verdnatura/salix
verdnatura
/
salix
3
4
Fork 0
Code Issues Pull Requests 59 Releases Wiki Activity

#6427 - SMS Recover Password #2037

Open
jsegarra wants to merge 72 commits from 6427_sms_resetPassword into dev
pull from: 6427_sms_resetPassword
merge into: verdnatura:dev
Conversation 3 Commits 72 Files Changed 33 +29 -2
2 changed files with 29 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit a01637414e - Show all commits

29
back/models/specs/vn-user.spec.js
View File

@ -34,7 +34,7 @@ describe('loopback model VnUser', () => {
await models.VnUser.userSecurity(ctx, employeeId); await models.VnUser.userSecurity(ctx, employeeId);
}); });
it('should throw an error if you have medium privileges and the users email is verified', async() => { it('should throw an error when update emailVerified field if you have medium privileges and the users email is verified', async() => {
const tx = await models.VnUser.beginTransaction({}); const tx = await models.VnUser.beginTransaction({});
const ctx = {options: {accessToken: {userId: hrId}}}; const ctx = {options: {accessToken: {userId: hrId}}};
try { try {
@ -50,5 +50,32 @@ describe('loopback model VnUser', () => {
expect(error).toEqual(new ForbiddenError()); expect(error).toEqual(new ForbiddenError());
} }
}); });
it('should throw an error when update recoveryPhone if you have medium privileges and the users email is verified', async() => {
const tx = await models.VnUser.beginTransaction({});
const ctx = {options: {accessToken: {userId: hrId}}};
try {
const options = {transaction: tx};
const userToUpdate = await models.VnUser.findById(1, null, options);
userToUpdate.updateAttribute('recoveryPhone', 123456789, options);
await models.VnUser.userSecurity(ctx, employeeId, options);
await tx.rollback();
} catch (error) {
await tx.rollback();
expect(error).toEqual(new ForbiddenError());
}
});
it('should update recoveryPhone if you are the same user', async() => {
const ctx = {options: {accessToken: {userId: employeeId}}};
const newRecoveryPhone = 123456789;
const userToUpdate = await models.VnUser.findById(1, null);
userToUpdate.updateAttribute('recoveryPhone', newRecoveryPhone);
await models.VnUser.userSecurity(ctx, employeeId);
});
}); });
}); });

2
back/models/vn-user.js
View File

@ -232,7 +232,7 @@ module.exports = function(Self) {
const user = await models.VnUser.findById(userId, {fields: ['id', 'emailVerified']}, myOptions); const user = await models.VnUser.findById(userId, {fields: ['id', 'emailVerified']}, myOptions);
if (!user.emailVerified && hasMediumPrivileges) return; if (!user.emailVerified && hasMediumPrivileges) return;
if (ctx.args.recoveryPhone) throw new ForbiddenError(); if (ctx.args?.recoveryPhone) throw new ForbiddenError();
throw new ForbiddenError(); throw new ForbiddenError();
}; };