Commit Graph

683 Commits

Author SHA1 Message Date
David Cheung d544ae1bf8 Support uniqueness for realm users 2016-09-20 11:26:56 -04:00
Loay bcc2d99a95 Invalidate sessions after email change 2016-09-19 10:24:30 -04:00
Candy d4b8cf670f Fix remote method inheritance 2016-09-13 13:23:09 -04:00
Miroslav Bajtoš 21ff383eb3 Fix double-slash in confirmation URL
Fix the code building the URL used in the email-verification email
to prevent double-slash in the URL when e.g. restApiRoot is '/'.

Before:

  http://example.com//users/confirm?...

Now:

  http://example.com/users/confirm?...
2016-09-13 08:52:49 +02:00
Miroslav Bajtoš 6e1defcb18 Use strong-remoting's new TypeRegistry 2016-09-09 10:01:29 +02:00
Miroslav Bajtoš 92a5a08671 test/user: don't attach User model twice 2016-09-09 09:02:41 +02:00
Miroslav Bajtoš f76edd5d61 Fix remoting metadata for "data" arguments
Fix the definition of "data" argument to

    { type: 'object', model: modelName, ... }

That way strong-remoting passed the request body directly to the model
method (does not create a new model instance), but the swagger will
still provide correct schema for these arguments.

This fixes a bug where upsert in relation methods was adding default
property values to request payload.
2016-09-07 14:27:58 +02:00
gunjpan 832e2c391c Discard sugar method for model creation
Current implementation of `app.model(modelName, settings)`
works as a sugar for model creation. In 3.0, this is
not supported anymore. This implementation reports an
error when sugar is used for model creation.
Includes:
 - Updated app.model() method
 - Fixed test cases reflecting the change
2016-09-07 10:40:23 +02:00
Amirali Jafarian a6f8ec672d Merge pull request #2539 from mountain1234585/upsertWithWhere
Add upsertWithWhere
2016-09-06 15:54:21 -04:00
Miroslav Bajtoš 9a75ee6f30 Rework email validation to use isemail
Drop hand-crafted RegExp in favour of a 3rd-party module that supports
RFC5321, RFC5322 and other relevant standards.
2016-09-06 14:09:00 +02:00
Sonali Samantaray aef6dca30c Expose upsertWithWhere method 2016-09-02 18:10:47 +05:30
Simon Ho 9db0682b07 Add remoting for KeyValue model TTL feature 2016-08-29 14:46:41 -07:00
Subramanian Krishnan 40f0690573 Make the app instance available to connectors 2016-08-29 15:15:53 +02:00
Amirali Jafarian 358fdbf184 Merge pull request #2670 from strongloop/reorder_patch_put
Reorder PATCH Vs PUT endpoints
2016-08-26 16:09:43 -04:00
Loay 5567917c12 Allow resetPassword if emailVerified 2016-08-26 13:11:42 -04:00
Amir Jafarian b80666a507 Reorder PATCH Vs PUT endpoints
*Reorder PATCH Vs PUT endpoints for update* methods
2016-08-26 11:08:35 -04:00
Benjamin Kroeger 01c1656fc2 resolve related models from correct registry
Also modify setup of test servers when ACL was used, force the app
to `loadBuiltinModels` with localRegistry.
2016-08-25 12:51:29 +02:00
Miroslav Bajtoš 88e4de5341 KeyValueModel: add API for listing keys
- Expose "keys()" at "GET /keys"
 - Add a dummy implementation for "iterateKeys" to serve a useful error
   message when the model is not attached correctly.
2016-08-18 10:50:45 +02:00
Carl Fürstenberg edd5275b8b Fix token middleware crash
Fix token middleware to check if `req.loopbackContext` is active.
The context is not active for example when express-session calls
setImmediate which breaks CLS.
2016-08-17 14:44:00 +02:00
Samuel Reed 22345cfcda Support 'alias' in mail transport config.
Useful if you need to set up multiple transports of the same type.

[forward-port of #2489]
2016-08-16 16:24:56 +02:00
Loay 7aebf0d132 Add bcrypt validation 2016-08-12 21:34:50 -04:00
Miroslav Bajtoš a259e59afc common: add KeyValueModel 2016-08-10 14:15:22 +02:00
Miroslav Bajtoš b087c930ed Remove current-context API
Change all current-context APIs to throw a helpful error.
2016-08-10 13:43:40 +02:00
jannyHou 19618209c8 Fix forceId in tests 2016-08-08 15:06:29 -04:00
Miroslav Bajtoš a751230cd9 test: increase timeout to prevent CI failures 2016-08-08 15:45:53 +02:00
Miroslav Bajtoš 39da31bb5a test: fix "socket hang up" error in app.test
Rework the test to always wait for the client request to finish before
calling the test done.
2016-08-04 15:51:53 +02:00
Miroslav Bajtoš 5d18d41b28 test: increate timeout in Role test 2016-08-04 13:32:47 +02:00
Miroslav Bajtoš caaa296a82 test: make status test more robust
Rework assertions to report helpful messages on failure.

Increase the "elapsed" limit from 100ms to 300ms to support our
slow CI machines.
2016-08-04 11:00:00 +02:00
Miroslav Bajtoš 48205fb2bd test: fix broken Role tests
Rework the test suite to always report errors and correctly signal
when async tests are done.

