Loay
bcc2d99a95
Invalidate sessions after email change
2016-09-19 10:24:30 -04:00
Miroslav Bajtoš
21ff383eb3
Fix double-slash in confirmation URL
...
Fix the code building the URL used in the email-verification email
to prevent double-slash in the URL when e.g. restApiRoot is '/'.
Before:
http://example.com//users/confirm ?...
Now:
http://example.com/users/confirm ?...
2016-09-13 08:52:49 +02:00
Miroslav Bajtoš
92a5a08671
test/user: don't attach User model twice
2016-09-09 09:02:41 +02:00
Miroslav Bajtoš
9a75ee6f30
Rework email validation to use isemail
...
Drop hand-crafted RegExp in favour of a 3rd-party module that supports
RFC5321, RFC5322 and other relevant standards.
2016-09-06 14:09:00 +02:00
Loay
5567917c12
Allow resetPassword if emailVerified
2016-08-26 13:11:42 -04:00
Loay
7aebf0d132
Add bcrypt validation
2016-08-12 21:34:50 -04:00
Miroslav Bajtoš
7546ee531d
Update dependencies to their latest versions
2016-08-03 16:17:58 +02:00
jannyHou
17a046d7a1
Increase timeout
2016-07-29 14:54:34 -04:00
Loay
0fa3327112
Fix test case error
2016-07-26 10:26:44 -04:00
Loay
b53a22bfb3
Fix security issue 580
2016-07-22 17:48:57 -04:00
Loay
ec51e833b6
Fix verificationToken bug
2016-06-17 10:21:59 -04:00
David Cheung
ddb5327e64
Update tests for strong-error-handler
...
Fix rest-adapter related test case switching to strong-error-handler
Only affect the test-cases calling rest methods
2016-06-07 13:26:18 -04:00
David Cheung
817e76e424
Remove unused UserModel properties
...
- credentials
- challenges
- status
- created
- lastUpdated
2016-05-10 14:29:08 -04:00
Supasate Choochaisri
04e26fae5c
Separate error-checking and next/done logic from other logic in the test suite
...
Signed-off-by: Supasate Choochaisri <supasate.c@gmail.com>
2016-05-05 11:12:48 +07:00
Ryan Graham
6964914bab
update copyright statements
2016-05-03 15:50:21 -07:00
Miroslav Bajtoš
095dce0373
test/user: use local registry
...
Rework User tests to not depend on `app.autoAttach()` and global shared
registry of Models. Instead, each tests creates a fresh app instance
with a new in-memory datasource and a new set of Models.
2016-05-03 14:01:39 +02:00
Miroslav Bajtoš
f9702b0ace
Use eslint with loopback config
...
Drop jshint and jscs in favour of eslint.
Fix style violations.
While we are at this, reduce the max line length from 150 to 100.
2016-04-06 10:45:30 +02:00
Ryan Graham
ab5254fcba
test: remove errant console.log from test
...
Using console.log like this can result in invalid xml when the xunit
reporter is used.
2016-02-04 08:35:37 -08:00
Samuel Gaus
2741d50342
Hide verificationToken
...
We should never be showing this publically.
Adds unit test for hiding verification token.
2016-01-12 15:48:03 +00:00
Richard Pringle
2cca83c4ff
Add case-sensitve email option for User model.
2015-12-03 13:18:49 -05:00
Simo Moujami
403e677155
Fix user.resetPassword to fail on email not found
2015-11-02 12:55:24 +01:00
Samuel Gaus
351b8026a0
Do not include redundant ports in verify links
...
If the protocol and port match we can ignore the port for a more
visually appealing link.
2015-10-12 16:24:30 +02:00
Pradnya Baviskar
dc987a59a9
Promisify User model
2015-07-14 13:01:46 +05:30
Raymond Feng
12e19e36ea
Upgrade test fixtures to use LB 2.x layout
2015-04-20 09:23:44 -07:00
Miroslav Bajtoš
699bc7aa97
test: remove global autoAttach
2015-04-07 15:25:18 +02:00
jakerella
713001913e
Ability to pass in custom verification token generator
...
