Commit Graph

621 Commits

Author SHA1 Message Date
Miroslav Bajtoš 78f8b9124a Remove test/support.js from karma config
The file no longer exists.
2017-01-26 10:11:08 +01:00
Miroslav Bajtoš 93ab8644c4 Use English when running Mocha tests 2017-01-26 10:11:08 +01:00
Miroslav Bajtoš dfa1f6035b Merge pull request #3107 from benkroeger/master
Role model: resolve related models by name
2017-01-25 10:48:15 +01:00
Aris Kemper efd8237dc6 Fix User methods to use correct Primary Key
Do not use hard-coded "id" property name, call `idName()` to get the
name of the PK property.
2017-01-20 16:24:59 +01:00
João Ribeiro e63fea83f7 Fix User.resetPassword to call createAccessToken()
This allows User subclasses to override the algorithm used for building
one-time access tokens for password recovery.
2017-01-19 16:27:22 +01:00
Benjamin Kroeger a6d511d8b4 Role model: resolves related models by name
Resolve models related to the `Role` model by name instead of class.
2017-01-16 15:48:24 +01:00
Miroslav Bajtoš e17cc3d23a Preserve current session when invalidating tokens
Fix User model to preserve the current session (provided via
"options.accessToken") when invalidating access tokens after a change
of email or password property.
2017-01-16 10:08:30 +01:00
Miroslav Bajtoš 24bb15233d Clean up access-token-invalidation tests 2017-01-16 10:08:30 +01:00
Miroslav Bajtoš 70eecfab70 Upgrade eslint-config to 7.x 2017-01-06 12:12:35 +01:00
Bram Borggreve cddfb9c77d
Allow password reset request for users in realms 2017-01-05 09:47:18 -05:00
Miroslav Bajtoš 298635dad1 Merge pull request #2992 from DA-14/feature/resetPasswordRequest
Emit resetPasswordRequest event with options
2017-01-05 15:33:22 +01:00
Miroslav Bajtoš f4b167698a Merge pull request #3053 from yumenohosi/fix/email-verified
Fix false emailVerified on user model update
2017-01-05 11:02:54 +01:00
kobaska e15a656714 Add option disabling periodic change rectification
When `Model.settings.changeCleanupInterval` is set to a negative value,
no periodic cleanup is performed at all.
2017-01-04 15:58:44 +01:00
박대선 d9ae32429b Fix false emailVerified on user model update
Yesterday, the loopback we are using in our system was upgraded
via npm, and since the upgrade, we noticed that every time
the user model updates, the emailVerified column would change to false.

I took a look and realized there might be an error in
https://github.com/strongloop/loopback/commit/eb640d8

The intent of the commit just mention is to make emailVerified false
when the email gets changed, but notice that ctx.data.email is null
on updates, so the condition is always met and emailVerified always
becomes false.

This commit fixes the issue just mentioned.
2016-12-23 14:04:44 +09:00
Miroslav Bajtoš 60ea3e96bc Contextify DAO and relation methods
Modify remoting metadata of data-access methods in PersistedModel
and relation method in Model and add an "options" argument to "accepts"
list.
2016-12-22 10:26:09 +01:00
Miroslav Bajtoš 4de3aa77e3 Implement new http arg mapping optionsFromRequest
Define a new Model method "createOptionsFromRemotingContext" that allows
models to define what "options" should be passed to methods invoked
via strong-remoting (e.g. REST).

Define a new http mapping `http: 'optionsFromRequest'` that invokes
`Model.createOptionsFromRemotingContext` to build the value from
remoting context.

