Skip to content

fix(user): fix email and password validation #1743

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Mar 28, 2016
Merged

fix(user): fix email and password validation #1743

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
474a3a1
fix(user): fix email and password validation
programmerdave Mar 25, 2016
d9982d4
test(user): check for undefined email and password
programmerdave Mar 25, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions app/templates/gulpfile.babel(gulp).js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -486,7 +486,7 @@ gulp.task('wiredep:client', () => {
/bootstrap\.css/<% if(filters.sass) { %>,
/bootstrap-sass-official/<% } if(filters.oauth) { %>,
/bootstrap-social\.css/<% }}} %>
]
],
ignorePath: clientPath
}))
.pipe(gulp.dest(`${clientPath}/`));
Expand All @@ -503,7 +503,7 @@ gulp.task('wiredep:test', () => {
/bootstrap\.css/<% if(filters.sass) { %>,
/bootstrap-sass-official/<% } if(filters.oauth) { %>,
/bootstrap-social\.css/<% }}} %>
]
],
devDependencies: true
}))
.pipe(gulp.dest('./'));
Expand Down
34 changes: 29 additions & 5 deletions app/templates/server/api/user(auth)/user.model(mongooseModels).js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,13 +11,29 @@ var UserSchema = new Schema({
name: String,
email: {
type: String,
lowercase: true
lowercase: true,
required: <% if(filters.oauth) { %>function() {
if (authTypes.indexOf(this.provider) === -1) {
return true;
} else {
return false;
}
}<% } else { %>true<% } %>
},
role: {
type: String,
default: 'user'
},
password: String,
password: {
type: String,
required: <% if(filters.oauth) { %>function() {
if (authTypes.indexOf(this.provider) === -1) {
return true;
} else {
return false;
}
}<% } else { %>true<% } %>
},
provider: String,
salt: String<% if (filters.oauth) { %>,<% if (filters.facebookAuth) { %>
facebook: {},<% } %><% if (filters.twitterAuth) { %>
Expand Down Expand Up @@ -108,8 +124,12 @@ UserSchema
return next();
}

if (!validatePresenceOf(this.password)<% if (filters.oauth) { %> && authTypes.indexOf(this.provider) === -1<% } %>) {
return next(new Error('Invalid password'));
if (!validatePresenceOf(this.password)) {
<% if (filters.oauth) { %>if (authTypes.indexOf(this.provider) === -1) {
<% } %>return next(new Error('Invalid password'));<% if (filters.oauth) { %>
} else {
return next();
}<% } %>
}

// Make salt with a callback
Expand Down Expand Up @@ -203,7 +223,11 @@ UserSchema.methods = {
*/
encryptPassword(password, callback) {
if (!password || !this.salt) {
return null;
if (!callback) {
return null;
} else {
return callback('Missing password or salt');
}
}

var defaultIterations = 10000;
Expand Down
143 changes: 129 additions & 14 deletions app/templates/server/api/user(auth)/user.model.spec(mongooseModels).js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,32 +41,147 @@ describe('User Model', function() {
});

describe('#email', function() {
it('should fail when saving without an email', function() {
it('should fail when saving with a blank email', function() {
user.email = '';
return <%= expect() %>user.save()<%= to() %>.be.rejected;
});

it('should fail when saving with a null email', function() {
user.email = null;
return <%= expect() %>user.save()<%= to() %>.be.rejected;
});

it('should fail when saving without an email', function() {
user.email = undefined;
return <%= expect() %>user.save()<%= to() %>.be.rejected;
});<% if (filters.oauth && filters.googleAuth) { %>

context('given user provider is google', function() {
beforeEach(function() {
user.provider = 'google';
});

it('should succeed when saving without an email', function() {
user.email = null;
return <%= expect() %>user.save()<%= to() %>.be.fulfilled;
});
});<% } %><% if (filters.oauth && filters.facebookAuth) { %>

context('given user provider is facebook', function() {
beforeEach(function() {
user.provider = 'facebook';
});

it('should succeed when saving without an email', function() {
user.email = null;
return <%= expect() %>user.save()<%= to() %>.be.fulfilled;
});
});<% } %><% if (filters.oauth && filters.twitterAuth) { %>

context('given user provider is twitter', function() {
beforeEach(function() {
user.provider = 'twitter';
});

it('should succeed when saving without an email', function() {
user.email = null;
return <%= expect() %>user.save()<%= to() %>.be.fulfilled;
});
});<% } %><% if (filters.oauth) { %>

context('given user provider is github', function() {
beforeEach(function() {
user.provider = 'github';
});

it('should succeed when saving without an email', function() {
user.email = null;
return <%= expect() %>user.save()<%= to() %>.be.fulfilled;
});
});<% } %>
});

describe('#password', function() {
beforeEach(function() {
return user.save();
it('should fail when saving with a blank password', function() {
user.password = '';
return <%= expect() %>user.save()<%= to() %>.be.rejected;
});

it('should authenticate user if valid', function() {
<%= expect() %>user.authenticate('password')<%= to() %>.be.true;
it('should fail when saving with a null password', function() {
user.password = null;
return <%= expect() %>user.save()<%= to() %>.be.rejected;
});

it('should not authenticate user if invalid', function() {
<%= expect() %>user.authenticate('blah')<%= to() %>.not.be.true;
it('should fail when saving without a password', function() {
user.password = undefined;
return <%= expect() %>user.save()<%= to() %>.be.rejected;
});

it('should remain the same hash unless the password is updated', function() {
user.name = 'Test User';
return <%= expect() %>user.save()
.then(function(u) {
return u.authenticate('password');
})<%= to() %>.eventually.be.true;
});
context('given the user has been previously saved', function() {
beforeEach(function() {
return user.save();
});

it('should authenticate user if valid', function() {
<%= expect() %>user.authenticate('password')<%= to() %>.be.true;
});

it('should not authenticate user if invalid', function() {
<%= expect() %>user.authenticate('blah')<%= to() %>.not.be.true;
});

it('should remain the same hash unless the password is updated', function() {
user.name = 'Test User';
return <%= expect() %>user.save()
.then(function(u) {
return u.authenticate('password');
})<%= to() %>.eventually.be.true;
});
});<% if (filters.oauth && filters.googleAuth) { %>

context('given user provider is google', function() {
beforeEach(function() {
user.provider = 'google';
});

it('should succeed when saving without a password', function() {
user.password = null;
return <%= expect() %>user.save()<%= to() %>.be.fulfilled;
});
});<% } %><% if (filters.oauth && filters.facebookAuth) { %>

context('given user provider is facebook', function() {
beforeEach(function() {
user.provider = 'facebook';
});

it('should succeed when saving without a password', function() {
user.password = null;
return <%= expect() %>user.save()<%= to() %>.be.fulfilled;
});
});<% } %><% if (filters.oauth && filters.twitterAuth) { %>

context('given user provider is twitter', function() {
beforeEach(function() {
user.provider = 'twitter';
});

it('should succeed when saving without a password', function() {
user.password = null;
return <%= expect() %>user.save()<%= to() %>.be.fulfilled;
});
});<% } %><% if (filters.oauth) { %>

context('given user provider is github', function() {
beforeEach(function() {
user.provider = 'github';
});

it('should succeed when saving without a password', function() {
user.password = null;
return <%= expect() %>user.save()<%= to() %>.be.fulfilled;
});
});<% } %>
});

});