github/overleaf
1
0
Fork 0
mirror of https://github.com/overleaf/overleaf.git synced 2024-11-21 20:47:08 -05:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #5366 from overleaf/jk-move-password-reset-audit-log

Browse source 
[web] audit password reset before taking action

GitOrigin-RevId: 672f712658b4669a5a750dbc6f97d24ce35c332d
This commit is contained in:
June Kelly 2021-10-20 09:44:52 +01:00 committed by Copybot
parent c95ad5573f
commit 7292cfbd02
3 changed files with 8 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
services/web/app/src/Features/PasswordReset/PasswordResetHandler.js
View file

@ -93,11 +93,6 @@ async function setNewUserPassword(token, password, auditLog) {
} }
} }
const reset = await AuthenticationManager.promises.setUserPassword(
user,
password
)
await UserAuditLogHandler.promises.addEntry( await UserAuditLogHandler.promises.addEntry(
user._id, user._id,
'reset-password', 'reset-password',
@ -105,6 +100,11 @@ async function setNewUserPassword(token, password, auditLog) {
auditLog.ip auditLog.ip
) )
const reset = await AuthenticationManager.promises.setUserPassword(
user,
password
)
return { found: true, reset, userId: user._id } return { found: true, reset, userId: user._id }
} }

4
services/web/test/acceptance/src/PasswordResetTests.js
View file

@ -175,7 +175,7 @@ describe('PasswordReset', function () {
expect(auditLog).to.deep.equal([]) expect(auditLog).to.deep.equal([])
}) })
it('without a valid password should return 400 and not log the change', async function () { it('without a valid password should return 400 and log the change', async function () {
// send reset request // send reset request
response = await userHelper.request.post('/user/password/set', { response = await userHelper.request.post('/user/password/set', {
form: { form: {
@ -188,7 +188,7 @@ describe('PasswordReset', function () {
userHelper = await UserHelper.getUser({ email }) userHelper = await UserHelper.getUser({ email })
const auditLog = userHelper.getAuditLogWithoutNoise() const auditLog = userHelper.getAuditLogWithoutNoise()
expect(auditLog).to.deep.equal([]) expect(auditLog.length).to.equal(1)
}) })
}) })
}) })

2
services/web/test/unit/src/PasswordReset/PasswordResetHandlerTests.js
View file

@ -356,7 +356,7 @@ describe('PasswordResetHandler', function () {
this.UserAuditLogHandler.promises.addEntry.callCount this.UserAuditLogHandler.promises.addEntry.callCount
).to.equal(1) ).to.equal(1)
expect(this.AuthenticationManager.promises.setUserPassword).to expect(this.AuthenticationManager.promises.setUserPassword).to
.have.been.called .not.have.been.called
done() done()
} }
) )