Miroslav Bajtoš
dcb2f159ec
Merge pull request #3160 from strongloop/fix/token-invalidation-on-save
...
Preserve sessions on User.save() making no changes
2017-01-31 14:38:48 +01:00
Miroslav Bajtoš
3b17a0cf5c
Upgrade eslint config, fix linter errors
2017-01-31 13:44:32 +01:00
Miroslav Bajtoš
8f80aecc1f
Preserve sessions on User.save() making no changes
2017-01-30 11:30:05 +01:00
Ritchie Martori
d45c1ae7bb
Fix logout to handle no or missing accessToken
...
Return 401 when the request does not provide any accessToken argument
or the token was not found.
Also simplify the implementation of the `logout` method to make only
a single database call (`deleteById`) instead of `findById` + `delete`.
2017-01-30 08:56:18 +01:00
Aris Kemper
efd8237dc6
Fix User methods to use correct Primary Key
...
Do not use hard-coded "id" property name, call `idName()` to get the
name of the PK property.
2017-01-20 16:24:59 +01:00
João Ribeiro
e63fea83f7
Fix User.resetPassword to call createAccessToken()
...
This allows User subclasses to override the algorithm used for building
one-time access tokens for password recovery.
2017-01-19 16:27:22 +01:00
Miroslav Bajtoš
e17cc3d23a
Preserve current session when invalidating tokens
...
Fix User model to preserve the current session (provided via
"options.accessToken") when invalidating access tokens after a change
of email or password property.
2017-01-16 10:08:30 +01:00
Miroslav Bajtoš
70eecfab70
Upgrade eslint-config to 7.x
2017-01-06 12:12:35 +01:00
Bram Borggreve
cddfb9c77d
Allow password reset request for users in realms
2017-01-05 09:47:18 -05:00
Miroslav Bajtoš
298635dad1
Merge pull request #2992 from DA-14/feature/resetPasswordRequest
...
Emit resetPasswordRequest event with options
2017-01-05 15:33:22 +01:00
박대선
697614dd45
Applied as reviewed by @flowersinthesand
2016-12-23 14:47:08 +09:00
박대선
d9ae32429b
Fix false emailVerified on user model update
...
Yesterday, the loopback we are using in our system was upgraded
via npm, and since the upgrade, we noticed that every time
the user model updates, the emailVerified column would change to false.
I took a look and realized there might be an error in
https://github.com/strongloop/loopback/commit/eb640d8
The intent of the commit just mention is to make emailVerified false
when the email gets changed, but notice that ctx.data.email is null
on updates, so the condition is always met and emailVerified always
becomes false.
This commit fixes the issue just mentioned.
2016-12-23 14:04:44 +09:00
Miroslav Bajtoš
29a17f39d5
Invalidate AccessTokens on password change
...
Invalidate all existing sessions (delete all access tokens)
after user's password was changed.
2016-12-12 13:30:53 +01:00
Sergey Reus
fa8bca8d6e
Emit resetPasswordRequest event with options
2016-12-09 18:14:32 +02:00
Miroslav Bajtoš
f476613ab1
Fix registration of operation hooks in User model
...
Follow-up for 4edce47
which moved only two out of three hooks.
2016-12-09 14:29:30 +01:00
Miroslav Bajtoš
4edce47b24
Fix registration of operation hooks in User model
...
Operation hooks are inherited by subclassed models, therefore they must
be registered outside of `Model.setup()` function.
This commit fixes this problem in the built-in User model.
There are not tests verifying this change, as writing a test would be
too cumbersome and not worth the cost IMO.
2016-12-09 13:16:42 +01:00
Miroslav Bajtoš
5016703f21
Remove "options.template" from Email payload
...
Fix User.confirm to exclude "options.template" when sending the
confirmation email. Certain nodemailer transport plugins are rejecting
such requests.
2016-12-06 16:18:19 +01:00
Loay
06cb481c3f
Update eslint to loopback config v5
...
Notable side-effects:
- loopback no longer exports "caller" and "arguments" properties
- kv-memory connector is now properly added to the connector registry
- the file "test/support.js" was finally removed
2016-11-22 14:08:02 +01:00
Adrien Kiren
85da50cbc8
Add templateFn option to User#verify()
2016-11-14 16:22:10 +01:00
Loay
eb640d8da0
Require verification after email change
...
