Miroslav Bajtoš
29a17f39d5
Invalidate AccessTokens on password change
...
Invalidate all existing sessions (delete all access tokens)
after user's password was changed.
2016-12-12 13:30:53 +01:00
Miroslav Bajtoš
f476613ab1
Fix registration of operation hooks in User model
...
Follow-up for 4edce47
which moved only two out of three hooks.
2016-12-09 14:29:30 +01:00
Miroslav Bajtoš
4edce47b24
Fix registration of operation hooks in User model
...
Operation hooks are inherited by subclassed models, therefore they must
be registered outside of `Model.setup()` function.
This commit fixes this problem in the built-in User model.
There are not tests verifying this change, as writing a test would be
too cumbersome and not worth the cost IMO.
2016-12-09 13:16:42 +01:00
Miroslav Bajtoš
63beaa21fe
Merge pull request #3004 from strongloop/fix/email-template-in-transport
...
Remove "options.template" from Email payload
2016-12-07 10:53:04 +01:00
Miroslav Bajtoš
5016703f21
Remove "options.template" from Email payload
...
Fix User.confirm to exclude "options.template" when sending the
confirmation email. Certain nodemailer transport plugins are rejecting
such requests.
2016-12-06 16:18:19 +01:00
Miroslav Bajtoš
acdfb432d0
Upgrade eslint config and grunt-eslint to latest
...
- disable ES6 because PhantomJS does not support it yet
- fix linter errors reported after the upgrade.
2016-12-06 16:05:13 +01:00
Eric
b0d6c4a7d2
Add "returnOnlyRoleNames" option to Role.getRoles
...
Currently the return type of Role.getRoles() method is inconsistent:
role names are returned for smart roles and role ids are returned for
static roles (configured through user-role mapping).
This commit adds a new option to Role.getRoles() allowing the caller
to request role names to be returned for all types of roles.
2016-11-30 16:46:59 +01:00
Loay
f72a29671f
Remove workaround for default value
2016-11-22 20:58:27 -05:00
Loay
06cb481c3f
Update eslint to loopback config v5
...
Notable side-effects:
- loopback no longer exports "caller" and "arguments" properties
- kv-memory connector is now properly added to the connector registry
- the file "test/support.js" was finally removed
2016-11-22 14:08:02 +01:00
codyolsen
3f5e49c3d6
Fix context within listByPrincipalType role method
...
- Fix for current implimentation that returned all models that had any
assigned roles. Context was not carried into listByPrincipalType,
setting roleId as null.
2016-11-15 14:51:05 +01:00
Adrien Kiren
85da50cbc8
Add templateFn option to User#verify()
2016-11-14 16:22:10 +01:00
Loay
eb640d8da0
Require verification after email change
...
When the User model is configured to require email verification,
then any change of the email address should trigger re-verification.
2016-11-09 13:06:25 +01:00
Candy
8f08398c30
Update doc links
2016-11-04 16:47:12 -04:00
Dhaval Trivedi
4922f425fc
adding check of string for case insensitive emails
2016-11-01 18:13:56 -04:00
Simon Ho
dcc58a9d50
Need index on principalId for performance. ( #2883 )
2016-10-21 16:13:16 -07:00
Miroslav Bajtoš
6808159427
Allow tokens with eternal TTL (value -1)
...
- Add a new User setting 'allowEternalTokens'
- Enhance 'AccessToken.validate' to support eternal tokens with ttl
value -1 when the user model allows it.
2016-10-10 13:27:22 +02:00
Loay
5f5e874564
Validate non-email property partial update
2016-10-03 15:45:52 -04:00
Candy
640f3a8ca7
Update globalization structure
2016-09-22 11:58:00 +02:00
David Cheung
d544ae1bf8
Support uniqueness for realm users
2016-09-20 11:26:56 -04:00
Simon Ho
c3ba632aa3
Merge pull request #2743 from strongloop/docs-for-kv-model
...
Add docs for KeyValue model
2016-09-19 15:29:47 -07:00
Loay
bcc2d99a95
Invalidate sessions after email change
2016-09-19 10:24:30 -04:00
Simon Ho
845b73d4eb
Add docs for KeyValue model
2016-09-18 19:45:13 -07:00
Miroslav Bajtoš
21ff383eb3
Fix double-slash in confirmation URL
...
Fix the code building the URL used in the email-verification email
to prevent double-slash in the URL when e.g. restApiRoot is '/'.