This should prevent spurious test failures on CI servers that are
difficult to troubleshoot, because the error is reported for different
test case.
2016-08-03 16:17:58 +02:00
Miroslav Bajtoš 7546ee531d Update dependencies to their latest versions 2016-08-03 16:17:58 +02:00
jannyHou 17a046d7a1 Increase timeout 2016-07-29 14:54:34 -04:00
Miroslav Bajtoš fd0b6fcb96 test: fix change-tracking setup
The remote-connector test has misconfigured the client (remote) model,
where the client model was trying to keep track of changes. That's
redundant because it's up to the server model (attached directly to the
database) to track changes.

This commit fixes that configuration and also cleans up the test code
a little bit to make it easier to distinguish between the remote
(client) model and the server model.
2016-07-29 16:49:29 +02:00
Miroslav Bajtoš 98816217c9 test: use local registry in test fixtures
Use local registry in test fixtures to prevent collision in globally
shared models.

Fix issues discoverd in auth implementation where the global registry
was used instead of the correct local one.
2016-07-27 10:07:49 +02:00
Loay 0fa3327112 Fix test case error 2016-07-26 10:26:44 -04:00
Loay b53a22bfb3 Fix security issue 580 2016-07-22 17:48:57 -04:00
Gunjan Pandya 7ed003e973 Merge pull request #2419 from strongloop/remove-legacyExplorer
[SEMVER-MAJOR] Remove legacyExplorer
2016-07-14 14:35:38 -04:00
gunjpan 1b053d44fe Remove legacyExplorer
- Removes backward compatibility
for legacy end points `/models` & `/routes`
- Removes `legacyExplorer` flag which
enabled these routes
- Update related tests & tests using the
legacyExplorer flag
2016-06-20 16:05:11 -04:00
Loay ec51e833b6 Fix verificationToken bug 2016-06-17 10:21:59 -04:00
Miroslav Bajtoš 42c83f69a0 Cleanup unit-test added in 1fc51d129 2016-06-14 14:47:41 +02:00
Loay 74aba5f80c Merge pull request #2411 from strongloop/strongErrorHandler
[SEMVER-MAJOR] Remove `loopback#errorHandler` middleware
2016-06-13 16:47:24 -04:00
Loay 1fc51d1296 update errorHandler template 2016-06-13 11:18:09 -04:00
Benjamin Kroeger 83b5d72073 add missing unit tests for #2108
subsequent token middleware tries to read `token.id` when `enableDoublecheck: true`. That caused a "Cannot read property `id` of `null`" error when the first middleware didn't actually find a valid accessToken.
2016-06-13 15:27:59 +02:00
Amir Jafarian 6502309e34 Expose `Replace*` methods
*Re-mapping `updateAttributes` endpoint to use
`PATCH` and `PUT`(configurable) verb
*Exposing `replaceById` and `replaceOrCreate` via
`POST` and `PUT`(configurable) verb
2016-06-10 14:56:44 -04:00
David Cheung ddb5327e64 Update tests for strong-error-handler
Fix rest-adapter related test case switching to strong-error-handler
Only affect the test-cases calling rest methods
2016-06-07 13:26:18 -04:00
Miroslav Bajtoš 8d295b70f6 Remove legacy express 3.x middleware getters
Remove middleware-getter properties that were simlifying upgrade from
LoopBack 1.x/Express 3.x applications:

  - loopback.compress
  - loopback.timeout
  - loopback.cookieParser
  - loopback.cookieSession
  - loopback.csrf
  - loopback.errorHandler
  - loopback.session
  - loopback.methodOverride
  - loopback.logger
  - loopback.responseTime
  - loopback.favicon
  - loopback.directory
  - loopback.vhost

Also remove `loopback.mime`, which was set to `undefined` anyways.
2016-05-31 18:59:21 +02:00
David Cheung e723d8b641 Throw error upon extending unknown model
Create Model now uses findModel to retrieve base instead of getModel
and throws error upon base model not found
2016-05-10 18:00:56 -04:00
David Cheung 817e76e424 Remove unused UserModel properties
- credentials
- challenges
- status
- created
- lastUpdated
2016-05-10 14:29:08 -04:00
Simon Ho ca1baee0f9 Merge pull request #2297 from supasate/refactor/separate-error-checking-and-next-and-done-logic-from-others
Separate error-checking and next/done logic from other logic
2016-05-06 13:27:29 -07:00
Supasate Choochaisri 04e26fae5c Separate error-checking and next/done logic from other logic in the test suite
Signed-off-by: Supasate Choochaisri <supasate.c@gmail.com>
2016-05-05 11:12:48 +07:00
Simon Ho 1559db2ca3 Merge pull request #2269 from supasate/feature/do-not-allow-duplicate-role-name
Add feature to not allow duplicate role name
2016-05-04 20:42:13 -07:00
Supasate Choochaisri dd78b36a17 Clean up by removing unnecessary comments
Signed-off-by: Supasate Choochaisri <supasate.c@gmail.com>
2016-05-05 08:18:32 +07:00
Supasate Choochaisri d4a869bddf Add feature to not allow duplicate role name
Signed-off-by: Supasate Choochaisri <supasate.c@gmail.com>
2016-05-05 08:18:17 +07:00
Ryan Graham 6964914bab
update copyright statements 2016-05-03 15:50:21 -07:00
Miroslav Bajtoš 87bbf4502a Remove "loopback.autoAttach()"
The method was deprecated since LoopBack 2.0, there is no need to keep
it around in 3.0.
2016-05-03 14:01:39 +02:00
Miroslav Bajtoš 0e6db30640 test/rest.middleware: use local registry
Rework tests in `test/rest.middleware.test.js` to not depend
on `app.autoAttach()` and global shared registry of Models. Instead,
each tests creates a fresh app instance with a new in-memory datasource
and a new set of Models.
2016-05-03 14:01:39 +02:00
Miroslav Bajtoš 35d9fa4b54 Fix role.isOwner to support app-local registry 2016-05-03 14:01:39 +02:00
Miroslav Bajtoš 095dce0373 test/user: use local registry
Rework User tests to not depend on `app.autoAttach()` and global shared
registry of Models. Instead, each tests creates a fresh app instance
with a new in-memory datasource and a new set of Models.
2016-05-03 14:01:39 +02:00
juehou dcf88baf68 Resolver support return promise 2016-05-02 17:47:14 -04:00
Supasate Choochaisri 0ca24389b2 Add new feature to emit a `remoteMethodDisabled` event when disabling a remote method.
Signed-off-by: Supasate Choochaisri <supasate.c@gmail.com>
2016-04-28 09:03:54 +07:00
Benjamin Kröger 9e0405de9f Allow built-in token middleware to run repeatedly
Add two new options:

