Implement a new method for changing user passwords the secure way.
The method requires the old password to be provided before a new
password can be used.
REST API:
POST /api/users/change-password
Authorization: your-token-id
Content-Type: application/json
{"oldPassword":"old-pass", "newPassword": "new-pass"}
JavaScript API:
User.changePassword(userId, oldPassword, newPassword[, cb])
There is also an instance-level (prototype) method that can be used
from JavaScript:
userInstance.changePassword(oldPassword, newPassword[, cb])
Use local registry in test fixtures to prevent collision in globally
shared models.
Fix issues discoverd in auth implementation where the global registry
was used instead of the correct local one.
*Re-mapping `updateAttributes` endpoint to use
`PATCH` and `PUT`(configurable) verb
*Exposing `replaceById` and `replaceOrCreate` via
`POST` and `PUT`(configurable) verb
Enable authentication for all User unit-tests to check that the ACLs are
correctly configured.
Fix the rule for `confirm` - the correct permission is `ALLOW`, not
`ACL.ALLOW`.
Miroslav Bajtoš
Amir Jafarian
David Cheung
Samuel Gaus
Richard Pringle
Raymond Feng
Miroslav Bajtoš