Commit Graph

150 Commits

Author SHA1 Message Date
Loay bcc2d99a95 Invalidate sessions after email change 2016-09-19 10:24:30 -04:00
Miroslav Bajtoš 21ff383eb3 Fix double-slash in confirmation URL
Fix the code building the URL used in the email-verification email
to prevent double-slash in the URL when e.g. restApiRoot is '/'.

Before:

  http://example.com//users/confirm?...

Now:

  http://example.com/users/confirm?...
2016-09-13 08:52:49 +02:00
Miroslav Bajtoš 92a5a08671 test/user: don't attach User model twice 2016-09-09 09:02:41 +02:00
Miroslav Bajtoš 9a75ee6f30 Rework email validation to use isemail
Drop hand-crafted RegExp in favour of a 3rd-party module that supports
RFC5321, RFC5322 and other relevant standards.
2016-09-06 14:09:00 +02:00
Loay 5567917c12 Allow resetPassword if emailVerified 2016-08-26 13:11:42 -04:00
Loay 7aebf0d132 Add bcrypt validation 2016-08-12 21:34:50 -04:00
Miroslav Bajtoš 7546ee531d Update dependencies to their latest versions 2016-08-03 16:17:58 +02:00
jannyHou 17a046d7a1 Increase timeout 2016-07-29 14:54:34 -04:00
Loay 0fa3327112 Fix test case error 2016-07-26 10:26:44 -04:00
Loay b53a22bfb3 Fix security issue 580 2016-07-22 17:48:57 -04:00
Loay ec51e833b6 Fix verificationToken bug 2016-06-17 10:21:59 -04:00
David Cheung ddb5327e64 Update tests for strong-error-handler
Fix rest-adapter related test case switching to strong-error-handler
Only affect the test-cases calling rest methods
2016-06-07 13:26:18 -04:00
David Cheung 817e76e424 Remove unused UserModel properties
- credentials
- challenges
- status
- created
- lastUpdated
2016-05-10 14:29:08 -04:00
Supasate Choochaisri 04e26fae5c Separate error-checking and next/done logic from other logic in the test suite
Signed-off-by: Supasate Choochaisri <supasate.c@gmail.com>
2016-05-05 11:12:48 +07:00
Ryan Graham 6964914bab
update copyright statements 2016-05-03 15:50:21 -07:00
Miroslav Bajtoš 095dce0373 test/user: use local registry
Rework User tests to not depend on `app.autoAttach()` and global shared
registry of Models. Instead, each tests creates a fresh app instance
with a new in-memory datasource and a new set of Models.
2016-05-03 14:01:39 +02:00
Miroslav Bajtoš f9702b0ace Use eslint with loopback config
Drop jshint and jscs in favour of eslint.

Fix style violations.

While we are at this, reduce the max line length from 150 to 100.
2016-04-06 10:45:30 +02:00
Ryan Graham ab5254fcba test: remove errant console.log from test
Using console.log like this can result in invalid xml when the xunit
reporter is used.
2016-02-04 08:35:37 -08:00
Samuel Gaus 2741d50342 Hide verificationToken
We should never be showing this publically.

Adds unit test for hiding verification token.
2016-01-12 15:48:03 +00:00
Richard Pringle 2cca83c4ff Add case-sensitve email option for User model. 2015-12-03 13:18:49 -05:00
Simo Moujami 403e677155 Fix user.resetPassword to fail on email not found 2015-11-02 12:55:24 +01:00
Samuel Gaus 351b8026a0 Do not include redundant ports in verify links
If the protocol and port match we can ignore the port for a more
visually appealing link.
2015-10-12 16:24:30 +02:00
Pradnya Baviskar dc987a59a9 Promisify User model 2015-07-14 13:01:46 +05:30
Raymond Feng 12e19e36ea Upgrade test fixtures to use LB 2.x layout 2015-04-20 09:23:44 -07:00
Miroslav Bajtoš 699bc7aa97 test: remove global autoAttach 2015-04-07 15:25:18 +02:00
jakerella 713001913e Ability to pass in custom verification token generator
This commit adds the ability for the developer to use a custom token generator function for the user.verify(...) method. By default, the system will still use the crypto.randomBytes() method if no option is provided.
2015-03-19 16:56:38 -04:00
Raymond Feng 78550a9bc5 Pass options from User.login to createAccessToken
It will allow subclass of User to create access token based on additional
properties such as 'scope'.
2015-03-02 14:48:08 -08:00
Miroslav Bajtoš 3c43eccac7 Merge pull request #1120 from PradnyaBaviskar/lb-issue-416
Fix "User.confirm" to always call afterRemote hook