This commit adds the ability for the developer to use a custom token generator function for the user.verify(...) method. By default, the system will still use the crypto.randomBytes() method if no option is provided.
2015-03-19 16:56:38 -04:00
Raymond Feng
78550a9bc5
Pass options from User.login to createAccessToken
...
It will allow subclass of User to create access token based on additional
properties such as 'scope'.
2015-03-02 14:48:08 -08:00
Miroslav Bajtoš
3c43eccac7
Merge pull request #1120 from PradnyaBaviskar/lb-issue-416
...
Fix "User.confirm" to always call afterRemote hook
Close #1120
2015-02-25 14:26:07 +01:00
Pradnya Baviskar
8766d4a68d
Fix "User.confirm" to always call afterRemote hook
...
Make the "redirect" parameter optional. When the parameter is not
specified, the server responds with an empty response (204). This allows
API clients to call the method without the need to handle redirects
and HTML responses.
Even when the "redirect" parameter is included, the builtin afterRemote
hook still calls next(), so that user-provided afterRemote hooks
are executed too.
2015-02-25 14:20:47 +01:00
Raymond Feng
13e618bff2
Skip hashing password if it's already hashed
...
See https://github.com/strongloop/loopback-datasource-juggler/issues/471
2015-02-24 16:36:51 -08:00
Miroslav Bajtoš
c2236c393b
Upgrade jscs to ~1.11 via grunt-jscs ^1.5
2015-02-20 15:31:15 +01:00
Raymond Feng
a18fa176a8
Fix the test case
2015-01-30 08:52:45 -08:00
Ron Edgecomb
a028d9d198
Add error code property to known error responses.
...
Enhance the error objects with a `code` property containing
a machine-readable string code describing the error, for example
INVALID_TOKEN or USER_NOT_FOUND.
Also improve 404 error messages to include the model name.
2015-01-21 19:04:47 +01:00
Raymond Feng
f5eac871fd
Merge branch 'master' of https://github.com/greaterweb/loopback into greaterweb-master
2015-01-07 16:35:00 -08:00
Raymond Feng
90fd62ec0a
Merge pull request #941 from strongloop/feature/workaround-issue-251
...
Allow User.hashPassword/validatePassword to be overridden
2015-01-07 14:01:03 -08:00
Raymond Feng
b7db9808b2
Allow User.hashPassword/validatePassword to be overridden
...
See https://github.com/strongloop/loopback/issues/251
2015-01-06 16:03:30 -08:00
Ron Edgecomb
62bb63b4f2
Additional password reset unit tests for API and REST
...
- strongloop/loopback#944
2015-01-06 10:31:53 -05:00
Ron Edgecomb
9ac620c113
Small formatting update to have consistency with identical logic in other areas.
...
- strongloop/loopback#944
2015-01-06 10:31:52 -05:00
Ron Edgecomb
36112d2b50
Simplify the API test for invalidCredentials (removed create), move above REST calls for better grouping of tests
...
- strongloop/loopback#944
2015-01-06 10:31:52 -05:00
Ron Edgecomb
e4a1baa4a3
Force request to send body as string, this ensures headers aren't automatically set to application/json
...
- strongloop/loopback#944
2015-01-06 10:31:52 -05:00
Ron Edgecomb
572a8bb423
Ensure error checking logic is in place for all REST calls, expand formatting for consistency with existing instances.
...
- strongloop/loopback#944
2015-01-06 10:31:52 -05:00
Ron Edgecomb
6de1da5d22
Correct invalidCredentials so that it differs from validCredentialsEmailVerified, unit test now passes as desired.
...
- strongloop/loopback#944
2015-01-06 10:31:52 -05:00
Ron Edgecomb
3b4cadf7a3
Update to demonstrate unit test is actually failing due to incorrect values of invalidCredentials
...
- strongloop/loopback#944
2015-01-06 10:31:52 -05:00
Ron Edgecomb
70f576b452
API and REST tests added to ensure complete and valid credentials are supplied for verified error message to be returned
...