When the User model is configured to require email verification,
then any change of the email address should trigger re-verification.
2016-11-09 13:06:25 +01:00
Candy
8f08398c30
Update doc links
2016-11-04 16:47:12 -04:00
Dhaval Trivedi
4922f425fc
adding check of string for case insensitive emails
2016-11-01 18:13:56 -04:00
Loay
5f5e874564
Validate non-email property partial update
2016-10-03 15:45:52 -04:00
Candy
640f3a8ca7
Update globalization structure
2016-09-22 11:58:00 +02:00
David Cheung
d544ae1bf8
Support uniqueness for realm users
2016-09-20 11:26:56 -04:00
Loay
bcc2d99a95
Invalidate sessions after email change
2016-09-19 10:24:30 -04:00
Miroslav Bajtoš
21ff383eb3
Fix double-slash in confirmation URL
...
Fix the code building the URL used in the email-verification email
to prevent double-slash in the URL when e.g. restApiRoot is '/'.
Before:
http://example.com//users/confirm ?...
Now:
http://example.com/users/confirm ?...
2016-09-13 08:52:49 +02:00
Miroslav Bajtoš
9a75ee6f30
Rework email validation to use isemail
...
Drop hand-crafted RegExp in favour of a 3rd-party module that supports
RFC5321, RFC5322 and other relevant standards.
2016-09-06 14:09:00 +02:00
Setogit
0f5136d072
Apply g.f to literal strings
2016-08-27 22:42:21 -07:00
Loay
5567917c12
Allow resetPassword if emailVerified
2016-08-26 13:11:42 -04:00
Miroslav Bajtoš
eec326dc80
Revert globalization of Swagger descriptions
2016-08-15 11:06:05 +02:00
Loay
7aebf0d132
Add bcrypt validation
2016-08-12 21:34:50 -04:00
Candy
bb9a1b5b24
Update globalization string
2016-08-05 15:49:43 -04:00
Candy
b52a7217a9
Add globalization
2016-08-04 15:08:16 -04:00
Loay
8f7e032a01
Update user.js
2016-07-25 00:55:55 -04:00
Loay
b53a22bfb3
Fix security issue 580
2016-07-22 17:48:57 -04:00
Loay
ec51e833b6
Fix verificationToken bug
2016-06-17 10:21:59 -04:00
David Cheung
817e76e424
Remove unused UserModel properties
...
- credentials
- challenges
- status
- created
- lastUpdated
2016-05-10 14:29:08 -04:00
Rik
341390a74e
Update user.js
...
allow to change all {href} instances in user.verify() mail into generated url instead of just one
2016-05-08 13:10:56 +02:00
Ryan Graham
6964914bab
update copyright statements
2016-05-03 15:50:21 -07:00
Miroslav Bajtoš
f9702b0ace
Use eslint with loopback config
...
Drop jshint and jscs in favour of eslint.
Fix style violations.
While we are at this, reduce the max line length from 150 to 100.
2016-04-06 10:45:30 +02:00
Jue Hou
eb09681f21
promise docs
...
Add promise jsdoc in loopback
2016-04-04 12:35:35 -04:00
Candy
0e637962d5
Use new strong-remoting API
2016-02-05 11:11:38 -05:00
Jue Hou
865789017d
Fix description for User.prototype.hasPassword
2016-01-11 14:28:10 -05:00
Miroslav Bajtoš
6d040a98ae
Merge pull request #1804 from richardpringle/master
...
Add case-sensitive email option for User model
2015-12-08 12:47:58 +01:00
David Cheung
c4917819af
Adding properties description for User Model
...
- Added description for `realm` `created` `lastUpdated` `status`
- End of line for descriptions to be peroid
2015-12-04 14:55:01 -05:00
Richard Pringle
2cca83c4ff
Add case-sensitve email option for User model.
2015-12-03 13:18:49 -05:00
Simo Moujami
403e677155
Fix user.resetPassword to fail on email not found
2015-11-02 12:55:24 +01:00
Samuel Gaus
351b8026a0
Do not include redundant ports in verify links
...
If the protocol and port match we can ignore the port for a more
visually appealing link.
2015-10-12 16:24:30 +02:00
Felipe Oliveira Carvalho
355ff8ee41
Update comment about user ACL to reflect implementation
2015-09-11 21:57:55 -03:00