Close #1120
2015-02-25 14:26:07 +01:00
Pradnya Baviskar 8766d4a68d Fix "User.confirm" to always call afterRemote hook
Make the "redirect" parameter optional. When the parameter is not
specified, the server responds with an empty response (204). This allows
API clients to call the method without the need to handle redirects
and HTML responses.

Even when the "redirect" parameter is included, the builtin afterRemote
hook still calls next(), so that user-provided afterRemote hooks
are executed too.
2015-02-25 14:20:47 +01:00
Raymond Feng 13e618bff2 Skip hashing password if it's already hashed
See https://github.com/strongloop/loopback-datasource-juggler/issues/471
2015-02-24 16:36:51 -08:00
Miroslav Bajtoš c2236c393b Upgrade jscs to ~1.11 via grunt-jscs ^1.5 2015-02-20 15:31:15 +01:00
Raymond Feng a18fa176a8 Fix the test case 2015-01-30 08:52:45 -08:00
Ron Edgecomb a028d9d198 Add error code property to known error responses.
Enhance the error objects with a `code` property containing
a machine-readable string code describing the error, for example
INVALID_TOKEN or USER_NOT_FOUND.

Also improve 404 error messages to include the model name.
2015-01-21 19:04:47 +01:00
Raymond Feng f5eac871fd Merge branch 'master' of https://github.com/greaterweb/loopback into greaterweb-master 2015-01-07 16:35:00 -08:00
Raymond Feng 90fd62ec0a Merge pull request #941 from strongloop/feature/workaround-issue-251
Allow User.hashPassword/validatePassword to be overridden
2015-01-07 14:01:03 -08:00
Raymond Feng b7db9808b2 Allow User.hashPassword/validatePassword to be overridden
See https://github.com/strongloop/loopback/issues/251
2015-01-06 16:03:30 -08:00
Ron Edgecomb 62bb63b4f2 Additional password reset unit tests for API and REST
- strongloop/loopback#944
2015-01-06 10:31:53 -05:00
Ron Edgecomb 9ac620c113 Small formatting update to have consistency with identical logic in other areas.
- strongloop/loopback#944
2015-01-06 10:31:52 -05:00
Ron Edgecomb 36112d2b50 Simplify the API test for invalidCredentials (removed create), move above REST calls for better grouping of tests
- strongloop/loopback#944
2015-01-06 10:31:52 -05:00
Ron Edgecomb e4a1baa4a3 Force request to send body as string, this ensures headers aren't automatically set to application/json
- strongloop/loopback#944
2015-01-06 10:31:52 -05:00
Ron Edgecomb 572a8bb423 Ensure error checking logic is in place for all REST calls, expand formatting for consistency with existing instances.
- strongloop/loopback#944
2015-01-06 10:31:52 -05:00
Ron Edgecomb 6de1da5d22 Correct invalidCredentials so that it differs from validCredentialsEmailVerified, unit test now passes as desired.
- strongloop/loopback#944
2015-01-06 10:31:52 -05:00
Ron Edgecomb 3b4cadf7a3 Update to demonstrate unit test is actually failing due to incorrect values of invalidCredentials
- strongloop/loopback#944
2015-01-06 10:31:52 -05:00
Ron Edgecomb 70f576b452 API and REST tests added to ensure complete and valid credentials are supplied for verified error message to be returned
- tests added as suggested and fail under previous version of User model
 - strongloop/loopback#931
2015-01-05 18:40:59 -05:00
Clark Wang 2f9400fc87 fix User.settings.ttl can't be overridden in sub model
Signed-off-by: Clark Wang <clark.wangs@gmail.com>
2014-12-28 16:02:37 +08:00
Rob Halff 36e1f6840c fix jscs errors 2014-11-21 03:35:36 +01:00
Rob Halff 918497c365 singlequote, semicolon & /*jshint -W030 */ 2014-11-21 02:46:21 +01:00
Miroslav Bajtoš fec8234c4c Merge pull request #616 from jpizarrom/master
added email custom headers in user verify
2014-10-24 19:51:10 +02:00
Juan Pizarro 4098bec2c6 User: custom email headers in verify 2014-10-24 14:42:49 -03:00
Raymond Feng b98ada282f Merge pull request #660 from strongloop/feature/add-realm-support
Add realm support
2014-10-24 08:27:28 -07:00
Raymond Feng 46d1430023 Add realm support 2014-10-23 11:10:39 -07:00
Miroslav Bajtoš b57cd3e409 User: fix `confirm` permissions
Enable authentication for all User unit-tests to check that the ACLs are
correctly configured.