- tests added as suggested and fail under previous version of User model
- strongloop/loopback#931
2015-01-05 18:40:59 -05:00
Clark Wang
2f9400fc87
fix User.settings.ttl can't be overridden in sub model
...
Signed-off-by: Clark Wang <clark.wangs@gmail.com>
2014-12-28 16:02:37 +08:00
Rob Halff
36e1f6840c
fix jscs errors
2014-11-21 03:35:36 +01:00
Rob Halff
918497c365
singlequote, semicolon & /*jshint -W030 */
2014-11-21 02:46:21 +01:00
Miroslav Bajtoš
fec8234c4c
Merge pull request #616 from jpizarrom/master
...
added email custom headers in user verify
2014-10-24 19:51:10 +02:00
Juan Pizarro
4098bec2c6
User: custom email headers in verify
2014-10-24 14:42:49 -03:00
Raymond Feng
b98ada282f
Merge pull request #660 from strongloop/feature/add-realm-support
...
Add realm support
2014-10-24 08:27:28 -07:00
Raymond Feng
46d1430023
Add realm support
2014-10-23 11:10:39 -07:00
Miroslav Bajtoš
b57cd3e409
User: fix `confirm` permissions
...
Enable authentication for all User unit-tests to check that the ACLs are
correctly configured.
Fix the rule for `confirm` - the correct permission is `ALLOW`, not
`ACL.ALLOW`.
2014-10-23 13:19:43 +02:00
Miroslav Bajtoš
b1e0edb22b
test: verify exported models
2014-10-14 08:58:17 +02:00
Alexander Ryzhikov
58538f02b7
user#login include server crash fix
...
Signed-off-by: Alexander Ryzhikov <coobaha@gmail.com>
2014-09-03 09:58:49 +04:00
Raymond Feng
567e2530d7
Build the email verification url from app context
...
https://github.com/strongloop/loopback/issues/408
2014-07-26 22:39:42 -07:00
Raymond Feng
335bae4b46
Merge branch 'master' into feature/fix-issue-377
2014-07-22 10:49:20 -07:00
Raymond Feng
21b8609ee2
Report error for User.confirm()
...
See https://github.com/strongloop/loopback/issues/377
2014-07-22 10:42:22 -07:00
Raymond Feng
74e9ff75e3
Merge pull request #385 from offlinehacker/master
...
Validate username uniqueness
2014-07-21 15:26:01 -07:00
Jaka Hudoklin
90094e5e86
Validate username uniqueness
...
Signed-off-by: Jaka Hudoklin <jakahudoklin@gmail.com>
2014-07-19 14:18:21 +02:00
Raymond Feng
e5b64c6143
Upgrade to nodemailer 1.0.1
2014-07-16 12:40:15 -07:00
Raymond Feng
7b36196561
Merge pull request #362 from strongloop/feature/remoting-add-remove
...
Add a test case for hasMany through add/remove remoting
2014-07-15 16:15:27 -07:00
Raymond Feng
54b13f4feb
Upgrade to loopback-datasource-juggler@1.7.0
2014-07-15 16:15:02 -07:00
Raymond Feng
76b6dc10d9
Add a test case for credentials/challenges
2014-07-15 08:20:47 -07:00
Raymond Feng
74a39f3fc2
Refactor email verification tests into a new group
2014-07-08 08:54:50 -07:00
Raymond Feng
0c67b1e781
Add an option to honor emailVerified
...
See https://github.com/strongloop/loopback/pull/215
2014-07-07 14:09:45 -07:00
Raymond Feng
6b4ebdf609
Allow the creation of access token to be overriden
2014-06-09 14:53:55 -07:00
Ritchie Martori
7eeed19bf0
Relax validation object test
2014-05-20 14:39:28 -07:00
Raymond Feng
89aa3595f5
Set the correct status code for User.login
...
See https://github.com/strongloop/loopback/issues/118
2014-02-28 13:19:52 -08:00
Raymond Feng
46b579dc4a
Make sure User/AccessToken relations are set up by default
...