  - When `enableDoublecheck` is true, the middleware will run
    even if a previous middleware has already set `req.accessToken`
    (possibly to `null` for anonymous requests)

  - When `overwriteExistingToken` is true (and `enableDoublecheck` too),
    the middleware will overwrite `req.accessToken` set by a previous
    middleware instances.
2016-04-06 15:44:20 +02:00
Miroslav Bajtoš f9702b0ace Use eslint with loopback config
Drop jshint and jscs in favour of eslint.

Fix style violations.

While we are at this, reduce the max line length from 150 to 100.
2016-04-06 10:45:30 +02:00
Candy b5b900e0ff Remove constraint making isStatic required 2016-03-30 11:16:32 -04:00
Miroslav Bajtoš 93d487ffc0 Improve error message on connector init error 2016-02-26 14:46:26 +01:00
Miroslav Bajtoš 782e89758e test: remove forgotten console.trace logs 2016-02-05 12:39:47 +01:00
Miroslav Bajtoš 91c1df96f0 Fix race condition in replication tests 2016-02-05 12:24:27 +01:00
Miroslav Bajtoš e7f49af7f4 Fix race condition in error handler test 2016-02-05 09:21:47 +01:00
Miroslav Bajtoš 7ed5cf88ca Merge pull request #2035 from strongloop/clean-xunit
test: remove errant console.log from test
2016-02-05 09:14:15 +01:00
Ryan Graham ab5254fcba test: remove errant console.log from test
Using console.log like this can result in invalid xml when the xunit
reporter is used.
2016-02-04 08:35:37 -08:00
Jue Hou d26d6ff3ed Promisify Model Change
* Change.diff
* Change.findOrCreateChange
* Change.rectifyModelChanges
* Change.prototype.currentRevision
* Change.prototype.rectify
2016-02-04 11:05:23 -05:00
Ryan Graham ef9ad587c8 test: fail on error instead of crash
If the supertest request fails its basic assertions, there may not even
be a body to perform checks against, so bail early when possible.
2016-02-04 15:35:19 +01:00
Ryan Graham c317204c74 ensure app is booted before integration tests 2016-02-04 15:35:19 +01:00
Miroslav Bajtoš 0ad150cb6e Merge pull request #1851 from gausie/patch-4
Hide verificationToken from JSON output
2016-01-25 14:23:52 +01:00
Miroslav Bajtoš 804c71d7c6 Remove "loopback.DataModel"
The model was just a temporary alias to simplify migration of code
based on <=2.0.0-beta3
2016-01-25 10:17:45 +01:00
Amir-61 c9be67e4d3 Merge pull request #1908 from strongloop/checkpoint_speedup
Checkpoint speedup
2016-01-19 10:25:15 -05:00
Samuel Gaus 2741d50342 Hide verificationToken
We should never be showing this publically.

Adds unit test for hiding verification token.
2016-01-12 15:48:03 +00:00
Simon Ho f1f0100311 Merge pull request #1944 from strongloop/remove-unused-code
Remove unused code from loopback-testing-helper
2016-01-11 12:11:30 -08:00
Amir Jafarian 08a2786b04 Checkpoint speedup 2016-01-09 01:56:13 -05:00
Jue Hou 889c561ed3 Always use bluebird as promise library
Replace `global.Promise` with `bluebird`
2016-01-08 13:58:12 -05:00
Simon Ho 4b30c27fa2 Remove unused code from loopback-testing-helper 2016-01-06 18:07:33 -08:00
Simon Ho 186e3e8f92 Remove dependency on loopback-testing
- Copy depedent source from loopback-testing into test/helpers
- Removed loopback-testing from package.json
2015-12-31 15:59:03 -08:00
Amir Jafarian 4aac2776a8 Fix bulkUpdate to not trigger rectifyAll
Fix `getIdFromWhereByModelId()` to correctly detect the situation
when "bulkUpdate" performs a write operation using a where filter
containing both id attribute but also all other model attributes.