Fix the rule for `confirm` - the correct permission is `ALLOW`, not
`ACL.ALLOW`.
2014-10-23 13:19:43 +02:00
Miroslav Bajtoš b1e0edb22b test: verify exported models 2014-10-14 08:58:17 +02:00
Alexander Ryzhikov 58538f02b7 user#login include server crash fix
Signed-off-by: Alexander Ryzhikov <coobaha@gmail.com>
2014-09-03 09:58:49 +04:00
Raymond Feng 567e2530d7 Build the email verification url from app context
https://github.com/strongloop/loopback/issues/408
2014-07-26 22:39:42 -07:00
Raymond Feng 335bae4b46 Merge branch 'master' into feature/fix-issue-377 2014-07-22 10:49:20 -07:00
Raymond Feng 21b8609ee2 Report error for User.confirm()
See https://github.com/strongloop/loopback/issues/377
2014-07-22 10:42:22 -07:00
Raymond Feng 74e9ff75e3 Merge pull request #385 from offlinehacker/master
Validate username uniqueness
2014-07-21 15:26:01 -07:00
Jaka Hudoklin 90094e5e86 Validate username uniqueness
Signed-off-by: Jaka Hudoklin <jakahudoklin@gmail.com>
2014-07-19 14:18:21 +02:00
Raymond Feng e5b64c6143 Upgrade to nodemailer 1.0.1 2014-07-16 12:40:15 -07:00
Raymond Feng 7b36196561 Merge pull request #362 from strongloop/feature/remoting-add-remove
Add a test case for hasMany through add/remove remoting
2014-07-15 16:15:27 -07:00
Raymond Feng 54b13f4feb Upgrade to loopback-datasource-juggler@1.7.0 2014-07-15 16:15:02 -07:00
Raymond Feng 76b6dc10d9 Add a test case for credentials/challenges 2014-07-15 08:20:47 -07:00
Raymond Feng 74a39f3fc2 Refactor email verification tests into a new group 2014-07-08 08:54:50 -07:00
Raymond Feng 0c67b1e781 Add an option to honor emailVerified
See https://github.com/strongloop/loopback/pull/215
2014-07-07 14:09:45 -07:00
Raymond Feng 6b4ebdf609 Allow the creation of access token to be overriden 2014-06-09 14:53:55 -07:00
Ritchie Martori 7eeed19bf0 Relax validation object test 2014-05-20 14:39:28 -07:00
Raymond Feng 89aa3595f5 Set the correct status code for User.login
See https://github.com/strongloop/loopback/issues/118
2014-02-28 13:19:52 -08:00
Raymond Feng 46b579dc4a Make sure User/AccessToken relations are set up by default
User.login assumes the relation User.accessTokens exists
2014-02-14 10:31:30 -08:00
Miroslav Bajtoš d6f0b5f5a6 Add `include=user` param to `User.login`
Allow LB clients to get details of the currently logged-in user
as part of the login response.

