Commit Graph

115 Commits

Author SHA1 Message Date
David Cheung d544ae1bf8 Support uniqueness for realm users 2016-09-20 11:26:56 -04:00
Loay bcc2d99a95 Invalidate sessions after email change 2016-09-19 10:24:30 -04:00
Miroslav Bajtoš 21ff383eb3 Fix double-slash in confirmation URL
Fix the code building the URL used in the email-verification email
to prevent double-slash in the URL when e.g. restApiRoot is '/'.

Before:

  http://example.com//users/confirm?...

Now:

  http://example.com/users/confirm?...
2016-09-13 08:52:49 +02:00
Miroslav Bajtoš 9a75ee6f30 Rework email validation to use isemail
Drop hand-crafted RegExp in favour of a 3rd-party module that supports
RFC5321, RFC5322 and other relevant standards.
2016-09-06 14:09:00 +02:00
Setogit 0f5136d072 Apply g.f to literal strings 2016-08-27 22:42:21 -07:00
Loay 5567917c12 Allow resetPassword if emailVerified 2016-08-26 13:11:42 -04:00
Miroslav Bajtoš eec326dc80 Revert globalization of Swagger descriptions 2016-08-15 11:06:05 +02:00
Loay 7aebf0d132 Add bcrypt validation 2016-08-12 21:34:50 -04:00
Candy bb9a1b5b24 Update globalization string 2016-08-05 15:49:43 -04:00
Candy b52a7217a9 Add globalization 2016-08-04 15:08:16 -04:00
Loay 8f7e032a01 Update user.js 2016-07-25 00:55:55 -04:00
Loay b53a22bfb3 Fix security issue 580 2016-07-22 17:48:57 -04:00
Loay ec51e833b6 Fix verificationToken bug 2016-06-17 10:21:59 -04:00
David Cheung 817e76e424 Remove unused UserModel properties
- credentials
- challenges
- status
- created
- lastUpdated
2016-05-10 14:29:08 -04:00
Rik 341390a74e Update user.js
allow to change all {href} instances in user.verify() mail into generated url instead of just one
2016-05-08 13:10:56 +02:00
Ryan Graham 6964914bab
update copyright statements 2016-05-03 15:50:21 -07:00
Miroslav Bajtoš f9702b0ace Use eslint with loopback config
Drop jshint and jscs in favour of eslint.

Fix style violations.

While we are at this, reduce the max line length from 150 to 100.
2016-04-06 10:45:30 +02:00
Jue Hou eb09681f21 promise docs
Add promise jsdoc in loopback
2016-04-04 12:35:35 -04:00
Candy 0e637962d5 Use new strong-remoting API 2016-02-05 11:11:38 -05:00
Jue Hou 865789017d Fix description for User.prototype.hasPassword 2016-01-11 14:28:10 -05:00
Miroslav Bajtoš 6d040a98ae Merge pull request #1804 from richardpringle/master
Add case-sensitive email option for User model
2015-12-08 12:47:58 +01:00
David Cheung c4917819af Adding properties description for User Model
- Added description for `realm` `created` `lastUpdated` `status`
- End of line for descriptions to be peroid
2015-12-04 14:55:01 -05:00
Richard Pringle 2cca83c4ff Add case-sensitve email option for User model. 2015-12-03 13:18:49 -05:00
Simo Moujami 403e677155 Fix user.resetPassword to fail on email not found 2015-11-02 12:55:24 +01:00
Samuel Gaus 351b8026a0 Do not include redundant ports in verify links
If the protocol and port match we can ignore the port for a more
visually appealing link.
2015-10-12 16:24:30 +02:00
Felipe Oliveira Carvalho 355ff8ee41 Update comment about user ACL to reflect implementation 2015-09-11 21:57:55 -03:00
Farid Nouri Neshat 1cc25923a7 Fix options.to assertion message in user.verify 2015-08-27 00:25:09 +08:00
Miroslav Bajtoš 004baad44c Merge pull request #1501 from digitalsadhu/master
Add missing . to user model property descriptions
2015-08-06 09:40:22 +02:00
Miroslav Bajtoš aa5c9e3628 Merge pull request #1493 from PradnyaBaviskar/issue418-userModel
Promisify User model
2015-08-04 10:32:44 +02:00
Berkeley Martinez 68fd106510 fix exit early when password is non-string
closes #1437
2015-07-29 13:14:06 -07:00
Pradnya Baviskar dc987a59a9 Promisify User model 2015-07-14 13:01:46 +05:30
Richard Walker 83dca3e838 Add missing . to user model property descriptions 2015-07-04 22:30:45 +02:00
Alexandru Savin f70c209526 Pass the full options object to the email send method in user verification process. 2015-05-06 15:52:07 +02:00
Miroslav Bajtoš 03d9f64c82 Fix remoting metadata for User.login#include
Change the type of the "include" argument to "string array".