Before:
http://example.com//users/confirm ?...
Now:
http://example.com/users/confirm ?...
2016-09-13 08:52:49 +02:00
Miroslav Bajtoš
9a75ee6f30
Rework email validation to use isemail
...
Drop hand-crafted RegExp in favour of a 3rd-party module that supports
RFC5321, RFC5322 and other relevant standards.
2016-09-06 14:09:00 +02:00
Simon Ho
9db0682b07
Add remoting for KeyValue model TTL feature
2016-08-29 14:46:41 -07:00
Setogit
0f5136d072
Apply g.f to literal strings
2016-08-27 22:42:21 -07:00
Loay
5567917c12
Allow resetPassword if emailVerified
2016-08-26 13:11:42 -04:00
Benjamin Kroeger
4ff9a4c2ef
streamline use if `self`
2016-08-25 12:51:51 +02:00
Benjamin Kroeger
01c1656fc2
resolve related models from correct registry
...
Also modify setup of test servers when ACL was used, force the app
to `loadBuiltinModels` with localRegistry.
2016-08-25 12:51:29 +02:00
Miroslav Bajtoš
88e4de5341
KeyValueModel: add API for listing keys
...
- Expose "keys()" at "GET /keys"
- Add a dummy implementation for "iterateKeys" to serve a useful error
message when the model is not attached correctly.
2016-08-18 10:50:45 +02:00
Rand McKinney
01a9fa2ab2
Update acl.js
...
Fix typo in JS doc.
2016-08-16 10:14:17 -07:00
Miroslav Bajtoš
eec326dc80
Revert globalization of Swagger descriptions
2016-08-15 11:06:05 +02:00
Loay
7aebf0d132
Add bcrypt validation
2016-08-12 21:34:50 -04:00
Miroslav Bajtoš
a259e59afc
common: add KeyValueModel
2016-08-10 14:15:22 +02:00
Candy
bb9a1b5b24
Update globalization string
2016-08-05 15:49:43 -04:00
Candy
b52a7217a9
Add globalization
2016-08-04 15:08:16 -04:00
Miroslav Bajtoš
98816217c9
test: use local registry in test fixtures
...
Use local registry in test fixtures to prevent collision in globally
shared models.
Fix issues discoverd in auth implementation where the global registry
was used instead of the correct local one.
2016-07-27 10:07:49 +02:00
Loay
8f7e032a01
Update user.js
2016-07-25 00:55:55 -04:00
Loay
b53a22bfb3
Fix security issue 580
2016-07-22 17:48:57 -04:00
Loay
ec51e833b6
Fix verificationToken bug
2016-06-17 10:21:59 -04:00
Amir Jafarian
6502309e34
Expose `Replace*` methods
...
*Re-mapping `updateAttributes` endpoint to use
`PATCH` and `PUT`(configurable) verb
*Exposing `replaceById` and `replaceOrCreate` via
`POST` and `PUT`(configurable) verb
2016-06-10 14:56:44 -04:00
David Cheung
817e76e424
Remove unused UserModel properties
...
- credentials
- challenges
- status
- created
- lastUpdated
2016-05-10 14:29:08 -04:00
Simon Ho
363bc4d6c1
Merge pull request #2310 from ambrt/ambrt-patch-1
...
Update user.js
2016-05-09 12:30:17 -07:00
Candy
8ab6fccdea
Remove Change.handleError
2016-05-09 11:45:27 -04:00
Rik
341390a74e
Update user.js
...
allow to change all {href} instances in user.verify() mail into generated url instead of just one
2016-05-08 13:10:56 +02:00
Simon Ho
1559db2ca3
Merge pull request #2269 from supasate/feature/do-not-allow-duplicate-role-name
...
Add feature to not allow duplicate role name
2016-05-04 20:42:13 -07:00
Supasate Choochaisri
d4a869bddf
Add feature to not allow duplicate role name
...
Signed-off-by: Supasate Choochaisri <supasate.c@gmail.com>
2016-05-05 08:18:17 +07:00
Ryan Graham
6964914bab
update copyright statements
2016-05-03 15:50:21 -07:00
Miroslav Bajtoš
35d9fa4b54
Fix role.isOwner to support app-local registry
2016-05-03 14:01:39 +02:00
juehou
dcf88baf68
Resolver support return promise
2016-05-02 17:47:14 -04:00