Improve method's `description` to mention this new option.
2014-01-30 18:09:54 +01:00
Ritchie Martori 86a85291ac Fix user test race condition 2014-01-23 14:39:15 -08:00
Ritchie Martori 9f2651578b fixup - Include accessToken in user logout tests 2013-12-17 21:34:30 -08:00
Ritchie Martori af2b8dd4ff Merge feature/password-reset 2013-12-06 17:35:14 -08:00
Raymond Feng 23add99f12 Fix the test assertion as the error message is changed. 2013-12-04 14:41:25 -08:00
Ritchie Martori 2f9403016c Initial auth implementation 2013-11-22 12:26:59 -08:00
Ritchie Martori e92c46a4e4 Add password reset 2013-11-20 14:20:47 -08:00
Ritchie Martori cb39ae7adb Debugging odd defineFK behavior 2013-11-19 10:29:02 -08:00
Ritchie Martori da0545bed6 Initial auto wiring for model dataSources 2013-11-18 16:13:40 -08:00
Raymond Feng 9bc762c09c Update dependencies 2013-11-14 21:19:57 -08:00
Ritchie Martori 1de2a40e88 Update AccessToken and User relationship
- Add created default
 - Default TTLs for user login access tokens
 - Break out User / AccessToken relationship
2013-11-14 19:41:29 -08:00
Ritchie Martori 64d8ff986b Add loopback.token() middleware 2013-11-14 13:01:47 -08:00
Ritchie 77a137eca6 Rename Session => AccessToken 2013-11-14 10:05:13 -08:00
Ritchie Martori a3f1d8d944 Refactor email model into mail connector 2013-10-14 10:54:55 -07:00
Raymond Feng 757803f203 Fix the test as DAO now ignores undefined value for query 2013-10-11 13:40:08 -07:00
Ritchie Martori 423b4f2157 Fix login query 2013-07-28 14:33:13 -07:00
Ritchie Martori 7f1e88e816 Implement required and update invlaid id schemas 2013-07-28 13:20:55 -07:00
Ritchie Martori 0f3ad00086 Remove auth middleware and passport until adding in acl and strategies 2013-07-28 10:11:29 -07:00
Ritchie Martori 89f65d792f Clean up log out methods 2013-07-28 10:08:06 -07:00
Ritchie 8a7086be5c Add root true to remote methods 2013-07-24 17:21:15 -07:00
Ritchie Martori 253d42a8e8 Cleanup test markdown 2013-07-16 13:41:17 -07:00
Raymond Feng 2f773115fe rename asteroid to loopback 2013-07-16 11:02:06 -07:00
Ritchie Martori 49da6f4249 Fix login bug. 2013-07-15 18:22:33 -07:00
Ritchie Martori aa8d1bb853 Added bcrypt for password hashing 2013-07-15 14:07:17 -07:00
Ritchie Martori acfaee2fb0 Remove data argument name from user tests 2013-07-15 10:56:42 -07:00
Ritchie Martori d9b5daba0e Validate uniqueness and format of User email. 2013-07-12 17:03:13 -07:00
Ritchie Martori 16617a3737 Add user.logout() sugar method and update logout docs 2013-07-12 16:10:15 -07:00
Ritchie Martori a09b527000 Create 64 byte session ids 2013-07-12 15:47:58 -07:00
Ritchie Martori a22cf5f4af Update docs and add asteroid.memory() sugar api
- added asteroid.memory()
 - added default session and email models to user model
2013-07-12 12:40:36 -07:00
Ritchie Martori fc0777de08 Add basic email verification 2013-07-03 13:40:14 -07:00
Ritchie Martori 8387a68b85 Initial users 2013-07-03 13:40:13 -07:00