This should significantly improve the performance of change replication,
because the cost of running rectifyAll is very high.
2015-12-22 10:44:28 +01:00
Miroslav Bajtoš 1b765922c9 Merge pull request #1860 from strongloop/fix/replication-performance
Fix replication performance
2015-12-08 19:32:57 +01:00
Miroslav Bajtoš d2aaca7460 Change: correctly rectify no-change
Modify `Change.rectify()` to not make any changes to the Change instance
(most notably to not modify the `checkpoint` field) when the tracked
model instance was not changed.

This should improve the performance of change replication as it reduces
the number of unnecessary replications.

For example, before this commit, every run of `rectifyAll` would
trigger a full sync of all clients, because all change instances would
be moved to the current checkpoint.
2015-12-07 14:13:25 +01:00
Richard Pringle 2cca83c4ff Add case-sensitve email option for User model. 2015-12-03 13:18:49 -05:00
Miroslav Bajtoš 36cd5a7a78 lib/registry: fix findModel for model ctor
Fix `registry.findModel(arg)` to support the case when `arg` is already
a model constructor.
2015-11-09 16:01:43 +01:00
Simo Moujami 403e677155 Fix user.resetPassword to fail on email not found 2015-11-02 12:55:24 +01:00
Samuel Gaus 351b8026a0 Do not include redundant ports in verify links
If the protocol and port match we can ignore the port for a more
visually appealing link.
2015-10-12 16:24:30 +02:00
wusuopu ce48521efb Set application's id property only if it's empty.
Fix `Application.resetKeys()` to reset instance id only if it is not
already set. This fixes a bug where each call of resetKeys created
a new instance.
2015-10-12 11:23:33 +02:00
Simon Ho 26af1472e7 Check configs for shared method settings 2015-09-28 16:27:48 -07:00
Simon Ho 716ed4569f Add test fixtures for shared methods 2015-09-25 17:31:35 -07:00
Richard Walker 65ca318392 Create stack-removing errorhandler middleware
Create a wrapper around express' errorhandler that removes the stack
trace from error responses when "options.includeStack" is false.
2015-09-03 08:38:24 +02:00
Raymond Feng 06cece038e Merge pull request #1584 from strongloop/feature/add-more-acl-utils
Enhance the ACL related models
2015-08-13 09:00:32 -07:00
Raymond Feng 3eb8dd55f6 Add util methods to ACL and clean up related model resolutions 2015-08-13 08:58:41 -07:00
Pradnya Baviskar 64a1dbadc8 Promisify 'PersistedModel - replication' 2015-08-12 09:22:53 +02:00
Pradnya Baviskar 2ee7c94a4e Promisify 'Application' model 2015-08-12 09:15:24 +02:00
Raymond Feng c44a19dc73 Allow methods filter for middleware config 2015-08-05 10:30:57 -07:00
Miroslav Bajtoš 98784e2b4b Don't load Bluebird for createPromiseCallback
The decision which Promise implementation to use should be made by
LoopBack user, not by the framework.

This commit moves Bluebird reference from lib/utils.js to
test/support.js.
2015-08-04 11:04:12 +02:00
Miroslav Bajtoš aa5c9e3628 Merge pull request #1493 from PradnyaBaviskar/issue418-userModel
Promisify User model
2015-08-04 10:32:44 +02:00
Raymond Feng 34eb0e1a45 Disable application model test for karma 2015-07-28 08:39:58 -07:00
Pradnya Baviskar dc987a59a9 Promisify User model 2015-07-14 13:01:46 +05:30
Ritchie Martori cdddb08a67 Merge pull request #1445 from strongloop/feature/subscribe
Add PersistedModel.subscribe()
2015-07-09 13:35:49 -07:00
Ritchie Martori 40c5707a36 Add PersistedModel.createChangeStream() 2015-07-09 13:34:01 -07:00
Miroslav Bajtoš 5ec7fd51e2 Merge pull request #1416 from strongloop/feature/searchDefaultTokenKeys
Config option: (do not) search default token keys
2015-07-09 18:03:41 +02:00
Miroslav Bajtoš 3115e5055f Auto-configure models required by `app.enableAuth`
Modify `app.enableAuth` to automaticaly setup all required models
that are not attached to the app nor a datasource.

Users wishing to use this option must provide the name of the
data-source to use for these models.

Example usage:

    var app = loopback();
    app.dataSource('db', { connector: 'memory' });
    app.enableAuth({ dataSource: 'db' });

    app.use(loopback.rest());
    app.listen(3000);
2015-06-01 12:19:28 +02:00
Miroslav Bajtoš 0ccc1e2b73 Add loadBuiltinModels flag to loopback(options)
When creating an application with a local registry, the default
behaviour is to define only two core models Model & PersistedModel.

