware` allowing developers
to restrict the middleware to a list of paths or regular expresions.

Modify `app.middlewareFromConfig` to pass `config.paths` as the second
arg of `app.middleware`.

Examples:

    // A string path (interpreted via path-to-regexp)
    app.middleware('auth', '/admin', ldapAuth);

    // A regular expression
    app.middleware('initial', /^\/~(admin|root)/, rejectWith404);

    // A list of scopes
    app.middleware('routes', ['/api', /^\/assets/.*\.json$/], foo);

    // From config
    app.middlewareFromConfig(
      handlerFactory,
      {
        phase: 'initial',
        paths: ['/scope', /^\/(a|b)/]
      });
2014-11-19 15:42:54 +01:00
Raymond Feng bd12335542 Merge pull request #814 from strongloop/feature/fix-issue-811
Fix the model name for hasMany/through relation
2014-11-18 10:26:54 -08:00
Miroslav Bajtoš 7581ccf260 Merge pull request #796 from strongloop/feature/cleanup-middleware-config-opts
Cleanup middleware config opts
2014-11-18 19:10:07 +01:00
Raymond Feng 4c7c8901ff Fix the model name for hasMany/through relation 2014-11-17 09:44:20 -08:00
Miroslav Bajtoš b2d9f662e5 Merge pull request #792 from strongloop/feature/allow-serial-phase
app.middleware: verify serial exec of handlers
2014-11-14 18:37:28 +01:00
Miroslav Bajtoš a603ffa0f5 AccessToken: optional `options` in findForRequest
Fix `AccessToken.findForRequest` to correctly handle the case when
the options argument was omitted:

    AccessToken.findForRequest(req, cb);
2014-11-14 10:42:21 +01:00
Miroslav Bajtoš 7647339675 server-app: middleware API improvements
- Rename `config.config` to `config.params`
 - Modify methods to return `this` (fluent API)
2014-11-14 09:52:26 +01:00
Miroslav Bajtoš aa92412db3 app.middleware: verify serial exec of handlers
Add a test verifying that middleware handlers are executed serially.
2014-11-12 10:09:20 +01:00
Miroslav Bajtoš ae7d99682b Simplify `app.defineMiddlewarePhases`
Refactor the implementation to use the new method `phaseList.zipMerge`.

This is commit is changing the behaviour in the case when
the first new phase does not exist in the current list.

Before the change, all new phases were added just before the "routes"
phase.

After this change, new phases are added to the head of the list,
until an existing phase is encountered, at which point the regular
merge algorithm kicks in.

Example:

    app.defineMiddlewarePhases(['first', 'routes', 'subapps']);

Before the change: code throws an error - 'routes' already exists.

After the change: phases are merged with the following result:

    'first', 'initial', ..., 'routes', 'subapps', ...
2014-11-12 08:59:56 +01:00
Miroslav Bajtoš 4474f8b029 Merge pull request #786 from strongloop/feature/define-middleware-phases
Implement `app.defineMiddlewarePhases`
2014-11-12 08:16:49 +01:00
Raymond Feng f803ecec55 Make sure loopback has all properties from express 2014-11-11 11:27:39 -08:00
Miroslav Bajtoš 98d439050a Implement `app.defineMiddlewarePhases`
Implement method for registering (new) middleware phases.

 - If all names are new, then the phases are added just before
   the "routes" phase.

  - Otherwise the provided list of names is merged with the existing
   phases in such way that the order of phases is preserved.

Example

    // built-in phases:
    // initial, session, auth, parse, routes, files, final

    app.defineMiddlewarePhases('custom');
    // new list of phases
    //   initial, session, auth, parse,
    //   custom,
    //   routes, files, final

    app.defineMiddlewarePhases([
      'initial', 'postinit', 'preauth', 'routes', 'subapps'
    ]);
    // new list of phases
    //   initial,
    //   postinit, preauth,
    //   session, auth, parse, custom,
    //   routes,
    //   subapps,
    //   files, final
2014-11-11 19:45:37 +01:00
Miroslav Bajtoš beb55ee9f4 Merge pull request #787 from strongloop/feature/app-middleware-v2
Implement app.middlewareFromConfig
2014-11-11 19:41:46 +01:00
Miroslav Bajtoš 5578d59631 Implement app.middlewareFromConfig
Implement a function registering a middleware using a factory function
and a JSON config.

Example:

    app.middlewareFromConfig(compression, {
      enabled: true,
      phase: 'initial',
      config: {
        threshold: 128
      }
    });
2014-11-11 18:00:19 +01:00
Miroslav Bajtoš 038c6a454e middleware/token: store the token in current ctx 2014-11-11 11:04:41 +01:00
Miroslav Bajtoš 8f5aea3e3b Fix `loopback.getCurrentContext`
- ensure the method is always defined

 - return `null` when the context is not active
   (we are not inside a request-handling chain)
2014-11-11 11:04:41 +01:00
Miroslav Bajtoš 4e1433b519 Middleware phases - initial implementation
Modify the app and router implementation, so that the middleware is
executed in order defined by phases.