This should provide enough infrastructure for components and
applications to implement their own ways of building the "options"
object.
2016-12-22 10:26:01 +01:00
Miroslav Bajtoš 29a17f39d5 Invalidate AccessTokens on password change
Invalidate all existing sessions (delete all access tokens)
after user's password was changed.
2016-12-12 13:30:53 +01:00
Sergey Reus fa8bca8d6e Emit resetPasswordRequest event with options 2016-12-09 18:14:32 +02:00
Miroslav Bajtoš 63beaa21fe Merge pull request #3004 from strongloop/fix/email-template-in-transport
Remove "options.template" from Email payload
2016-12-07 10:53:04 +01:00
Miroslav Bajtoš 5016703f21 Remove "options.template" from Email payload
Fix User.confirm to exclude "options.template" when sending the
confirmation email. Certain nodemailer transport plugins are rejecting
such requests.
2016-12-06 16:18:19 +01:00
Miroslav Bajtoš acdfb432d0 Upgrade eslint config and grunt-eslint to latest
- disable ES6 because PhantomJS does not support it yet
 - fix linter errors reported after the upgrade.
2016-12-06 16:05:13 +01:00
Eric b0d6c4a7d2 Add "returnOnlyRoleNames" option to Role.getRoles
Currently the return type of Role.getRoles() method is inconsistent:
role names are returned for smart roles and role ids are returned for
static roles (configured through user-role mapping).

This commit adds a new option to Role.getRoles() allowing the caller
to request role names to be returned for all types of roles.
2016-11-30 16:46:59 +01:00
David Cheung fa7cb923cd add allowArray to relations' create remoteMethod
this is needed because we added allowArray flag to persisted model's
remoteMethod, but when relations try to rebuild such methods, it does
not carry over such flags
2016-11-23 12:00:18 -05:00
Miroslav Bajtoš 1ec7cf0a37 Turn on "no-unused-expressions" rule for eslint
Fix unit-tests relying on property-based assertions to use function
calls instead, using "dirty-chai" to modify chai's property checkers.
2016-11-22 15:30:04 +01:00
Loay 06cb481c3f Update eslint to loopback config v5
Notable side-effects:
 - loopback no longer exports "caller" and "arguments" properties
 - kv-memory connector is now properly added to the connector registry
 - the file "test/support.js" was finally removed
2016-11-22 14:08:02 +01:00
David Cheung b3c43b60cd make test individually runable
previously when you do something like mocha test/model.test.js
you would get an error like "assert is not a function"
2016-11-17 18:05:58 -05:00
Kogulan Baskaran b4f1b2f02c Add options to bulkUpdate 2016-11-15 17:40:44 +01:00
codyolsen 3f5e49c3d6 Fix context within listByPrincipalType role method
- Fix for current implimentation that returned all models that had any
  assigned roles. Context was not carried into listByPrincipalType,
  setting roleId as null.
2016-11-15 14:51:05 +01:00
Adrien Kiren 85da50cbc8 Add templateFn option to User#verify() 2016-11-14 16:22:10 +01:00
Loay eb640d8da0 Require verification after email change
When the User model is configured to require email verification,
then any change of the email address should trigger re-verification.
2016-11-09 13:06:25 +01:00
Candy 8f08398c30 Update doc links 2016-11-04 16:47:12 -04:00
Dhaval Trivedi 4922f425fc adding check of string for case insensitive emails 2016-11-01 18:13:56 -04:00
David Cheung 5252fba376 allow batch create for persisted models
In strong-remoting 3.x, we have stricken the coercion of inputs
methods that are expecting an Object will nolonger accept an array
as input, to preserve backwards compatibility we have added flag
allowArray in remote arguments, which would accept an array of objects
2016-10-25 15:45:00 -04:00
Miroslav Bajtoš 1439446b36 Fix description of updateAll response
Correctly describe the first non-error callback arg as an `info` object
containing a `count` property.
2016-10-12 12:43:53 +02:00
Miroslav Bajtoš 6808159427 Allow tokens with eternal TTL (value -1)
- Add a new User setting 'allowEternalTokens'
 - Enhance 'AccessToken.validate' to support eternal tokens with ttl
   value -1 when the user model allows it.
2016-10-10 13:27:22 +02:00
Tim van der Staaij c58bff6c3d Fix support for remote hooks returning a Promise
Fix beforeRemote/afterRemote to correctly return promises returned
by the user-provided hook callback.
2016-10-05 10:32:44 +02:00
Loay 5f5e874564 Validate non-email property partial update 2016-10-03 15:45:52 -04:00
Richard Pringle 0ab33a82d4 Call new disable remote method from model class. 2016-09-21 14:09:24 -04:00
David Cheung d544ae1bf8 Support uniqueness for realm users 2016-09-20 11:26:56 -04:00
Loay bcc2d99a95 Invalidate sessions after email change 2016-09-19 10:24:30 -04:00
Candy d4b8cf670f Fix remote method inheritance 2016-09-13 13:23:09 -04:00
Miroslav Bajtoš 21ff383eb3 Fix double-slash in confirmation URL
Fix the code building the URL used in the email-verification email
to prevent double-slash in the URL when e.g. restApiRoot is '/'.

