mirror of
https://github.com/overleaf/overleaf.git
synced 2024-11-21 20:47:08 -05:00
written password reset controller
This commit is contained in:
parent
551e1d465a
commit
64688e661d
5 changed files with 107 additions and 39 deletions
|
@ -1,21 +1,31 @@
|
|||
PasswordResetHandler = require("./PasswordResetHandler")
|
||||
|
||||
module.exports =
|
||||
|
||||
requestPasswordReset: ->
|
||||
renderRequestResetForm: (req, res)->
|
||||
res.render "user/passwordReset",
|
||||
title:"Reset Password"
|
||||
|
||||
requestReset: (req, res)->
|
||||
email = req.body.email.trim()
|
||||
PasswordResetHandler.generateAndEmailResetToken email, (err)->
|
||||
if err?
|
||||
res.send 500
|
||||
else
|
||||
res.send 200
|
||||
|
||||
|
||||
renderSetPasswordForm: (req, res)->
|
||||
res.render "user/setPassword",
|
||||
title:"Set Password"
|
||||
|
||||
# check user exists
|
||||
# generate token
|
||||
# send email token link
|
||||
|
||||
renderPasswordResetForm: ->
|
||||
# check that the token is valid
|
||||
# render html
|
||||
|
||||
changeUsersPasswordFromReset: ->
|
||||
# check auth again
|
||||
# check both passwords match
|
||||
# set passowrd
|
||||
# redir to login form
|
||||
|
||||
setNewUserPassword: (req, res)->
|
||||
{token, password} = req.body
|
||||
if !password? or password.length < 4 or !token? or token.length == 0
|
||||
return res.send 500
|
||||
PasswordResetHandler.setNewUserPassword token?.trim(), password?.trim(), (err)->
|
||||
if err?
|
||||
res.send 500
|
||||
else
|
||||
res.send 200
|
|
@ -7,20 +7,19 @@ AuthenticationManager = require("../Authentication/AuthenticationManager")
|
|||
|
||||
module.exports =
|
||||
|
||||
generateAndEmailResetToken:(user_id, callback)->
|
||||
async.series
|
||||
user: (cb)-> UserGetter.getUser _id:user_id, cb
|
||||
token: (cb)-> TokenGenerator.getNewToken user_id, cb
|
||||
, (err, results)->
|
||||
generateAndEmailResetToken:(email, callback)->
|
||||
UserGetter.getUser email:email, (err, user)->
|
||||
if err then return callback(err)
|
||||
if !results.user?
|
||||
if !user?
|
||||
return callback("no user found")
|
||||
TokenGenerator.getNewToken user._id, (err, token)->
|
||||
if err then return callback(err)
|
||||
emailOptions =
|
||||
to : results.user.email
|
||||
setNewPasswordUrl : "#{settings.siteUrl}/user/password/set?resetToken=#{results.token}"
|
||||
to : email
|
||||
setNewPasswordUrl : "#{settings.siteUrl}/user/password/set?resetToken=#{token}"
|
||||
EmailHandler.sendEmail "passwordResetRequested", emailOptions, callback
|
||||
|
||||
setNewUserPassowrd: (token, password, callback)->
|
||||
setNewUserPassword: (token, password, callback)->
|
||||
TokenGenerator.getUserIdFromToken token, (err, user_id)->
|
||||
if err then return callback(err)
|
||||
if !user_id?
|
||||
|
|
|
@ -1,9 +1,9 @@
|
|||
module.exports =
|
||||
apply: (app) ->
|
||||
|
||||
app.get '/user/password/reset', PasswordResetController.renderRequestReset
|
||||
app.post '/user/password/reset', ProjectDownloadsController.requestRest
|
||||
app.get '/user/password/reset', PasswordResetController.renderRequestResetForm
|
||||
app.post '/user/password/reset', ProjectDownloadsController.requestReset
|
||||
|
||||
app.get '/user/password/set', PasswordResetController.renderSetPassword
|
||||
app.get '/user/password/set', PasswordResetController.renderSetPasswordForm
|
||||
app.post '/user/password/set', PasswordResetController.setNewUserPassword
|
||||
|
||||
|
|
|
@ -11,21 +11,80 @@ describe "PasswordResetController", ->
|
|||
beforeEach ->
|
||||
|
||||
@settings = {}
|
||||
@PasswordResetHandler =
|
||||
generateAndEmailResetToken:sinon.stub()
|
||||
setNewUserPassword:sinon.stub()
|
||||
@PasswordResetController = SandboxedModule.require modulePath, requires:
|
||||
"settings-sharelatex":@settings
|
||||
"./PasswordResetHandler":@PasswordResetHandler
|
||||
"logger-sharelatex": log:->
|
||||
|
||||
@email = "bob@bob.com "
|
||||
@token = "my security token that was emailed to me"
|
||||
@password = "my new password"
|
||||
@req =
|
||||
body:
|
||||
email:@email
|
||||
token:@token
|
||||
password:@password
|
||||
|
||||
describe "requestPasswordReset", ->
|
||||
@res ={}
|
||||
|
||||
it "should check the user exists", (done)->
|
||||
|
||||
