Ritchie Martori
d45c1ae7bb
Fix logout to handle no or missing accessToken
...
Return 401 when the request does not provide any accessToken argument
or the token was not found.
Also simplify the implementation of the `logout` method to make only
a single database call (`deleteById`) instead of `findById` + `delete`.
2017-01-30 08:56:18 +01:00
Aris Kemper
efd8237dc6
Fix User methods to use correct Primary Key
...
Do not use hard-coded "id" property name, call `idName()` to get the
name of the PK property.
2017-01-20 16:24:59 +01:00
João Ribeiro
e63fea83f7
Fix User.resetPassword to call createAccessToken()
...
This allows User subclasses to override the algorithm used for building
one-time access tokens for password recovery.
2017-01-19 16:27:22 +01:00
Miroslav Bajtoš
e17cc3d23a
Preserve current session when invalidating tokens
...
Fix User model to preserve the current session (provided via
"options.accessToken") when invalidating access tokens after a change
of email or password property.
2017-01-16 10:08:30 +01:00
Miroslav Bajtoš
24bb15233d
Clean up access-token-invalidation tests
2017-01-16 10:08:30 +01:00
Miroslav Bajtoš
70eecfab70
Upgrade eslint-config to 7.x
2017-01-06 12:12:35 +01:00
Bram Borggreve
cddfb9c77d
Allow password reset request for users in realms
2017-01-05 09:47:18 -05:00
Miroslav Bajtoš
298635dad1
Merge pull request #2992 from DA-14/feature/resetPasswordRequest
...
Emit resetPasswordRequest event with options
2017-01-05 15:33:22 +01:00
박대선
d9ae32429b
Fix false emailVerified on user model update
...
Yesterday, the loopback we are using in our system was upgraded
via npm, and since the upgrade, we noticed that every time
the user model updates, the emailVerified column would change to false.
I took a look and realized there might be an error in
https://github.com/strongloop/loopback/commit/eb640d8
The intent of the commit just mention is to make emailVerified false
when the email gets changed, but notice that ctx.data.email is null
on updates, so the condition is always met and emailVerified always
becomes false.
This commit fixes the issue just mentioned.
2016-12-23 14:04:44 +09:00
Miroslav Bajtoš
29a17f39d5
Invalidate AccessTokens on password change
...
Invalidate all existing sessions (delete all access tokens)
after user's password was changed.
2016-12-12 13:30:53 +01:00
Sergey Reus
fa8bca8d6e
Emit resetPasswordRequest event with options
2016-12-09 18:14:32 +02:00
Miroslav Bajtoš
5016703f21
Remove "options.template" from Email payload
...
Fix User.confirm to exclude "options.template" when sending the
confirmation email. Certain nodemailer transport plugins are rejecting
such requests.
2016-12-06 16:18:19 +01:00
Miroslav Bajtoš
1ec7cf0a37
Turn on "no-unused-expressions" rule for eslint
...
Fix unit-tests relying on property-based assertions to use function
calls instead, using "dirty-chai" to modify chai's property checkers.
2016-11-22 15:30:04 +01:00
Loay
06cb481c3f
Update eslint to loopback config v5
...
Notable side-effects:
- loopback no longer exports "caller" and "arguments" properties
- kv-memory connector is now properly added to the connector registry
- the file "test/support.js" was finally removed
2016-11-22 14:08:02 +01:00
Adrien Kiren
85da50cbc8
Add templateFn option to User#verify()
2016-11-14 16:22:10 +01:00
Loay
eb640d8da0
Require verification after email change
...
When the User model is configured to require email verification,
then any change of the email address should trigger re-verification.
2016-11-09 13:06:25 +01:00
Dhaval Trivedi
4922f425fc
adding check of string for case insensitive emails
2016-11-01 18:13:56 -04:00
Loay
5f5e874564
Validate non-email property partial update
2016-10-03 15:45:52 -04:00
David Cheung
d544ae1bf8
Support uniqueness for realm users
2016-09-20 11:26:56 -04:00
Loay
bcc2d99a95
Invalidate sessions after email change
2016-09-19 10:24:30 -04:00
Miroslav Bajtoš
21ff383eb3
Fix double-slash in confirmation URL
...
Fix the code building the URL used in the email-verification email
to prevent double-slash in the URL when e.g. restApiRoot is '/'.
Before:
http://example.com//users/confirm ?...
Now:
http://example.com/users/confirm ?...
2016-09-13 08:52:49 +02:00
Miroslav Bajtoš
92a5a08671
test/user: don't attach User model twice
2016-09-09 09:02:41 +02:00
Miroslav Bajtoš
9a75ee6f30
Rework email validation to use isemail
...
Drop hand-crafted RegExp in favour of a 3rd-party module that supports
RFC5321, RFC5322 and other relevant standards.