Before:

  http://example.com//users/confirm?...

Now:

  http://example.com/users/confirm?...
2016-09-13 08:52:49 +02:00
Miroslav Bajtoš 6e1defcb18 Use strong-remoting's new TypeRegistry 2016-09-09 10:01:29 +02:00
Miroslav Bajtoš 92a5a08671 test/user: don't attach User model twice 2016-09-09 09:02:41 +02:00
Miroslav Bajtoš f76edd5d61 Fix remoting metadata for "data" arguments
Fix the definition of "data" argument to

    { type: 'object', model: modelName, ... }

That way strong-remoting passed the request body directly to the model
method (does not create a new model instance), but the swagger will
still provide correct schema for these arguments.

This fixes a bug where upsert in relation methods was adding default
property values to request payload.
2016-09-07 14:27:58 +02:00
gunjpan 832e2c391c Discard sugar method for model creation
Current implementation of `app.model(modelName, settings)`
works as a sugar for model creation. In 3.0, this is
not supported anymore. This implementation reports an
error when sugar is used for model creation.
Includes:
 - Updated app.model() method
 - Fixed test cases reflecting the change
2016-09-07 10:40:23 +02:00
Amirali Jafarian a6f8ec672d Merge pull request #2539 from mountain1234585/upsertWithWhere
Add upsertWithWhere
2016-09-06 15:54:21 -04:00
Miroslav Bajtoš 9a75ee6f30 Rework email validation to use isemail
Drop hand-crafted RegExp in favour of a 3rd-party module that supports
RFC5321, RFC5322 and other relevant standards.
2016-09-06 14:09:00 +02:00
Sonali Samantaray aef6dca30c Expose upsertWithWhere method 2016-09-02 18:10:47 +05:30
Simon Ho 9db0682b07 Add remoting for KeyValue model TTL feature 2016-08-29 14:46:41 -07:00
Subramanian Krishnan 40f0690573 Make the app instance available to connectors 2016-08-29 15:15:53 +02:00
Amirali Jafarian 358fdbf184 Merge pull request #2670 from strongloop/reorder_patch_put
Reorder PATCH Vs PUT endpoints
2016-08-26 16:09:43 -04:00
Loay 5567917c12 Allow resetPassword if emailVerified 2016-08-26 13:11:42 -04:00
Amir Jafarian b80666a507 Reorder PATCH Vs PUT endpoints
*Reorder PATCH Vs PUT endpoints for update* methods
2016-08-26 11:08:35 -04:00
Benjamin Kroeger 01c1656fc2 resolve related models from correct registry
Also modify setup of test servers when ACL was used, force the app
to `loadBuiltinModels` with localRegistry.
2016-08-25 12:51:29 +02:00
Miroslav Bajtoš 88e4de5341 KeyValueModel: add API for listing keys
- Expose "keys()" at "GET /keys"
 - Add a dummy implementation for "iterateKeys" to serve a useful error
   message when the model is not attached correctly.
2016-08-18 10:50:45 +02:00
Carl Fürstenberg edd5275b8b Fix token middleware crash
Fix token middleware to check if `req.loopbackContext` is active.
The context is not active for example when express-session calls
setImmediate which breaks CLS.
2016-08-17 14:44:00 +02:00
Samuel Reed 22345cfcda Support 'alias' in mail transport config.
Useful if you need to set up multiple transports of the same type.