Predefined phases:

    'initial', 'session', 'auth', 'parse', 'routes', 'files', 'final'

Methods defined via `app.use`, `app.route` and friends are executed
as the first thing in 'routes' phase.

API usage:

    app.middleware('initial', compression());
    app.middleware('initial:before', serveFavicon());
    app.middleware('files:after', loopback.urlNotFound());
    app.middleware('final:after', errorHandler());

Middleware flavours:

    // regular handler
    function handler(req, res, next) {
      // do stuff
      next();
    }

    // error handler
    function errorHandler(err, req, res, next) {
      // handle error and/or call next
      next(err);
    }
2014-11-10 19:50:58 +01:00
Raymond Feng 586ea35071 Allows ACLs/settings in model config 2014-11-07 11:14:40 -08:00
Miroslav Bajtoš 4fdcbd16af rest middleware: clean up context config
Modify `loopback.rest()` to read the configuration for
`loopback.context` from `app.get('remoting')`, which is the approach
used for all other configuration options related to the REST transport.
2014-11-05 09:13:45 +01:00
Raymond Feng 885f4e047d Enable the context middleware from loopback.rest 2014-11-05 09:13:45 +01:00
Raymond Feng 246f38c05d Add context propagation middleware
- Implement the middleware `loopback.context`
 - Inject context into juggler and strong-remoting
 - Make http context optional and default to false
 - Optionally mount context middleware from `loopback.rest`
2014-11-05 09:13:44 +01:00
Miroslav Bajtoš e1b5d1edae Merge pull request #717 from strongloop/feature/add-test-for-supported-content-types
Add test for `remoting.rest.supportedTypes`
2014-11-03 18:49:34 +01:00
Miroslav Bajtoš edd464aca5 Expose path to the built-in favicon file
The path is available via `loopback.faviconFile`.
2014-11-03 10:00:24 +01:00
Miroslav Bajtoš ead9d706e6 Add test for `remoting.rest.supportedTypes` 2014-10-31 10:39:13 +01:00
Miroslav Bajtoš 292c7ad497 Revert "rest handler options" 2014-10-31 10:06:57 +01:00
Guilherme Cirne ba6bf3f41b REST handler options. 2014-10-30 16:58:30 -02:00
Raymond Feng 67f8b37562 The elapsed time in milliseconds can be 0 (less than 1 ms) 2014-10-27 15:22:17 -07:00
Miroslav Bajtoš fec8234c4c Merge pull request #616 from jpizarrom/master
added email custom headers in user verify
2014-10-24 19:51:10 +02:00
Juan Pizarro 4098bec2c6 User: custom email headers in verify 2014-10-24 14:42:49 -03:00
Raymond Feng b98ada282f Merge pull request #660 from strongloop/feature/add-realm-support
Add realm support
2014-10-24 08:27:28 -07:00
Raymond Feng 46d1430023 Add realm support 2014-10-23 11:10:39 -07:00
Raymond Feng 94033312e6 Merge pull request #681 from strongloop/feature/fix-issue-679
Make sure GET /:id/exists returns 200 {exists: true|false}
2014-10-23 07:40:52 -07:00
Miroslav Bajtoš b57cd3e409 User: fix `confirm` permissions
Enable authentication for all User unit-tests to check that the ACLs are
correctly configured.

Fix the rule for `confirm` - the correct permission is `ALLOW`, not
`ACL.ALLOW`.
2014-10-23 13:19:43 +02:00
Raymond Feng e0ed755ed3 Make sure GET /:id/exists returns 200 {exists: true|false}
https://github.com/strongloop/loopback/issues/679
2014-10-22 14:39:39 -07:00
Fabien Franzen 568c8662b4 Support per-model and per-handler remoting options
Allow the developer to pass custom `remoting` options via Model
settings, e.g.

    PersistedModel.extend(
      'MyModel',
      { name: String },
      {
        remoting: { normalizeHttpPath: true }
      });

Also add `options` arg to `app.handler`, this object is passed directly
to strong-remoting handler.
2014-10-22 09:54:15 +02:00
Miroslav Bajtoš 80020eb273 lib/application: improve URL building algo
When running on Unix and no hostname is specified, use `0.0.0.0`
as the hostname instead of `localhost`.