The type used to be "string" before and thus requests sending multiple
include items were technically incorrect.
2015-04-24 08:58:30 +02:00
Edmond Lau ef7c1439b6 fixed the missing '.' in various description fields. 2015-04-15 09:47:38 -04:00
Miroslav Bajtoš b61fae58f6 Merge pull request #1272 from strongloop/feature/after-remote-error-hook
Model.afterRemoteError hook
2015-04-07 09:47:51 +02:00
Ritchie Martori b9170751bc Add support for app level Model isolation
- `loopback.registry` is now a true global registry
 - `app.registry` is unique per app object
 - `Model.registry` is set when a Model is created using any registry method
 - `loopback.localRegistry` and `loopback({localRegistry: true})` when set to `true` this will create a `Registry` per `Application`. It defaults to `false`.
2015-04-03 11:48:45 -07:00
Miroslav Bajtoš a71c8253e2 Code cleanup, add Model._runWhenAttachedToApp 2015-04-03 10:06:49 +02:00
jakerella 713001913e Ability to pass in custom verification token generator
This commit adds the ability for the developer to use a custom token generator function for the user.verify(...) method. By default, the system will still use the crypto.randomBytes() method if no option is provided.
2015-03-19 16:56:38 -04:00
Raymond Feng 78550a9bc5 Pass options from User.login to createAccessToken
It will allow subclass of User to create access token based on additional
properties such as 'scope'.
2015-03-02 14:48:08 -08:00
Miroslav Bajtoš 3c43eccac7 Merge pull request #1120 from PradnyaBaviskar/lb-issue-416
Fix "User.confirm" to always call afterRemote hook

Close #1120
2015-02-25 14:26:07 +01:00
Pradnya Baviskar 8766d4a68d Fix "User.confirm" to always call afterRemote hook
Make the "redirect" parameter optional. When the parameter is not
specified, the server responds with an empty response (204). This allows
API clients to call the method without the need to handle redirects
and HTML responses.

Even when the "redirect" parameter is included, the builtin afterRemote
hook still calls next(), so that user-provided afterRemote hooks
are executed too.
2015-02-25 14:20:47 +01:00
Raymond Feng 13e618bff2 Skip hashing password if it's already hashed
See https://github.com/strongloop/loopback-datasource-juggler/issues/471
2015-02-24 16:36:51 -08:00
crandmck a82b33ec5c Add docs for settings per #1069 2015-02-23 13:13:52 -08:00
Ritchie Martori 4b6dcd6271 Document user settings 2015-02-04 14:09:01 -08:00
Miroslav Bajtoš a77b3bbac7 Remove usages of deprecated `req.param()`
Express has recently deprecated `req.param()` to force developers
to be explicit about the source of the value. To avoid deprecation
warnings, this commit replaces all calls of `req.param()` with a
simplified inline version.
2015-01-21 19:27:53 +01:00
Ron Edgecomb a028d9d198 Add error code property to known error responses.
Enhance the error objects with a `code` property containing
a machine-readable string code describing the error, for example
INVALID_TOKEN or USER_NOT_FOUND.

Also improve 404 error messages to include the model name.
2015-01-21 19:04:47 +01:00
Ritchie Martori e0e9d6ecff Merge pull request #943 from BerkeleyTrue/refactor/user-remote-method
Use User.remoteMethod instead of loopbacks method
2015-01-13 10:20:43 -08:00
Raymond Feng f5eac871fd Merge branch 'master' of https://github.com/greaterweb/loopback into greaterweb-master 2015-01-07 16:35:00 -08:00
Raymond Feng 90fd62ec0a Merge pull request #941 from strongloop/feature/workaround-issue-251
Allow User.hashPassword/validatePassword to be overridden
2015-01-07 14:01:03 -08:00
Raymond Feng b7db9808b2 Allow User.hashPassword/validatePassword to be overridden
See https://github.com/strongloop/loopback/issues/251
2015-01-06 16:03:30 -08:00
Berkeley Martinez 4fc07fe125 Use User.remoteMethod instead of loopbacks method
This is needed for loopback-connector-remote authorization.
Addresses https://github.com/strongloop/loopback/issues/622.
2015-01-06 08:18:57 -08:00
Ron Edgecomb dc055e5559 Require valid login credentials before verified email check.
- strongloop/loopback#931.
2015-01-05 18:40:59 -05:00
Clark Wang 2f9400fc87 fix User.settings.ttl can't be overridden in sub model
Signed-off-by: Clark Wang <clark.wangs@gmail.com>
2014-12-28 16:02:37 +08:00
Raymond Feng cb2f40bb86 Fix bcrypt issues for browserify 2014-12-08 14:59:21 -08:00
Raymond Feng 1e932e72ed Allow native bcrypt for performance
See https://github.com/strongloop/loopback/issues/892
2014-12-03 09:03:36 -08:00
Miroslav Bajtoš dc762d2514 common: coding style cleanup 2014-11-04 13:52:49 +01:00
Raymond Feng 842d9b0bcd Fix the jsdoc for User.login 2014-11-03 14:07:19 -08:00
Miroslav Bajtoš fec8234c4c Merge pull request #616 from jpizarrom/master
added email custom headers in user verify
2014-10-24 19:51:10 +02:00
Juan Pizarro 4098bec2c6 User: custom email headers in verify 2014-10-24 14:42:49 -03:00
Raymond Feng 46d1430023 Add realm support 2014-10-23 11:10:39 -07:00
Miroslav Bajtoš 20026a9d04 Fix places using undefined variables
Also enable jshint option "undefined" in order to catch these kind
of errors in the future.
2014-10-15 16:44:00 +02:00
crandmck 2f4a54d93c Clean up jsdoc comments
Add class properties, expose some methods that should have
been documented, etc.
2014-10-15 09:42:24 +02:00
Miroslav Bajtoš 920d3be6a3 models: move User LDL def into `user.json` 2014-10-14 08:58:17 +02:00
Miroslav Bajtoš 1fe0110849 Dismantle `lib/models`.
- Move core models `Model` and `PersistedModel` to `lib/`.
 - Move `AccessContext` class to `lib/`, since it is not a model.
 - Move all other built-in models to `common/models`.

This is a preparation for extracting model definitions to JSON files.
By splitting the change into multiple commits, git is able to keep track
of file moves (renames).
2014-10-13 12:09:27 +02:00