The new flag `loadBuiltinModels` modifies this behaviour and instructs
loopback to define all builtin models in the local registry too.
2015-06-01 12:19:28 +02:00
Raymond Feng 77bcc09107 Merge branch 'master' of https://github.com/esco/loopback into esco-master 2015-05-29 16:44:18 -07:00
Miroslav Bajtoš 986132d79f Add a unit-test for searchDefaultTokenKeys 2015-05-29 12:06:32 +02:00
Raymond Feng b5f702afd3 Fix the test case 2015-05-28 16:15:02 -07:00
Raymond Feng b627220059 Merge branch 'polymorphic-scoped-inclue' of https://github.com/mrfelton/loopback into mrfelton-polymorphic-scoped-inclue 2015-05-22 09:20:20 -07:00
Tom Kirkpatrick d6c8d9725a Fix code standards issues 2015-05-14 22:09:51 +02:00
Raymond Feng 20c9695591 Make the test compatible with latest juggler 2015-05-13 12:52:31 -07:00
Tom Kirkpatrick 8fa736517a Add test case to highlight fatal error when trying to include a scoped relationship through a polymorphic relationship 2015-05-13 18:47:30 +02:00
Ritchie Martori 805e0e0c1c Merge pull request #1370 from strongloop/fix/check-access-ordering
Use the new remoting.authorization hook for check access
2015-05-12 16:06:47 -07:00
Ritchie Martori 9cde2a45be Use the new remoting.authorization hook for check access 2015-05-12 15:33:05 -07:00
Miroslav Bajtoš f93b69ed0a Define remote methods via model settings/config
Process `settings.methods` and `config.methods` as a key-value map
where the key is the method name and the value is an object describing
the method in the format expected by strong-remoting.

Example: a static method `Model.create`

    "methods": {
      "create": {
        "isStatic": true,
        "accepts": {
           "arg": "data", "type": "Car",
           "http": { "source": "body" }
        },
        "returns": { "arg": "data", "type": "Car", "root": true }
      }
    }

This patch is based on the code proposed by @mrfelton in #1163.
2015-05-07 07:42:08 +02:00
Miroslav Bajtoš b6b76d538c Fix regression in Model.getApp()
This patch fixes the method Model.getApp() that started to report
the following error after b61fae5 was landed:

assert.js:88
  throw new assert.AssertionError({
        ^
AssertionError: undefined == true
    at loopback/loopback/lib/model.js:392:7
    at EventEmitter.<anonymous> (loopback/loopback/lib/model.js:222:9)
    at EventEmitter.g (events.js:257:16)
    at emitOne (events.js:77:13)
    at EventEmitter.emit (events.js:166:7)
    at EventEmitter.app.model (loopback/loopback/lib/application.js:157:9)
2015-04-28 12:49:57 +02:00
Raymond Feng f798882e9a Allow dataSource === false 2015-04-24 08:32:17 -07:00
Raymond Feng a4121ee3d6 Merge pull request #1318 from strongloop/feature/disable-include-access-tokens
Disable inclusion of User.accessTokens
2015-04-21 10:43:41 -07:00
Raymond Feng bdc741520e Disable inclusion of User.accessTokens 2015-04-20 11:44:07 -07:00
Raymond Feng ca004adfc6 Merge pull request #1301 from strongloop/feature/disable-include-access-tokens
Upgrade test fixtures to 2.x project layouts
2015-04-20 11:43:19 -07:00
Raymond Feng 12e19e36ea Upgrade test fixtures to use LB 2.x layout 2015-04-20 09:23:44 -07:00
Miroslav Bajtoš 4d0a824757 Add back loopback properties like modelBuilder
The commit b917075 accidentally removed a couple of properties,
this commit is bringing them back:

 - loopback.modelRegistry
 - loopback.defaultDataSources

A unit-test was added to prevent this kind of regressions in the future.
2015-04-17 18:05:25 +02:00
Raymond Feng 2bf69a1171 Expose the `filter` argument for findById 2015-04-16 15:02:41 -07:00
Miroslav Bajtoš cf2acb3cd2 Conflict resolution and Access control
Add end-to-end unit-tests verifying enforcement of access control during
conflict resolution.

Implement two facade methods providing REST API for Change methods used
by conflict resolution:

    PersistedModel.findLastChange
    GET /api/{model.pluralName}/{id}/changes/last

    PersistedModel.updateLastChange
    PUT /api/{model.pluralName}/{id}/changes/last

By providing these two methods on PersistedModel, replication users
don't have to expose the Change model via the REST API. What's even
more important, these two methods use the same set of ACL rules
as other (regular) PersistedModel methods.

Rework `Conflict.prototype.changes()` and `Conflict.prototype.resolve()`
to use these new facade methods.

Implement a new method `Conflict.prototype.swapParties()` that provides
better API for the situation when a conflict detected in Remote->Local
replication should be resolved locally (i.e. in the replication target).
2015-04-14 08:23:24 +02:00
Miroslav Bajtoš 9c5fe088e3 AccessControl for change replication
1) Add integration tests running change replication over REST to verify
that access control at model level is correctly enforced.

2) Implement a new access type "REPLICATE" that allows principals
to create new checkpoints, even though they don't have full WRITE
access to the model. Together with the "READ" permission, these
two types allow principals to replicate (pull) changes from the server.

Note that anybody having "WRITE" access type is automatically
granted "REPLICATE" type too.