[forward-port of #2489]
2016-08-16 16:24:56 +02:00
Loay 7aebf0d132 Add bcrypt validation 2016-08-12 21:34:50 -04:00
Miroslav Bajtoš a259e59afc common: add KeyValueModel 2016-08-10 14:15:22 +02:00
Miroslav Bajtoš b087c930ed Remove current-context API
Change all current-context APIs to throw a helpful error.
2016-08-10 13:43:40 +02:00
jannyHou 19618209c8 Fix forceId in tests 2016-08-08 15:06:29 -04:00
Miroslav Bajtoš a751230cd9 test: increase timeout to prevent CI failures 2016-08-08 15:45:53 +02:00
Miroslav Bajtoš 39da31bb5a test: fix "socket hang up" error in app.test
Rework the test to always wait for the client request to finish before
calling the test done.
2016-08-04 15:51:53 +02:00
Miroslav Bajtoš 5d18d41b28 test: increate timeout in Role test 2016-08-04 13:32:47 +02:00
Miroslav Bajtoš caaa296a82 test: make status test more robust
Rework assertions to report helpful messages on failure.

Increase the "elapsed" limit from 100ms to 300ms to support our
slow CI machines.
2016-08-04 11:00:00 +02:00
Miroslav Bajtoš 48205fb2bd test: fix broken Role tests
Rework the test suite to always report errors and correctly signal
when async tests are done.

This should prevent spurious test failures on CI servers that are
difficult to troubleshoot, because the error is reported for different
test case.
2016-08-03 16:17:58 +02:00
Miroslav Bajtoš 7546ee531d Update dependencies to their latest versions 2016-08-03 16:17:58 +02:00
jannyHou 17a046d7a1 Increase timeout 2016-07-29 14:54:34 -04:00
Miroslav Bajtoš fd0b6fcb96 test: fix change-tracking setup
The remote-connector test has misconfigured the client (remote) model,
where the client model was trying to keep track of changes. That's
redundant because it's up to the server model (attached directly to the
database) to track changes.

This commit fixes that configuration and also cleans up the test code
a little bit to make it easier to distinguish between the remote
(client) model and the server model.
2016-07-29 16:49:29 +02:00
Miroslav Bajtoš 98816217c9 test: use local registry in test fixtures
Use local registry in test fixtures to prevent collision in globally
shared models.

Fix issues discoverd in auth implementation where the global registry
was used instead of the correct local one.
2016-07-27 10:07:49 +02:00
Loay 0fa3327112 Fix test case error 2016-07-26 10:26:44 -04:00
Loay b53a22bfb3 Fix security issue 580 2016-07-22 17:48:57 -04:00
Gunjan Pandya 7ed003e973 Merge pull request #2419 from strongloop/remove-legacyExplorer
[SEMVER-MAJOR] Remove legacyExplorer
2016-07-14 14:35:38 -04:00
gunjpan 1b053d44fe Remove legacyExplorer
- Removes backward compatibility
for legacy end points `/models` & `/routes`
- Removes `legacyExplorer` flag which
enabled these routes
- Update related tests & tests using the
legacyExplorer flag
2016-06-20 16:05:11 -04:00
Loay ec51e833b6 Fix verificationToken bug 2016-06-17 10:21:59 -04:00
Miroslav Bajtoš 42c83f69a0 Cleanup unit-test added in 1fc51d129 2016-06-14 14:47:41 +02:00
Loay 74aba5f80c Merge pull request #2411 from strongloop/strongErrorHandler
[SEMVER-MAJOR] Remove `loopback#errorHandler` middleware
2016-06-13 16:47:24 -04:00
Loay 1fc51d1296 update errorHandler template 2016-06-13 11:18:09 -04:00
Benjamin Kroeger 83b5d72073 add missing unit tests for #2108
subsequent token middleware tries to read `token.id` when `enableDoublecheck: true`. That caused a "Cannot read property `id` of `null`" error when the first middleware didn't actually find a valid accessToken.
2016-06-13 15:27:59 +02:00
Amir Jafarian 6502309e34 Expose `Replace*` methods
*Re-mapping `updateAttributes` endpoint to use
`PATCH` and `PUT`(configurable) verb
*Exposing `replaceById` and `replaceOrCreate` via
`POST` and `PUT`(configurable) verb
2016-06-10 14:56:44 -04:00
David Cheung ddb5327e64 Update tests for strong-error-handler
Fix rest-adapter related test case switching to strong-error-handler
Only affect the test-cases calling rest methods
2016-06-07 13:26:18 -04:00
Miroslav Bajtoš 8d295b70f6 Remove legacy express 3.x middleware getters
Remove middleware-getter properties that were simlifying upgrade from
LoopBack 1.x/Express 3.x applications:

