mirror of
https://github.com/overleaf/overleaf.git
synced 2025-04-05 11:40:02 +00:00
Don't allow password resets for holding accounts
This commit is contained in:
parent
33f56b71a2
commit
893ff85521
2 changed files with 8 additions and 1 deletions
|
@ -11,7 +11,7 @@ module.exports =
|
|||
generateAndEmailResetToken:(email, callback = (error, exists) ->)->
|
||||
UserGetter.getUser email:email, (err, user)->
|
||||
if err then return callback(err)
|
||||
if !user?
|
||||
if !user? or user.holdingAccount
|
||||
logger.err email:email, "user could not be found for password reset"
|
||||
return callback(null, false)
|
||||
PasswordResetTokenHandler.getNewToken user._id, (err, token)->
|
||||
|
|
|
@ -60,6 +60,13 @@ describe "PasswordResetHandler", ->
|
|||
args[1].setNewPasswordUrl.should.equal "#{@settings.siteUrl}/user/password/set?passwordResetToken=#{@token}"
|
||||
done()
|
||||
|
||||
it "should return exists = false for a holdingAccount", (done) ->
|
||||
@user.holdingAccount = true
|
||||
@UserGetter.getUser.callsArgWith(1, null, @user)
|
||||
@PasswordResetTokenHandler.getNewToken.callsArgWith(1)
|
||||
@PasswordResetHandler.generateAndEmailResetToken @user.email, (err, exists)=>
|
||||
exists.should.equal false
|
||||
done()
|
||||
|
||||
describe "setNewUserPassword", ->
|
||||
|
||||
|
|
Loading…
Reference in a new issue