3) Add a new model option "enableRemoteReplication" that exposes
replication methods via strong remoting, but does not configure
change rectification. This option should be used the clients
when setting up Remote models attached to the server via the remoting
connector.
2015-04-07 19:53:58 +02:00
Miroslav Bajtoš 699bc7aa97 test: remove global autoAttach 2015-04-07 15:25:18 +02:00
Miroslav Bajtoš b61fae58f6 Merge pull request #1272 from strongloop/feature/after-remote-error-hook
Model.afterRemoteError hook
2015-04-07 09:47:51 +02:00
Ritchie Martori b9170751bc Add support for app level Model isolation
- `loopback.registry` is now a true global registry
 - `app.registry` is unique per app object
 - `Model.registry` is set when a Model is created using any registry method
 - `loopback.localRegistry` and `loopback({localRegistry: true})` when set to `true` this will create a `Registry` per `Application`. It defaults to `false`.
2015-04-03 11:48:45 -07:00
Miroslav Bajtoš dd83be99f0 Implement ModelCtor.afterRemoteError 2015-04-03 10:31:03 +02:00
Raymond Feng 64ccb785c2 Fix the style issue 2015-04-02 08:45:04 -07:00
Raymond Feng 9af828efd4 Merge branch 'fix/embeds-one-remoting' of https://github.com/fabien/loopback into fabien-fix/embeds-one-remoting 2015-04-02 08:41:49 -07:00
Miroslav Bajtoš 2aa09ba574 Add `loopback.runInContext`
Refactor the core implementation of current context from
server/middleware/context.js into server/current-context.js.

Expose new public API:
 - loopback.runInContext
 - loopback.createContext
2015-03-27 19:12:17 +01:00
Raymond Feng 548cb6ef94 Fix style issues 2015-03-27 08:59:11 -07:00
Esco Obong 1993338c0b Merge branch 'master' of https://github.com/strongloop/loopback 2015-03-25 16:45:58 -04:00
Fabien Franzen 93aefc36f5 Test embedsOne CRUD methods 2015-03-21 17:21:49 +01:00
Miroslav Bajtoš 65c14c1779 Add conflict resolution API
New methods:
  conflict.resolveUsingSource(cb)
  conflict.resolveUsingTarget(cb)
  conflict.resolveManually(data, cb)
2015-03-20 17:47:07 +01:00
Miroslav Bajtoš 911d8323b4 Merge pull request #1205 from strongloop/feature/custom-verify-token-generator
Add ability to pass in custom verification token generator
2015-03-20 08:56:59 +01:00
Miroslav Bajtoš 87940a4b58 Detect 3rd-party changes made during replication
Modify `Change.diff()` to include current data revision in each
delta reported back. The current data revision is stored in
`delta.prev`.

Modify `PersistedModel.bulkUpdate()` to check that the current data
revision matches `delta.prev` and report a conflict if a third party
has modified the database under our hands.

Fix `Change` implementation and tests so that they are no longer
attempting to create instances with duplicate ids.
(This used to work because the memory connector was silently
converting such requests to updateOrCreate/findOrCreate.)
2015-03-20 08:19:59 +01:00
jakerella 713001913e Ability to pass in custom verification token generator
This commit adds the ability for the developer to use a custom token generator function for the user.verify(...) method. By default, the system will still use the crypto.randomBytes() method if no option is provided.
2015-03-19 16:56:38 -04:00
Miroslav Bajtoš 91f59e1ccd Remove unnecessary delay in tests. 2015-03-19 08:00:37 +01:00
Esco Obong 551261ec16 fix linting errors 2015-03-13 18:30:53 -04:00
Esco Obong 7a990d745c Merge remote-tracking branch 'upstream/master' 2015-03-13 15:06:00 -04:00
Esco Obong 8cc558a991 consolidate Role methods roles, applications, and users into one, add query param to allow for pagination and restricting fields 2015-03-13 11:50:30 -04:00
Esco Obong 74018019b4 fix implementation of Role methods: users,roles, and applications 2015-03-12 14:58:08 -04:00
Raymond Feng 131633f50d Merge pull request #1169 from strongloop/feature/allow-current-user-literal
Allow 'me' literal to represent the current user in url
2015-03-12 10:20:39 -07:00
Raymond Feng 6ad61d6c00 Enhance the token middleware to support current user literal 2015-03-12 08:28:15 -07:00
Miroslav Bajtoš 59ae90bb97 Run replication tests in the browser too 2015-03-06 14:50:16 +01:00
Miroslav Bajtoš 8f41ac4b35 Add replication tests for conflict resolution 2015-03-06 14:50:16 +01:00
Miroslav Bajtoš f57086d5f2 Fix an assertion broke by recent chai upgrade. 2015-03-06 11:22:30 +01:00
Miroslav Bajtoš e59493ec40 Merge pull request #1176 from strongloop/feature/more-replication-improvements
Prevent more kinds of false replication conflicts
2015-03-06 07:27:16 +01:00
Raymond Feng 14731165b7 Merge pull request #1174 from ulion/static_acl_multiple_properties
Static ACL support array of properties now
2015-03-05 14:35:53 -08:00
ulion 9f705139f8 Static ACL support array of properties now 2015-03-06 06:24:09 +08:00
Miroslav Bajtoš c2e1b12644 Add more integration tests for replication
Add tests covering typical replication scenarios that happen
in the setup where multiple clients are synchronizing changes
against a single server (database).
2015-03-05 14:55:55 +01:00
Miroslav Bajtoš 76d9244448 Prevent more kinds of false replication conflicts
Rework the Change model to merge changes made within the same
Checkpoint.

Rework `replicate()` to run multiple iteration until there were no
changes replicated. This ensures that the target model is left in
a clean state with no pending changes associated with the latest
(current) checkpoint.
2015-03-05 14:15:02 +01:00
Raymond Feng 2ce1d14a0e Upgrade deps 2015-03-04 16:30:03 -08:00
Miroslav Bajtoš 3d5c8a7443 Checkpoint: start with seq=1 instead of seq=0
Since the seq behaves in many senses like an id, it should meet
the usual expectation people have about ids. Using only truthy values
is one of them.
2015-03-03 19:37:11 +01:00
Miroslav Bajtoš 628e3a30ca Return new checkpoints in callback of replicate()
Extend `PersistedModel.replicate` to pass the newly created checkpoints
as the third callback argument.