User.login assumes the relation User.accessTokens exists
2014-02-14 10:31:30 -08:00
Miroslav Bajtoš
d6f0b5f5a6
Add `include=user` param to `User.login`
...
Allow LB clients to get details of the currently logged-in user
as part of the login response.
Improve method's `description` to mention this new option.
2014-01-30 18:09:54 +01:00
Ritchie Martori
86a85291ac
Fix user test race condition
2014-01-23 14:39:15 -08:00
Ritchie Martori
9f2651578b
fixup - Include accessToken in user logout tests
2013-12-17 21:34:30 -08:00
Ritchie Martori
af2b8dd4ff
Merge feature/password-reset
2013-12-06 17:35:14 -08:00
Raymond Feng
23add99f12
Fix the test assertion as the error message is changed.
2013-12-04 14:41:25 -08:00
Ritchie Martori
2f9403016c
Initial auth implementation
2013-11-22 12:26:59 -08:00
Ritchie Martori
e92c46a4e4
Add password reset
2013-11-20 14:20:47 -08:00
Ritchie Martori
cb39ae7adb
Debugging odd defineFK behavior
2013-11-19 10:29:02 -08:00
Ritchie Martori
da0545bed6
Initial auto wiring for model dataSources
2013-11-18 16:13:40 -08:00
Raymond Feng
9bc762c09c
Update dependencies
2013-11-14 21:19:57 -08:00
Ritchie Martori
1de2a40e88
Update AccessToken and User relationship
...
- Add created default
- Default TTLs for user login access tokens
- Break out User / AccessToken relationship
2013-11-14 19:41:29 -08:00
Ritchie Martori
64d8ff986b
Add loopback.token() middleware
2013-11-14 13:01:47 -08:00
Ritchie
77a137eca6
Rename Session => AccessToken
2013-11-14 10:05:13 -08:00
Ritchie Martori
a3f1d8d944
Refactor email model into mail connector
2013-10-14 10:54:55 -07:00
Raymond Feng
757803f203
Fix the test as DAO now ignores undefined value for query
2013-10-11 13:40:08 -07:00
Ritchie Martori
423b4f2157
Fix login query
2013-07-28 14:33:13 -07:00
Ritchie Martori
7f1e88e816
Implement required and update invlaid id schemas
2013-07-28 13:20:55 -07:00
Ritchie Martori
0f3ad00086
Remove auth middleware and passport until adding in acl and strategies
2013-07-28 10:11:29 -07:00
Ritchie Martori
89f65d792f
Clean up log out methods
2013-07-28 10:08:06 -07:00
Ritchie
8a7086be5c
Add root true to remote methods
2013-07-24 17:21:15 -07:00
Ritchie Martori
253d42a8e8
Cleanup test markdown
2013-07-16 13:41:17 -07:00
Raymond Feng
2f773115fe
rename asteroid to loopback
2013-07-16 11:02:06 -07:00
Ritchie Martori
49da6f4249
Fix login bug.
2013-07-15 18:22:33 -07:00
Ritchie Martori
aa8d1bb853
Added bcrypt for password hashing
2013-07-15 14:07:17 -07:00
Ritchie Martori
acfaee2fb0
Remove data argument name from user tests
2013-07-15 10:56:42 -07:00
Ritchie Martori
d9b5daba0e
Validate uniqueness and format of User email.
2013-07-12 17:03:13 -07:00
Ritchie Martori
16617a3737
Add user.logout() sugar method and update logout docs
2013-07-12 16:10:15 -07:00
Ritchie Martori
a09b527000
Create 64 byte session ids
2013-07-12 15:47:58 -07:00
Ritchie Martori
a22cf5f4af
Update docs and add asteroid.memory() sugar api
...
- added asteroid.memory()
- added default session and email models to user model
2013-07-12 12:40:36 -07:00
Ritchie Martori
fc0777de08
Add basic email verification
2013-07-03 13:40:14 -07:00
Ritchie Martori
8387a68b85
Initial users
2013-07-03 13:40:13 -07:00