github/overleaf
1
0
Fork 0
mirror of https://github.com/overleaf/overleaf.git synced 2025-04-27 09:44:06 +00:00
Code Issues Projects Releases Packages Wiki Activity

Don't allow password resets for holding accounts

Browse source
This commit is contained in:
James Allen 2015-04-14 13:11:49 +01:00
parent 33f56b71a2
commit 893ff85521
2 changed files with 8 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
services/web/app/coffee/Features/PasswordReset/PasswordResetHandler.coffee
View file

@ -11,7 +11,7 @@ module.exports =
generateAndEmailResetToken:(email, callback = (error, exists) ->)->
UserGetter.getUser email:email, (err, user)->
if err then return callback(err)
if !user?
if !user? or user.holdingAccount
logger.err email:email, "user could not be found for password reset"
return callback(null, false)
PasswordResetTokenHandler.getNewToken user._id, (err, token)->

7
services/web/test/UnitTests/coffee/PasswordReset/PasswordResetHandlerTests.coffee
View file

@ -60,6 +60,13 @@ describe "PasswordResetHandler", ->
args[1].setNewPasswordUrl.should.equal "#{@settings.siteUrl}/user/password/set?passwordResetToken=#{@token}"
done()
it "should return exists = false for a holdingAccount", (done) ->
@user.holdingAccount = true
@UserGetter.getUser.callsArgWith(1, null, @user)
@PasswordResetTokenHandler.getNewToken.callsArgWith(1)
@PasswordResetHandler.generateAndEmailResetToken @user.email, (err, exists)=>
exists.should.equal false
done()
describe "setNewUserPassword", ->