The typical usage of these values is to pass them as the `since`
argument of the next `replicate()` call.

    global.since = -1;

    function sync(cb) {
      LocalModel.replicate(
        since,
        RemoteModel,
        function(err, conflicts, cps)
          if (err) return cb(err);
          if (!conflicts.length) {
            since = cps;
            return cb();
          }
          // resolve conflicts and try again
        });
    }
2015-03-03 19:37:11 +01:00
Miroslav Bajtoš 2dc230b7cf Replication: fix checkpoint-related race condition
Rework the "replicate()" to create a new source checkpoint as the first
step, so that any changes made in parallel will be associated with
the next checkpoint.

Before this commit, there was a race condition where a change might
end up being associated with the already-replicated checkpoint and thus
not picked up by the next replication run.
2015-03-03 19:37:11 +01:00
Miroslav Bajtoš 2f9cf115c3 Support different "since" for source and target
Modify `PersistedModel.replicate` to allow consumers to provide
different "since" values to be used for the local and remote changes.

Make the "since" filters consistent and include the "since" value
in the range via `gte`. Before this commit, the local query used
`gt` and the remote query used `gte`.
2015-03-03 14:40:59 +01:00
Miroslav Bajtoš 19519b038b karma conf: prevent timeouts on Travis CI
Increase the timeout values to prevent DISCONNECTED errors when
running the tests on slow machines (e.g. Travis CI).
2015-03-03 09:47:49 +01:00
Miroslav Bajtoš 774c70903e Merge pull request #1135 from greaterweb/fix/issue-1134
ability to disalbe /models /routes routes
2015-03-03 09:42:42 +01:00
Raymond Feng 78550a9bc5 Pass options from User.login to createAccessToken
It will allow subclass of User to create access token based on additional
properties such as 'scope'.
2015-03-02 14:48:08 -08:00
Ron Edgecomb 1818a8fb34 Config option to disable legacy explorer routes
Setting legacyExplorer to false in the loopback config will disable
the routes /routes and /models made available in loopback.rest.
The deprecate module has been added to the project with a reference
added for the legacyExplorer option as it is no longer required by
loopback-explorer. Tests added to validate functionality of disabled
and enabled legacy explorer routes.
2015-03-02 14:12:18 -05:00
Miroslav Bajtoš f21b29e34a test: setup GUID for all models tracking changes
Fix all test models that are tracking changes so that they have
a generated unique string id.

Make model names unique where possible to prevent tests reusing
the same model which causes unintented side effects.
2015-03-02 18:16:18 +01:00
Raymond Feng ce57fdd139 Merge pull request #1131 from strongloop/feature/workaround-new-relic
Add a workaround to avoid conflicts with NewRelic
2015-02-25 10:21:37 -08:00
Raymond Feng 9a0267e87a Add a workaround to avoid conflicts with NewRelic 2015-02-25 09:47:18 -08:00
Miroslav Bajtoš 3c43eccac7 Merge pull request #1120 from PradnyaBaviskar/lb-issue-416
Fix "User.confirm" to always call afterRemote hook

Close #1120
2015-02-25 14:26:07 +01:00
Pradnya Baviskar 8766d4a68d Fix "User.confirm" to always call afterRemote hook
Make the "redirect" parameter optional. When the parameter is not
specified, the server responds with an empty response (204). This allows
API clients to call the method without the need to handle redirects
and HTML responses.

Even when the "redirect" parameter is included, the builtin afterRemote
hook still calls next(), so that user-provided afterRemote hooks
are executed too.
2015-02-25 14:20:47 +01:00
Raymond Feng 13e618bff2 Skip hashing password if it's already hashed
See https://github.com/strongloop/loopback-datasource-juggler/issues/471
2015-02-24 16:36:51 -08:00
Miroslav Bajtoš 702ecc6f72 Fix change detection & tracking
Add unit-tests to verify that all DAO methods correctly create change
records.

Rework the change detection to use the new operation hooks, this fixes
the bugs where operations like "updateOrCreate" did not update change
records.
2015-02-20 19:28:33 +01:00
Miroslav Bajtoš c2236c393b Upgrade jscs to ~1.11 via grunt-jscs ^1.5 2015-02-20 15:31:15 +01:00
Miroslav Bajtoš c925e669f7 Fix test broken by recent juggler changes
The patch strongloop/loopback-datasource-juggler#436 changed the way
how `Model.extend` works, which broke one loopback test relying on the
old behaviour.

This commit fixes the failing test. The test is checking now that
the model base was not changed, instead of checking that the base
is undefined.
2015-02-20 13:08:39 +01:00
Raymond Feng a18fa176a8 Fix the test case 2015-01-30 08:52:45 -08:00
Raymond Feng bbba49d99c Enable remoting for hasOne relations 2015-01-29 22:33:34 -08:00
Pradnya Baviskar b27b13071a Add test case to demonstrate url-encoded http path 2015-01-23 18:34:13 +05:30
Pradnya Baviskar 7dcc2fcb1c Add test case for loopback issue #698
Verify that the following model options change the HTTP path
where the model is exposed:

    { http: { path: 'domain/mymodels' } }
2015-01-22 18:40:47 +01:00
Ron Edgecomb a028d9d198 Add error code property to known error responses.
Enhance the error objects with a `code` property containing
a machine-readable string code describing the error, for example
INVALID_TOKEN or USER_NOT_FOUND.