When running on Windows and the hostname is either not specified or
it is `0.0.0.0` or `::`, use `localhost` in the URL. The reason is
that Windows cannot open URLs using `0.0.0.0` as a hostname.
2014-10-20 13:47:24 +02:00
Miroslav Bajtoš 01d17e636a test: run more tests in the browser
Add two more test files to `test/karma.conf.js`:

 - test/loopback.test.js
 - test/model.application.test.js
2014-10-14 08:58:17 +02:00
Miroslav Bajtoš b1e0edb22b test: verify exported models 2014-10-14 08:58:17 +02:00
Miroslav Bajtoš b8e877c5e5 test: remove infinite timeout
The infinite timeout was useful when debugging, which is not a good
reason for keeping it around when not debugging.
2014-10-14 08:58:17 +02:00
Miroslav Bajtoš df9fe90d35 Auto-load and register built-in `Checkpoint` model 2014-10-14 08:58:16 +02:00
Raymond Feng 242b44ed2b Skip static ACL entries that don't match the property 2014-10-13 16:45:36 -07:00
Miroslav Bajtoš 1fe0110849 Dismantle `lib/models`.
- Move core models `Model` and `PersistedModel` to `lib/`.
 - Move `AccessContext` class to `lib/`, since it is not a model.
 - Move all other built-in models to `common/models`.

This is a preparation for extracting model definitions to JSON files.
By splitting the change into multiple commits, git is able to keep track
of file moves (renames).
2014-10-13 12:09:27 +02:00
Miroslav Bajtoš 846a0b0074 models/change: fix `id` property definition
Remove the flag `generated:true`, as it does not work together with
a custom `setter.id` function.
2014-10-10 19:10:42 +02:00
Miroslav Bajtoš aac230679f Merge pull request #555 from strongloop/feature/include-remote-method-aliases
PersistedModel: add remote method aliases
2014-09-12 11:42:20 +02:00
Raymond Feng 28754519d4 Merge pull request #522 from clarkorz/feature/link-with-data
Support data field as body for link operation
2014-09-11 16:59:27 -07:00
Raymond Feng 1e41064a87 Merge pull request #529 from Coobaha/fix/user_include
user#login include server crash fix
2014-09-11 16:57:58 -07:00
Miroslav Bajtoš 06b65ccf7e PersistedModel: add remote method aliases
Ensure all loopback 1.x method names are available in loopback 2.x too.
2014-09-10 17:35:02 +01:00
Fabien Franzen 033e771528 Fix require 2014-09-06 10:55:16 +02:00
Ritchie Martori 6a604de157 Merge pull request #510 from strongloop/fix/remoting-type-conversion
Fix coercion for remoting on vanilla models
2014-09-03 11:55:04 -07:00
Ritchie Martori 58e36514d6 Fix coercion for remoting on vanilla models 2014-09-03 11:33:20 -07:00
Raymond Feng 43dbfa288e Merge pull request #469 from britztopher/mailconnector-transports-issue460
Mailconnector transports issue460
2014-09-03 08:50:03 -07:00
Alexander Ryzhikov 58538f02b7 user#login include server crash fix
Signed-off-by: Alexander Ryzhikov <coobaha@gmail.com>
2014-09-03 09:58:49 +04:00
Clark Wang 2452dd1092 Add tests for hasManyThrough link with data
Signed-off-by: Clark Wang <clark.wangs@gmail.com>
2014-09-01 09:28:13 +08:00
Fabien Franzen 1067c94bf6 Tiny fix: correct url format 2014-08-30 17:00:36 +02:00
Fabien Franzen 33f3ba4549 Fix embedsMany/findById to return proper 404 response 2014-08-30 16:54:14 +02:00
Raymond Feng 9b97014b52 Merge pull request #504 from fabien/feature/embeds-one-remoting
Enable remoting for embedsOne relation
2014-08-29 09:30:49 -07:00
Raymond Feng e856f81d09 Merge pull request #503 from fabien/feature/scope-where
Allow 'where' argument for scoped count API
2014-08-29 09:30:38 -07:00
Miroslav Bajtoš 26b67ba757 registry: warn when dataSource is not specified
Modify `registry.configureModel()` to log a warning when `dataSource`
optiont is not specified at all.

Users should provide `dataSource: null` when the model is intentionally
not attached to any data-source.
2014-08-26 18:04:06 +02:00
Ritchie Martori 7dde6466e5 Only validate dataSource when defined (Fixes #482) 2014-08-26 17:49:15 +02:00
Fabien Franzen 6cfd1bb523 Fix tests 2014-08-26 15:25:45 +02:00
Jaka Hudoklin 19155242c1 Enable remoting for embedsOne relation
Signed-off-by: Jaka Hudoklin <jakahudoklin@gmail.com>
2014-08-26 15:25:45 +02:00
Fabien Franzen fc0c96bdc2 Allow 'where' argument for scoped count API
Note that the return value will be non-rooted, which is actually what
the
non-scoped /count method returns as well - fixes inconsistency.
2014-08-26 14:41:36 +02:00
britztopher ba48d042b8 added test and fixed changing passed in object within ctor 2014-08-14 15:44:36 -04:00
Raymond Feng 1c61cedee7 Make sure scoped methods are remoted
See https://github.com/strongloop/loopback/issues/454. It's regression in 2.x.
2014-08-08 15:55:47 -07:00
Raymond Feng 9fb0977433 Pass in remotingContext for ACL
See https://github.com/strongloop/loopback/issues/451
2014-08-07 22:19:27 -07:00