2016-09-06 14:09:00 +02:00
Loay
5567917c12
Allow resetPassword if emailVerified
2016-08-26 13:11:42 -04:00
Loay
7aebf0d132
Add bcrypt validation
2016-08-12 21:34:50 -04:00
Miroslav Bajtoš
7546ee531d
Update dependencies to their latest versions
2016-08-03 16:17:58 +02:00
jannyHou
17a046d7a1
Increase timeout
2016-07-29 14:54:34 -04:00
Loay
0fa3327112
Fix test case error
2016-07-26 10:26:44 -04:00
Loay
b53a22bfb3
Fix security issue 580
2016-07-22 17:48:57 -04:00
Loay
ec51e833b6
Fix verificationToken bug
2016-06-17 10:21:59 -04:00
David Cheung
ddb5327e64
Update tests for strong-error-handler
...
Fix rest-adapter related test case switching to strong-error-handler
Only affect the test-cases calling rest methods
2016-06-07 13:26:18 -04:00
David Cheung
817e76e424
Remove unused UserModel properties
...
- credentials
- challenges
- status
- created
- lastUpdated
2016-05-10 14:29:08 -04:00
Supasate Choochaisri
04e26fae5c
Separate error-checking and next/done logic from other logic in the test suite
...
Signed-off-by: Supasate Choochaisri <supasate.c@gmail.com>
2016-05-05 11:12:48 +07:00
Ryan Graham
6964914bab
update copyright statements
2016-05-03 15:50:21 -07:00
Miroslav Bajtoš
095dce0373
test/user: use local registry
...
Rework User tests to not depend on `app.autoAttach()` and global shared
registry of Models. Instead, each tests creates a fresh app instance
with a new in-memory datasource and a new set of Models.
2016-05-03 14:01:39 +02:00
Miroslav Bajtoš
f9702b0ace
Use eslint with loopback config
...
Drop jshint and jscs in favour of eslint.
Fix style violations.
While we are at this, reduce the max line length from 150 to 100.
2016-04-06 10:45:30 +02:00
Ryan Graham
ab5254fcba
test: remove errant console.log from test
...
Using console.log like this can result in invalid xml when the xunit
reporter is used.
2016-02-04 08:35:37 -08:00
Samuel Gaus
2741d50342
Hide verificationToken
...
We should never be showing this publically.
Adds unit test for hiding verification token.
2016-01-12 15:48:03 +00:00
Richard Pringle
2cca83c4ff
Add case-sensitve email option for User model.
2015-12-03 13:18:49 -05:00
Simo Moujami
403e677155
Fix user.resetPassword to fail on email not found
2015-11-02 12:55:24 +01:00
Samuel Gaus
351b8026a0
Do not include redundant ports in verify links
...
If the protocol and port match we can ignore the port for a more
visually appealing link.
2015-10-12 16:24:30 +02:00
Pradnya Baviskar
dc987a59a9
Promisify User model
2015-07-14 13:01:46 +05:30
Raymond Feng
12e19e36ea
Upgrade test fixtures to use LB 2.x layout
2015-04-20 09:23:44 -07:00
Miroslav Bajtoš
699bc7aa97
test: remove global autoAttach
2015-04-07 15:25:18 +02:00
jakerella
713001913e
Ability to pass in custom verification token generator
...
This commit adds the ability for the developer to use a custom token generator function for the user.verify(...) method. By default, the system will still use the crypto.randomBytes() method if no option is provided.
2015-03-19 16:56:38 -04:00
Raymond Feng
78550a9bc5
Pass options from User.login to createAccessToken
...
It will allow subclass of User to create access token based on additional
properties such as 'scope'.
2015-03-02 14:48:08 -08:00
Miroslav Bajtoš
3c43eccac7
Merge pull request #1120 from PradnyaBaviskar/lb-issue-416
...
Fix "User.confirm" to always call afterRemote hook
Close #1120
2015-02-25 14:26:07 +01:00
Pradnya Baviskar
8766d4a68d
Fix "User.confirm" to always call afterRemote hook
...
Make the "redirect" parameter optional. When the parameter is not
specified, the server responds with an empty response (204). This allows
API clients to call the method without the need to handle redirects
and HTML responses.
Even when the "redirect" parameter is included, the builtin afterRemote
hook still calls next(), so that user-provided afterRemote hooks
are executed too.
2015-02-25 14:20:47 +01:00
Raymond Feng
13e618bff2
Skip hashing password if it's already hashed
...
See https://github.com/strongloop/loopback-datasource-juggler/issues/471
2015-02-24 16:36:51 -08:00
Miroslav Bajtoš
c2236c393b
Upgrade jscs to ~1.11 via grunt-jscs ^1.5
2015-02-20 15:31:15 +01:00