describe "requestReset", ->
|
||||
|
||||
it "should tell the handler to process that email", (done)->
|
||||
@PasswordResetHandler.generateAndEmailResetToken.callsArgWith(1)
|
||||
@res.send = (code)=>
|
||||
code.should.equal 200
|
||||
@PasswordResetHandler.generateAndEmailResetToken.calledWith(@email.trim()).should.equal true
|
||||
done()
|
||||
@PasswordResetController.requestReset @req, @res
|
||||
|
||||
it "should get a unique token and send the email", (done)->
|
||||
|
||||
it "should send a 500 if there is an error", (done)->
|
||||
@PasswordResetHandler.generateAndEmailResetToken.callsArgWith(1, "error")
|
||||
@res.send = (code)=>
|
||||
code.should.equal 500
|
||||
done()
|
||||
@PasswordResetController.requestReset @req, @res
|
||||
|
||||
describe "setNewUserPassword", ->
|
||||
|
||||
it "should tell the user handler to reset the password", (done)->
|
||||
@PasswordResetHandler.setNewUserPassword.callsArgWith(2)
|
||||
@res.send = (code)=>
|
||||
code.should.equal 200
|
||||
@PasswordResetHandler.setNewUserPassword.calledWith(@token, @password).should.equal true
|
||||
done()
|
||||
@PasswordResetController.setNewUserPassword @req, @res
|
||||
|
||||
it "should send a 500 if there is an error", (done)->
|
||||
@PasswordResetHandler.setNewUserPassword.callsArgWith(2, "error")
|
||||
@res.send = (code)=>
|
||||
code.should.equal 500
|
||||
done()
|
||||
@PasswordResetController.setNewUserPassword @req, @res
|
||||
|
||||
it "should error if there is no password", (done)->
|
||||
@req.body.password = ""
|
||||
@PasswordResetHandler.setNewUserPassword.callsArgWith(2)
|
||||
@res.send = (code)=>
|
||||
code.should.equal 500
|
||||
@PasswordResetHandler.setNewUserPassword.called.should.equal false
|
||||
done()
|
||||
@PasswordResetController.setNewUserPassword @req, @res
|
||||
|
||||
|
||||
|
||||
it "should error if there is no password", (done)->
|
||||
@req.body.token = ""
|
||||
@PasswordResetHandler.setNewUserPassword.callsArgWith(2)
|
||||
@res.send = (code)=>
|
||||
code.should.equal 500
|
||||
@PasswordResetHandler.setNewUserPassword.called.should.equal false
|
||||
done()
|
||||
@PasswordResetController.setNewUserPassword @req, @res
|
||||
|
||||
|
||||
|
||||
|
|
|
@ -40,7 +40,7 @@ describe "PasswordResetHandler", ->
|
|||
it "should check the user exists", (done)->
|
||||
@UserGetter.getUser.callsArgWith(1)
|
||||
@TokenGenerator.getNewToken.callsArgWith(1)
|
||||
@PasswordResetHandler.generateAndEmailResetToken @user_id, (err)->
|
||||
@PasswordResetHandler.generateAndEmailResetToken @user.email, (err)=>
|
||||
err.should.exists
|
||||
done()
|
||||
|
||||
|
@ -50,7 +50,7 @@ describe "PasswordResetHandler", ->
|
|||
@UserGetter.getUser.callsArgWith(1, null, @user)
|
||||
@TokenGenerator.getNewToken.callsArgWith(1, null, @token)
|
||||
@EmailHandler.sendEmail.callsArgWith(2)
|
||||
@PasswordResetHandler.generateAndEmailResetToken @user_id, (err)=>
|
||||
@PasswordResetHandler.generateAndEmailResetToken @user.email, (err)=>
|
||||
@EmailHandler.sendEmail.called.should.equal true
|
||||
args = @EmailHandler.sendEmail.args[0]
|
||||
args[0].should.equal "passwordResetRequested"
|
||||
|
@ -58,11 +58,11 @@ describe "PasswordResetHandler", ->
|
|||
done()
|
||||
|
||||
|
||||
describe "setNewUserPassowrd", ->
|
||||
describe "setNewUserPassword", ->
|
||||
|
||||
it "should return err if no user id can be found", (done)->
|
||||
@TokenGenerator.getUserIdFromToken.callsArgWith(1)
|
||||
@PasswordResetHandler.setNewUserPassowrd @token, @password, (err)=>
|
||||
@PasswordResetHandler.setNewUserPassword @token, @password, (err)=>
|
||||
err.should.exists
|
||||
@AuthenticationManager.setUserPassword.called.should.equal false
|
||||
done()
|
||||
|
@ -70,7 +70,7 @@ describe "PasswordResetHandler", ->
|
|||
it "should set the user password", (done)->
|
||||
@TokenGenerator.getUserIdFromToken.callsArgWith(1, null, @user_id)
|
||||
@AuthenticationManager.setUserPassword.callsArgWith(2)
|
||||
@PasswordResetHandler.setNewUserPassowrd @token, @password, (err)=>
|
||||
@PasswordResetHandler.setNewUserPassword @token, @password, (err)=>
|
||||
@AuthenticationManager.setUserPassword.calledWith(@user_id, @password).should.equal true
|
||||
done()
|
||||
|
||||
|
|
Loading…
Reference in a new issue