Also improve 404 error messages to include the model name.
2015-01-21 19:04:47 +01:00
Ryan Graham 8fa04fd32f Merge pull request #1015 from strongloop/feature/rmg-basic-auth-support
Extend AccessToken to parse Basic auth headers
2015-01-16 10:52:02 -08:00
Ryan Graham 389b8c0e83 test: use 127.0.0.1 instead of localhost
More portable for dual-stack environments where localhost may mean
::1, which is the IPv6 equivalent of 127.0.0.1, but not actually the
same.
2015-01-15 22:53:09 -08:00
Ryan Graham fbb091e3b3 Extend AccessToken to parse Basic auth headers
Allow convenient URLs for curl and browsers such as:
 - http://some-long-token@localhost:3000/
 - http://token:some-long-token@localhost:3000/

Basic Auth specifies a 'Basic' scheme for the Authorization header
similar to how OAuth specifies 'Bearer' as an auth scheme.

Following a similar convention, extract the access token from the
Authorization header when it specifies the 'Basic' scheme, assuming
it is the larger of the <user>:<pass> segments.
2015-01-15 22:53:09 -08:00
Ryan Graham 83d8844b70 tests: fix Bearer token test 2015-01-15 22:53:09 -08:00
Raymond Feng 563a06fa7e Make sure EXECUTE access type matches READ or WRITE
See https://github.com/strongloop/loopback/issues/1011
2015-01-14 13:38:44 -08:00
Raymond Feng f5eac871fd Merge branch 'master' of https://github.com/greaterweb/loopback into greaterweb-master 2015-01-07 16:35:00 -08:00
Raymond Feng 90fd62ec0a Merge pull request #941 from strongloop/feature/workaround-issue-251
Allow User.hashPassword/validatePassword to be overridden
2015-01-07 14:01:03 -08:00
Pham Anh Tuan ca0208ddd9 Fix context middleware to preserve domains
When executing a request using a pooled connection, connectors
like MongoDB and/or MySQL rebind callbacks to the domain which
issued the request, as opposed to the domain which opened the pooled
connection.

This commit fixes the context middleware to play nicely with that
mechanism and preserve domain rebinds.
2015-01-07 10:56:10 +01:00
Raymond Feng 4a9c5b627c Fix Geo test cases 2015-01-06 16:03:37 -08:00
Raymond Feng b7db9808b2 Allow User.hashPassword/validatePassword to be overridden
See https://github.com/strongloop/loopback/issues/251
2015-01-06 16:03:30 -08:00
Raymond Feng d77c5fac1d Merge pull request #962 from clarkorz/fix/nestRemote-hooks
fix nestRemoting is nesting hooks from other relations
2015-01-06 15:29:15 -08:00
Ron Edgecomb 62bb63b4f2 Additional password reset unit tests for API and REST
- strongloop/loopback#944
2015-01-06 10:31:53 -05:00
Ron Edgecomb 9ac620c113 Small formatting update to have consistency with identical logic in other areas.
- strongloop/loopback#944
2015-01-06 10:31:52 -05:00
Ron Edgecomb 36112d2b50 Simplify the API test for invalidCredentials (removed create), move above REST calls for better grouping of tests
- strongloop/loopback#944
2015-01-06 10:31:52 -05:00
Ron Edgecomb e4a1baa4a3 Force request to send body as string, this ensures headers aren't automatically set to application/json
- strongloop/loopback#944
2015-01-06 10:31:52 -05:00
Ron Edgecomb 572a8bb423 Ensure error checking logic is in place for all REST calls, expand formatting for consistency with existing instances.
- strongloop/loopback#944
2015-01-06 10:31:52 -05:00
Ron Edgecomb 6de1da5d22 Correct invalidCredentials so that it differs from validCredentialsEmailVerified, unit test now passes as desired.
- strongloop/loopback#944
2015-01-06 10:31:52 -05:00
Ron Edgecomb 3b4cadf7a3 Update to demonstrate unit test is actually failing due to incorrect values of invalidCredentials
- strongloop/loopback#944
2015-01-06 10:31:52 -05:00
Ron Edgecomb 70f576b452 API and REST tests added to ensure complete and valid credentials are supplied for verified error message to be returned
- tests added as suggested and fail under previous version of User model
 - strongloop/loopback#931
2015-01-05 18:40:59 -05:00
Ritchie Martori 270dfc2603 Merge pull request #955 from alFReD-NSH/checkpoint-leak
Fix Change.getCheckpointModel() giving new models each call
2015-01-05 09:40:29 -08:00
Clark Wang 58f67e92d1 fix jscs warning
Signed-off-by: Clark Wang <clark.wangs@gmail.com>
2015-01-04 18:24:29 +08:00
Clark Wang 94b2a45a6c fix nestRemoting is nesting hooks from other relations
Signed-off-by: Clark Wang <clark.wangs@gmail.com>
2015-01-01 15:26:58 +08:00
Clark Wang 2f9400fc87 fix User.settings.ttl can't be overridden in sub model
Signed-off-by: Clark Wang <clark.wangs@gmail.com>
2014-12-28 16:02:37 +08:00