mirror of
https://github.com/overleaf/overleaf.git
synced 2024-09-16 02:52:31 -04:00
Show password reset expired message rather than server error if that's what has happened
This commit is contained in:
parent
7258fadd17
commit
accd8207b2
4 changed files with 24 additions and 21 deletions
|
@ -34,9 +34,10 @@ module.exports =
|
||||||
setNewUserPassword: (req, res)->
|
setNewUserPassword: (req, res)->
|
||||||
{passwordResetToken, password} = req.body
|
{passwordResetToken, password} = req.body
|
||||||
if !password? or password.length == 0 or !passwordResetToken? or passwordResetToken.length == 0
|
if !password? or password.length == 0 or !passwordResetToken? or passwordResetToken.length == 0
|
||||||
return res.send 500
|
return res.send 400
|
||||||
PasswordResetHandler.setNewUserPassword passwordResetToken?.trim(), password?.trim(), (err)->
|
PasswordResetHandler.setNewUserPassword passwordResetToken?.trim(), password?.trim(), (err, found) ->
|
||||||
if err?
|
return next(err) if err?
|
||||||
res.send 500
|
if found
|
||||||
else
|
|
||||||
res.send 200
|
res.send 200
|
||||||
|
else
|
||||||
|
res.send 404, {message: req.i18n.translate("password_reset_token_expired")}
|
|
@ -23,10 +23,11 @@ module.exports =
|
||||||
return callback(error) if error?
|
return callback(error) if error?
|
||||||
callback null, true
|
callback null, true
|
||||||
|
|
||||||
setNewUserPassword: (token, password, callback)->
|
setNewUserPassword: (token, password, callback = (error, found) ->)->
|
||||||
PasswordResetTokenHandler.getUserIdFromTokenAndExpire token, (err, user_id)->
|
PasswordResetTokenHandler.getUserIdFromTokenAndExpire token, (err, user_id)->
|
||||||
if err then return callback(err)
|
if err then return callback(err)
|
||||||
if !user_id?
|
if !user_id?
|
||||||
logger.err user_id:user_id, "token for password reset did not find user_id"
|
return callback null, false
|
||||||
return callback("no user found")
|
AuthenticationManager.setUserPassword user_id, password, (err) ->
|
||||||
AuthenticationManager.setUserPassword user_id, password, callback
|
if err then return callback(err)
|
||||||
|
callback null, true
|
|
@ -87,34 +87,34 @@ describe "PasswordResetController", ->
|
||||||
describe "setNewUserPassword", ->
|
describe "setNewUserPassword", ->
|
||||||
|
|
||||||
it "should tell the user handler to reset the password", (done)->
|
it "should tell the user handler to reset the password", (done)->
|
||||||
@PasswordResetHandler.setNewUserPassword.callsArgWith(2)
|
@PasswordResetHandler.setNewUserPassword.callsArgWith(2, null, true)
|
||||||
@res.send = (code)=>
|
@res.send = (code)=>
|
||||||
code.should.equal 200
|
code.should.equal 200
|
||||||
@PasswordResetHandler.setNewUserPassword.calledWith(@token, @password).should.equal true
|
@PasswordResetHandler.setNewUserPassword.calledWith(@token, @password).should.equal true
|
||||||
done()
|
done()
|
||||||
@PasswordResetController.setNewUserPassword @req, @res
|
@PasswordResetController.setNewUserPassword @req, @res
|
||||||
|
|
||||||
it "should send a 500 if there is an error", (done)->
|
it "should send 404 if the token didn't work", (done)->
|
||||||
@PasswordResetHandler.setNewUserPassword.callsArgWith(2, "error")
|
@PasswordResetHandler.setNewUserPassword.callsArgWith(2, null, false)
|
||||||
@res.send = (code)=>
|
@res.send = (code)=>
|
||||||
