f8b013dab8
Clean up access-token-invalidation tests
2017-01-16 10:39:49 +01:00
5233dcb557
Emit resetPasswordRequest event with options
2017-01-05 15:36:01 +01:00
659e9ce09b
Fix false emailVerified on user model update
...
We noticed that every time the user model updates, the emailVerified
column would change to false, even though the email was not changed
at all.
I took a look and realized there might be an error in
https://github.com/strongloop/loopback/commit/eb640d8
The intent of the commit just mention is to make emailVerified false
when the email gets changed, but notice that ctx.data.email is null
on updates, so the condition is always met and emailVerified always
becomes false.
This commit fixes the issue just mentioned.
2017-01-05 11:08:35 +01:00
4ee086dcd0
Invalidate AccessTokens on password change
...
Invalidate all existing sessions (delete all access tokens)
after user's password was changed.
2016-12-12 13:58:20 +01:00
4d41c67c54
Remove "options.template" from Email payload
...
Fix User.confirm to exclude "options.template" when sending the
confirmation email. Certain nodemailer transport plugins are rejecting
such requests.
2016-12-07 10:54:17 +01:00
e7831f6c4d
Allow password reset request for users in realms
2016-11-30 16:57:59 -05:00
5c1558f969
Add templateFn option to User#verify()
2016-11-15 13:46:35 +01:00
67e5c6ec1e
Require verification after email change
...
When the User model is configured to require email verification,
then any change of the email address should trigger re-verification.
2016-11-09 11:51:37 -05:00
6e880137e4
adding check of string for case insensitive emails
2016-11-04 10:35:08 -04:00
bdeaf654fa
Validate non-email property partial update
2016-10-03 16:53:36 -04:00
59eeb99803
Allow resetPassword if email is verified
2016-09-20 11:29:56 -04:00
fa310d5882
Invalidate sessions after email change
2016-09-19 14:55:23 -04:00
3df5b2814c
Fix double-slash in confirmation URL
...
Fix the code building the URL used in the email-verification email
to prevent double-slash in the URL when e.g. restApiRoot is '/'.
Before:
http://example.com//users/confirm ?...
Now:
http://example.com/users/confirm ?...
2016-09-12 17:12:24 +02:00
381222bf7a
Rework email validation to use isemail
...
Drop hand-crafted RegExp in favour of a 3rd-party module that supports
RFC5321, RFC5322 and other relevant standards.
2016-09-06 13:00:27 +02:00
bc10d68c54
test/user: don't attach User model twice
2016-08-31 15:29:18 +02:00
d8aa6bdf00
Add bcrypt validation
...
https://github.com/strongloop/loopback/pull/2580
2016-08-15 09:55:23 -04:00
fea3b781a0
Update dependencies to their latest versions
2016-08-05 10:54:42 +02:00
7f5f8d6df5
Increase timeout
2016-08-03 11:11:09 -04:00
a8f30af49d
Fix test case error
2016-07-26 13:29:11 -04:00
619372e51e
Backport/Fix security issue 580
2016-07-25 11:06:19 -04:00
4480cd92ab
Fix verificationToken bug #2440
2016-06-17 11:16:06 -04:00
25ade96d27
Backport separate error checking and done logic
2016-05-06 14:07:38 -07:00
4d6f2e7ab7
update/insert copyright notices
2016-05-03 17:10:46 -07:00
845c59eced
test/user: use local registry
...
Rework User tests to not depend on `app.autoAttach()` and global shared
registry of Models. Instead, each tests creates a fresh app instance
with a new in-memory datasource and a new set of Models.
2016-05-03 14:39:06 +02:00
a0806eab89
test: remove errant console.log from test
...
Using console.log like this can result in invalid xml when the xunit
reporter is used.
[Backport of pull request #2035 ]
2016-02-05 09:22:43 +01:00
a0a1083564
Hide verificationToken
...
We should never be showing this publically.
Adds unit test for hiding verification token.
This is a back-port of pull request #1851 from gausie/patch-4
2016-02-04 16:27:03 +01:00
2cca83c4ff
Add case-sensitve email option for User model.
2015-12-03 13:18:49 -05:00
403e677155
Fix user.resetPassword to fail on email not found
2015-11-02 12:55:24 +01:00
351b8026a0
Do not include redundant ports in verify links
...
If the protocol and port match we can ignore the port for a more
visually appealing link.
2015-10-12 16:24:30 +02:00
dc987a59a9
Promisify User model
2015-07-14 13:01:46 +05:30
12e19e36ea
Upgrade test fixtures to use LB 2.x layout
2015-04-20 09:23:44 -07:00
699bc7aa97
test: remove global autoAttach
2015-04-07 15:25:18 +02:00
713001913e
Ability to pass in custom verification token generator
...
This commit adds the ability for the developer to use a custom token generator function for the user.verify(...) method. By default, the system will still use the crypto.randomBytes() method if no option is provided.
2015-03-19 16:56:38 -04:00
78550a9bc5
Pass options from User.login to createAccessToken
...
It will allow subclass of User to create access token based on additional
properties such as 'scope'.
2015-03-02 14:48:08 -08:00
3c43eccac7
Merge pull request #1120 from PradnyaBaviskar/lb-issue-416
...
Fix "User.confirm" to always call afterRemote hook
Close #1120
2015-02-25 14:26:07 +01:00
8766d4a68d
Fix "User.confirm" to always call afterRemote hook
...
Make the "redirect" parameter optional. When the parameter is not
specified, the server responds with an empty response (204). This allows
API clients to call the method without the need to handle redirects
and HTML responses.
Even when the "redirect" parameter is included, the builtin afterRemote
hook still calls next(), so that user-provided afterRemote hooks
are executed too.
2015-02-25 14:20:47 +01:00
13e618bff2
Skip hashing password if it's already hashed
...
See https://github.com/strongloop/loopback-datasource-juggler/issues/471
2015-02-24 16:36:51 -08:00
c2236c393b
Upgrade jscs to ~1.11 via grunt-jscs ^1.5
2015-02-20 15:31:15 +01:00
a18fa176a8
Fix the test case
2015-01-30 08:52:45 -08:00
a028d9d198
Add error code property to known error responses.
...
Enhance the error objects with a `code` property containing
a machine-readable string code describing the error, for example
INVALID_TOKEN or USER_NOT_FOUND.
Also improve 404 error messages to include the model name.
2015-01-21 19:04:47 +01:00
f5eac871fd
Merge branch 'master' of https://github.com/greaterweb/loopback into greaterweb-master
2015-01-07 16:35:00 -08:00
90fd62ec0a
Merge pull request #941 from strongloop/feature/workaround-issue-251
...
Allow User.hashPassword/validatePassword to be overridden
2015-01-07 14:01:03 -08:00
b7db9808b2
Allow User.hashPassword/validatePassword to be overridden
...
See https://github.com/strongloop/loopback/issues/251
2015-01-06 16:03:30 -08:00
62bb63b4f2
Additional password reset unit tests for API and REST
...
- strongloop/loopback#944
2015-01-06 10:31:53 -05:00
9ac620c113
Small formatting update to have consistency with identical logic in other areas.
...
- strongloop/loopback#944
2015-01-06 10:31:52 -05:00
36112d2b50
Simplify the API test for invalidCredentials (removed create), move above REST calls for better grouping of tests
...
- strongloop/loopback#944
2015-01-06 10:31:52 -05:00
e4a1baa4a3
Force request to send body as string, this ensures headers aren't automatically set to application/json
...
- strongloop/loopback#944
2015-01-06 10:31:52 -05:00
572a8bb423
Ensure error checking logic is in place for all REST calls, expand formatting for consistency with existing instances.
...
- strongloop/loopback#944
2015-01-06 10:31:52 -05:00
6de1da5d22
Correct invalidCredentials so that it differs from validCredentialsEmailVerified, unit test now passes as desired.
...
- strongloop/loopback#944
2015-01-06 10:31:52 -05:00
3b4cadf7a3
Update to demonstrate unit test is actually failing due to incorrect values of invalidCredentials
...
- strongloop/loopback#944
2015-01-06 10:31:52 -05:00
Miroslav Bajtoš
Sergey Reus
박대선
Bram Borggreve
Adrien Kiren
Loay
Dhaval Trivedi
jannyHou
Simon Ho
Ryan Graham
Ryan Graham
Miroslav Bajtoš
Richard Pringle
Simo Moujami
Samuel Gaus
Pradnya Baviskar
Raymond Feng
Miroslav Bajtoš
jakerella
Ron Edgecomb
Raymond Feng