diff --git a/app/templates/server/api/user(auth)/user.controller.js b/app/templates/server/api/user(auth)/user.controller.js index d074c666b..8c67bb43a 100644 --- a/app/templates/server/api/user(auth)/user.controller.js +++ b/app/templates/server/api/user(auth)/user.controller.js @@ -143,7 +143,7 @@ exports.changePassword = function(req, res, next) { exports.me = function(req, res, next) { var userId = req.user._id; - <% if (filters.mongooseModels) { %>User.findOneAsync({ _id: userId }, '-salt -hashedPassword')<% } + <% if (filters.mongooseModels) { %>User.findOneAsync({ _id: userId })<% } if (filters.sequelizeModels) { %>User.find({ where: { _id: userId diff --git a/app/templates/server/api/user(auth)/user.model(mongooseModels).js b/app/templates/server/api/user(auth)/user.model(mongooseModels).js index 008412eaf..35a9b8495 100644 --- a/app/templates/server/api/user(auth)/user.model(mongooseModels).js +++ b/app/templates/server/api/user(auth)/user.model(mongooseModels).js @@ -15,9 +15,9 @@ var UserSchema = new Schema({ type: String, default: 'user' }, - password: String, + password: {type: String, select: false}, provider: String, - salt: String<% if (filters.oauth) { %>,<% if (filters.facebookAuth) { %> + salt: {type: String, select: false}<% if (filters.oauth) { %>,<% if (filters.facebookAuth) { %> facebook: {},<% } %><% if (filters.twitterAuth) { %> twitter: {},<% } %><% if (filters.googleAuth) { %> google: {},<% } %> diff --git a/app/templates/server/api/user(auth)/user.model.spec(mongooseModels).js b/app/templates/server/api/user(auth)/user.model.spec(mongooseModels).js index 1aad3b25e..9f675e0d7 100644 --- a/app/templates/server/api/user(auth)/user.model.spec(mongooseModels).js +++ b/app/templates/server/api/user(auth)/user.model.spec(mongooseModels).js @@ -52,6 +52,14 @@ describe('User Model', function() { return user.saveAsync(); }); + it('should exclude salt and hashedPassword by default', function(done) { + User.find({name: user.name}, function(err, _user) { + _user.should.not.have.property('salt'); + _user.should.not.have.property('hashedPassword'); + done(); + }); + }); + it('should authenticate user if valid', function() { user.authenticate('password').should.be.true; }); diff --git a/app/templates/server/api/user(auth)/user.model.spec(sequelizeModels).js b/app/templates/server/api/user(auth)/user.model.spec(sequelizeModels).js index a7af1bd38..042ac4856 100644 --- a/app/templates/server/api/user(auth)/user.model.spec(sequelizeModels).js +++ b/app/templates/server/api/user(auth)/user.model.spec(sequelizeModels).js @@ -54,6 +54,14 @@ describe('User Model', function() { return user.save(); }); + it('should exclude salt and hashedPassword by default', function(done) { + User.find({name: user.name}, function(err, _user) { + _user.should.not.have.property('salt'); + _user.should.not.have.property('hashedPassword'); + done(); + }); + }); + it('should authenticate user if valid', function() { user.authenticate('password').should.be.true; }); diff --git a/app/templates/server/auth(auth)/local/passport.js b/app/templates/server/auth(auth)/local/passport.js index 2bd3366f8..0d397a6f0 100644 --- a/app/templates/server/auth(auth)/local/passport.js +++ b/app/templates/server/auth(auth)/local/passport.js @@ -4,7 +4,7 @@ var LocalStrategy = require('passport-local').Strategy; function localAuthenticate(User, email, password, done) { <% if (filters.mongooseModels) { %>User.findOneAsync({ email: email.toLowerCase() - })<% } + }, '+salt +hashedPassword')<% } if (filters.sequelizeModels) { %>User.find({ where: { email: email.toLowerCase()