verdnatura-mirror
/
loopback
mirror of https://github.com/strongloop/loopback.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,867 Commits 62 Branches 176 Tags 11 MiB
Commit Graph

70 Commits

Author SHA1 Message Date
Miroslav Bajtoš afd6dd7073 Preserve current session when invalidating tokens 
Fix User model to preserve the current session (provided via
"options.accessToken") when invalidating access tokens after a change
of email or password property.
 2017-01-16 11:02:29 +01:00
Sergey Reus 5233dcb557 Emit resetPasswordRequest event with options 2017-01-05 15:36:01 +01:00
박대선 659e9ce09b Fix false emailVerified on user model update 
We noticed that every time the user model updates, the emailVerified
column would change to false, even though the email was not changed
at all.

I took a look and realized there might be an error in
https://github.com/strongloop/loopback/commit/eb640d8

The intent of the commit just mention is to make emailVerified false
when the email gets changed, but notice that ctx.data.email is null
on updates, so the condition is always met and emailVerified always
becomes false.

This commit fixes the issue just mentioned.
 2017-01-05 11:08:35 +01:00
Miroslav Bajtoš 4ee086dcd0 Invalidate AccessTokens on password change 
Invalidate all existing sessions (delete all access tokens)
after user's password was changed.
 2016-12-12 13:58:20 +01:00
Miroslav Bajtoš 01b2faf14a Fix registration of operation hooks in User model 
Operation hooks are inherited by subclassed models, therefore they must
be registered outside of `Model.setup()` function.

This commit fixes this problem in the built-in User model.

There are not tests verifying this change, as writing a test would be
too cumbersome and not worth the cost IMO.
 2016-12-09 14:21:38 +01:00
Miroslav Bajtoš 4d41c67c54 Remove "options.template" from Email payload 
Fix User.confirm to exclude "options.template" when sending the
confirmation email. Certain nodemailer transport plugins are rejecting
such requests.
 2016-12-07 10:54:17 +01:00
Bram Borggreve e7831f6c4d
Allow password reset request for users in realms 2016-11-30 16:57:59 -05:00
Adrien Kiren 5c1558f969 Add templateFn option to User#verify() 2016-11-15 13:46:35 +01:00
Loay 67e5c6ec1e Require verification after email change 
When the User model is configured to require email verification,
then any change of the email address should trigger re-verification.
 2016-11-09 11:51:37 -05:00
Dhaval Trivedi 6e880137e4 adding check of string for case insensitive emails 2016-11-04 10:35:08 -04:00
Loay bdeaf654fa Validate non-email property partial update 2016-10-03 16:53:36 -04:00
Loay 59eeb99803 Allow resetPassword if email is verified 2016-09-20 11:29:56 -04:00
Loay fa310d5882 Invalidate sessions after email change 2016-09-19 14:55:23 -04:00
Miroslav Bajtoš 3df5b2814c Fix double-slash in confirmation URL 
Fix the code building the URL used in the email-verification email
to prevent double-slash in the URL when e.g. restApiRoot is '/'.

Before:

  http://example.com//users/confirm?...

Now:

  http://example.com/users/confirm?...
 2016-09-12 17:12:24 +02:00
Miroslav Bajtoš 381222bf7a Rework email validation to use isemail 
Drop hand-crafted RegExp in favour of a 3rd-party module that supports
RFC5321, RFC5322 and other relevant standards.
 2016-09-06 13:00:27 +02:00
Candy 069d3e8f2f Apply g.f to literal strings 
Backport #2684
 2016-08-29 10:40:36 -04:00
Miroslav Bajtoš 7932d75c44 Revert globalization of Swagger descriptions 2016-08-16 14:02:41 +02:00
Loay d8aa6bdf00 Add bcrypt validation 
https://github.com/strongloop/loopback/pull/2580
 2016-08-15 09:55:23 -04:00
Candy 3767940472 Backport of #2407 2016-08-05 11:55:32 -04:00
Miroslav Bajtoš fea3b781a0 Update dependencies to their latest versions 2016-08-05 10:54:42 +02:00
Loay 619372e51e Backport/Fix security issue 580 2016-07-25 11:06:19 -04:00
Jue Hou 8fe77b2a06 Fix description for User.prototype.hasPassword 2016-06-17 17:35:28 -04:00
Loay 4480cd92ab Fix verificationToken bug #2440 2016-06-17 11:16:06 -04:00
Rik 7868803711 Update user.js 
allow to change all {href} instances in user.verify() mail into generated url instead of just one
 2016-05-09 12:32:05 -07:00
Ryan Graham 4d6f2e7ab7
update/insert copyright notices 2016-05-03 17:10:46 -07:00
Miroslav Bajtoš 6d040a98ae Merge pull request #1804 from richardpringle/master 
Add case-sensitive email option for User model
 2015-12-08 12:47:58 +01:00
David Cheung c4917819af Adding properties description for User Model 
- Added description for `realm` `created` `lastUpdated` `status`
- End of line for descriptions to be peroid
 2015-12-04 14:55:01 -05:00
Richard Pringle 2cca83c4ff Add case-sensitve email option for User model. 2015-12-03 13:18:49 -05:00
Simo Moujami 403e677155 Fix user.resetPassword to fail on email not found 2015-11-02 12:55:24 +01:00
Samuel Gaus 351b8026a0 Do not include redundant ports in verify links 
If the protocol and port match we can ignore the port for a more
visually appealing link.
 2015-10-12 16:24:30 +02:00
Felipe Oliveira Carvalho 355ff8ee41 Update comment about user ACL to reflect implementation 2015-09-11 21:57:55 -03:00
Farid Nouri Neshat 1cc25923a7 Fix options.to assertion message in user.verify 2015-08-27 00:25:09 +08:00
Miroslav Bajtoš 004baad44c Merge pull request #1501 from digitalsadhu/master 
Add missing . to user model property descriptions
 2015-08-06 09:40:22 +02:00
Miroslav Bajtoš aa5c9e3628 Merge pull request #1493 from PradnyaBaviskar/issue418-userModel 
Promisify User model
 2015-08-04 10:32:44 +02:00
Berkeley Martinez 68fd106510 fix exit early when password is non-string 
closes #1437
 2015-07-29 13:14:06 -07:00
Pradnya Baviskar dc987a59a9 Promisify User model 2015-07-14 13:01:46 +05:30
Richard Walker 83dca3e838 Add missing . to user model property descriptions 2015-07-04 22:30:45 +02:00
Alexandru Savin f70c209526 Pass the full options object to the email send method in user verification process. 2015-05-06 15:52:07 +02:00
Miroslav Bajtoš 03d9f64c82 Fix remoting metadata for User.login#include 
Change the type of the "include" argument to "string array".

The type used to be "string" before and thus requests sending multiple
include items were technically incorrect.
 2015-04-24 08:58:30 +02:00
Edmond Lau ef7c1439b6 fixed the missing '.' in various description fields. 2015-04-15 09:47:38 -04:00
Miroslav Bajtoš b61fae58f6 Merge pull request #1272 from strongloop/feature/after-remote-error-hook 
Model.afterRemoteError hook
 2015-04-07 09:47:51 +02:00
Ritchie Martori b9170751bc Add support for app level Model isolation 
- `loopback.registry` is now a true global registry
 - `app.registry` is unique per app object
 - `Model.registry` is set when a Model is created using any registry method
 - `loopback.localRegistry` and `loopback({localRegistry: true})` when set to `true` this will create a `Registry` per `Application`. It defaults to `false`.
 2015-04-03 11:48:45 -07:00
Miroslav Bajtoš a71c8253e2 Code cleanup, add Model._runWhenAttachedToApp 2015-04-03 10:06:49 +02:00
jakerella 713001913e Ability to pass in custom verification token generator 
This commit adds the ability for the developer to use a custom token generator function for the user.verify(...) method. By default, the system will still use the crypto.randomBytes() method if no option is provided.
 2015-03-19 16:56:38 -04:00
Raymond Feng 78550a9bc5 Pass options from User.login to createAccessToken 
It will allow subclass of User to create access token based on additional
properties such as 'scope'.
 2015-03-02 14:48:08 -08:00
Miroslav Bajtoš 3c43eccac7 Merge pull request #1120 from PradnyaBaviskar/lb-issue-416 
Fix "User.confirm" to always call afterRemote hook

Close #1120
 2015-02-25 14:26:07 +01:00
Pradnya Baviskar 8766d4a68d Fix "User.confirm" to always call afterRemote hook 
Make the "redirect" parameter optional. When the parameter is not
specified, the server responds with an empty response (204). This allows
API clients to call the method without the need to handle redirects
and HTML responses.

Even when the "redirect" parameter is included, the builtin afterRemote
hook still calls next(), so that user-provided afterRemote hooks
are executed too.
 2015-02-25 14:20:47 +01:00
Raymond Feng 13e618bff2 Skip hashing password if it's already hashed 
See https://github.com/strongloop/loopback-datasource-juggler/issues/471
 2015-02-24 16:36:51 -08:00
crandmck a82b33ec5c Add docs for settings per #1069 2015-02-23 13:13:52 -08:00
Ritchie Martori 4b6dcd6271 Document user settings 2015-02-04 14:09:01 -08:00