  - loopback.compress
  - loopback.timeout
  - loopback.cookieParser
  - loopback.cookieSession
  - loopback.csrf
  - loopback.errorHandler
  - loopback.session
  - loopback.methodOverride
  - loopback.logger
  - loopback.responseTime
  - loopback.favicon
  - loopback.directory
  - loopback.vhost

Also remove `loopback.mime`, which was set to `undefined` anyways.
2016-05-31 18:59:21 +02:00
David Cheung e723d8b641 Throw error upon extending unknown model
Create Model now uses findModel to retrieve base instead of getModel
and throws error upon base model not found
2016-05-10 18:00:56 -04:00
David Cheung 817e76e424 Remove unused UserModel properties
- credentials
- challenges
- status
- created
- lastUpdated
2016-05-10 14:29:08 -04:00
Simon Ho ca1baee0f9 Merge pull request #2297 from supasate/refactor/separate-error-checking-and-next-and-done-logic-from-others
Separate error-checking and next/done logic from other logic
2016-05-06 13:27:29 -07:00
Supasate Choochaisri 04e26fae5c Separate error-checking and next/done logic from other logic in the test suite
Signed-off-by: Supasate Choochaisri <supasate.c@gmail.com>
2016-05-05 11:12:48 +07:00
Simon Ho 1559db2ca3 Merge pull request #2269 from supasate/feature/do-not-allow-duplicate-role-name
Add feature to not allow duplicate role name
2016-05-04 20:42:13 -07:00
Supasate Choochaisri dd78b36a17 Clean up by removing unnecessary comments
Signed-off-by: Supasate Choochaisri <supasate.c@gmail.com>
2016-05-05 08:18:32 +07:00
Supasate Choochaisri d4a869bddf Add feature to not allow duplicate role name
Signed-off-by: Supasate Choochaisri <supasate.c@gmail.com>
2016-05-05 08:18:17 +07:00
Ryan Graham 6964914bab
update copyright statements 2016-05-03 15:50:21 -07:00
Miroslav Bajtoš 87bbf4502a Remove "loopback.autoAttach()"
The method was deprecated since LoopBack 2.0, there is no need to keep
it around in 3.0.
2016-05-03 14:01:39 +02:00
Miroslav Bajtoš 0e6db30640 test/rest.middleware: use local registry
Rework tests in `test/rest.middleware.test.js` to not depend
on `app.autoAttach()` and global shared registry of Models. Instead,
each tests creates a fresh app instance with a new in-memory datasource
and a new set of Models.
2016-05-03 14:01:39 +02:00
Miroslav Bajtoš 35d9fa4b54 Fix role.isOwner to support app-local registry 2016-05-03 14:01:39 +02:00
Miroslav Bajtoš 095dce0373 test/user: use local registry
Rework User tests to not depend on `app.autoAttach()` and global shared
registry of Models. Instead, each tests creates a fresh app instance
with a new in-memory datasource and a new set of Models.
2016-05-03 14:01:39 +02:00
juehou dcf88baf68 Resolver support return promise 2016-05-02 17:47:14 -04:00
Supasate Choochaisri 0ca24389b2 Add new feature to emit a `remoteMethodDisabled` event when disabling a remote method.
Signed-off-by: Supasate Choochaisri <supasate.c@gmail.com>
2016-04-28 09:03:54 +07:00
Benjamin Kröger 9e0405de9f Allow built-in token middleware to run repeatedly
Add two new options:

  - When `enableDoublecheck` is true, the middleware will run
    even if a previous middleware has already set `req.accessToken`
    (possibly to `null` for anonymous requests)

  - When `overwriteExistingToken` is true (and `enableDoublecheck` too),
    the middleware will overwrite `req.accessToken` set by a previous
    middleware instances.
2016-04-06 15:44:20 +02:00
Miroslav Bajtoš f9702b0ace Use eslint with loopback config
Drop jshint and jscs in favour of eslint.

Fix style violations.

While we are at this, reduce the max line length from 150 to 100.
2016-04-06 10:45:30 +02:00
Candy b5b900e0ff Remove constraint making isStatic required 2016-03-30 11:16:32 -04:00