code.should.equal 500
|
code.should.equal 404
|
||||||
done()
|
done()
|
||||||
@PasswordResetController.setNewUserPassword @req, @res
|
@PasswordResetController.setNewUserPassword @req, @res
|
||||||
|
|
||||||
it "should error if there is no password", (done)->
|
it "should return 400 (Bad Request) if there is no password", (done)->
|
||||||
@req.body.password = ""
|
@req.body.password = ""
|
||||||
@PasswordResetHandler.setNewUserPassword.callsArgWith(2)
|
@PasswordResetHandler.setNewUserPassword.callsArgWith(2)
|
||||||
@res.send = (code)=>
|
@res.send = (code)=>
|
||||||
code.should.equal 500
|
code.should.equal 400
|
||||||
@PasswordResetHandler.setNewUserPassword.called.should.equal false
|
@PasswordResetHandler.setNewUserPassword.called.should.equal false
|
||||||
done()
|
done()
|
||||||
@PasswordResetController.setNewUserPassword @req, @res
|
@PasswordResetController.setNewUserPassword @req, @res
|
||||||
|
|
||||||
it "should error if there is no password", (done)->
|
it "should return 400 (Bad Request) if there is no passwordResetToken", (done)->
|
||||||
@req.body.passwordResetToken = ""
|
@req.body.passwordResetToken = ""
|
||||||
@PasswordResetHandler.setNewUserPassword.callsArgWith(2)
|
@PasswordResetHandler.setNewUserPassword.callsArgWith(2)
|
||||||
@res.send = (code)=>
|
@res.send = (code)=>
|
||||||
code.should.equal 500
|
code.should.equal 400
|
||||||
@PasswordResetHandler.setNewUserPassword.called.should.equal false
|
@PasswordResetHandler.setNewUserPassword.called.should.equal false
|
||||||
done()
|
done()
|
||||||
@PasswordResetController.setNewUserPassword @req, @res
|
@PasswordResetController.setNewUserPassword @req, @res
|
||||||
|
|
|
@ -63,17 +63,18 @@ describe "PasswordResetHandler", ->
|
||||||
|
|
||||||
describe "setNewUserPassword", ->
|
describe "setNewUserPassword", ->
|
||||||
|
|
||||||
it "should return err if no user id can be found", (done)->
|
it "should return false if no user id can be found", (done)->
|
||||||
@PasswordResetTokenHandler.getUserIdFromTokenAndExpire.callsArgWith(1)
|
@PasswordResetTokenHandler.getUserIdFromTokenAndExpire.callsArgWith(1)
|
||||||
@PasswordResetHandler.setNewUserPassword @token, @password, (err)=>
|
@PasswordResetHandler.setNewUserPassword @token, @password, (err, found) =>
|
||||||
err.should.exists
|
found.should.equal false
|
||||||
@AuthenticationManager.setUserPassword.called.should.equal false
|
@AuthenticationManager.setUserPassword.called.should.equal false
|
||||||
done()
|
done()
|
||||||
|
|
||||||
it "should set the user password", (done)->
|
it "should set the user password", (done)->
|
||||||
@PasswordResetTokenHandler.getUserIdFromTokenAndExpire.callsArgWith(1, null, @user_id)
|
@PasswordResetTokenHandler.getUserIdFromTokenAndExpire.callsArgWith(1, null, @user_id)
|
||||||
@AuthenticationManager.setUserPassword.callsArgWith(2)
|
@AuthenticationManager.setUserPassword.callsArgWith(2)
|
||||||
@PasswordResetHandler.setNewUserPassword @token, @password, (err)=>
|
@PasswordResetHandler.setNewUserPassword @token, @password, (err, found) =>
|
||||||
|
found.should.equal true
|
||||||
@AuthenticationManager.setUserPassword.calledWith(@user_id, @password).should.equal true
|
@AuthenticationManager.setUserPassword.calledWith(@user_id, @password).should.equal true
|
||||||
done()
|
done()
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue