-
-
Notifications
You must be signed in to change notification settings - Fork 4.8k
Ajax password reset #5332
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Ajax password reset #5332
Changes from 21 commits
Commits
Show all changes
22 commits
Select commit
Hold shift + click to select a range
3aefd64
Merge pull request #3 from parse-community/master
moonion 6481a5a
adapted public api route for use with ajax
2d50f20
Elegant error handling
b0e8f3d
Fixed error return
d2f3101
Public API error flow redone, tests
8e0e258
Fixed code to pre-build form
3c914df
Public API change password return params
3a7e0f7
Reverted errors in resetPassword
a9828cc
Fixed querystring call
062471f
Success test on ajax password reset
b5436fd
Added few more routes to tests for coverage
afdcb4f
More tests and redone error return slightly
f51db6c
Updated error text
0e86783
Console logs removal, renamed test, added {} to if
c0688b3
Wrong error sent
68ee2c4
Revert changes
a8cb050
Revert "Revert changes"
4bf3667
real revert of {}
6f82c0b
nits and test fix
dplewis 168e5ed
Merge remote-tracking branch 'upstream/master' into ajax-password-reset
dplewis 5342a18
fix tests
dplewis a8d9504
throw proper error
dplewis File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -913,6 +913,65 @@ describe('Password Policy: ', () => { | |
| }); | ||
| }); | ||
|
|
||
| it('Should return error when password violates Password Policy and reset through ajax', async done => { | ||
| const user = new Parse.User(); | ||
| const emailAdapter = { | ||
| sendVerificationEmail: () => Promise.resolve(), | ||
| sendPasswordResetEmail: async options => { | ||
| const response = await request({ | ||
| url: options.link, | ||
| followRedirects: false, | ||
| simple: false, | ||
| resolveWithFullResponse: true, | ||
| }); | ||
| expect(response.status).toEqual(302); | ||
| const re = /http:\/\/localhost:8378\/1\/apps\/choose_password\?token=([a-zA-Z0-9]+)\&id=test\&username=user1/; | ||
| const match = response.text.match(re); | ||
| if (!match) { | ||
| fail('should have a token'); | ||
| return; | ||
| } | ||
| const token = match[1]; | ||
|
|
||
| try { | ||
| await request({ | ||
| method: 'POST', | ||
| url: 'http://localhost:8378/1/apps/test/request_password_reset', | ||
| body: `new_password=xuser12&token=${token}&username=user1`, | ||
| headers: { | ||
| 'Content-Type': 'application/x-www-form-urlencoded', | ||
| 'X-Requested-With': 'XMLHttpRequest', | ||
| }, | ||
| followRedirects: false, | ||
| }); | ||
| } catch (error) { | ||
| expect(error.status).not.toBe(302); | ||
| expect(error.text).toEqual( | ||
| '{"code":-1,"error":"Password cannot contain your username."}' | ||
| ); | ||
| } | ||
| await Parse.User.logIn('user1', 'r@nd0m'); | ||
| done(); | ||
| }, | ||
| sendMail: () => {}, | ||
| }; | ||
| await reconfigureServer({ | ||
| appName: 'passwordPolicy', | ||
| verifyUserEmails: false, | ||
| emailAdapter: emailAdapter, | ||
| passwordPolicy: { | ||
| doNotAllowUsername: true, | ||
| }, | ||
| publicServerURL: 'http://localhost:8378/1', | ||
| }); | ||
| user.setUsername('user1'); | ||
| user.setPassword('r@nd0m'); | ||
| user.set('email', '[email protected]'); | ||
| await user.signUp(); | ||
|
|
||
| await Parse.User.requestPasswordReset('[email protected]'); | ||
| }); | ||
|
|
||
| it('should reset password even if the new password contains user name while the policy allows', done => { | ||
| const user = new Parse.User(); | ||
| const emailAdapter = { | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -910,6 +910,89 @@ describe('Custom Pages, Email Verification, Password Reset', () => { | |
| }); | ||
| }); | ||
|
|
||
| it('should programmatically reset password on ajax request', async done => { | ||
| const user = new Parse.User(); | ||
| const emailAdapter = { | ||
| sendVerificationEmail: () => Promise.resolve(), | ||
| sendPasswordResetEmail: async options => { | ||
| const response = await request({ | ||
| url: options.link, | ||
| followRedirects: false, | ||
| }); | ||
| expect(response.status).toEqual(302); | ||
| const re = /http:\/\/localhost:8378\/1\/apps\/choose_password\?token=([a-zA-Z0-9]+)\&id=test\&username=zxcv/; | ||
| const match = response.text.match(re); | ||
| if (!match) { | ||
| fail('should have a token'); | ||
| return; | ||
| } | ||
| const token = match[1]; | ||
|
|
||
| const resetResponse = await request({ | ||
| url: 'http://localhost:8378/1/apps/test/request_password_reset', | ||
| method: 'POST', | ||
| body: { new_password: 'hello', token, username: 'zxcv' }, | ||
| headers: { | ||
| 'Content-Type': 'application/x-www-form-urlencoded', | ||
| 'X-Requested-With': 'XMLHttpRequest', | ||
| }, | ||
| followRedirects: false, | ||
| }); | ||
| expect(resetResponse.status).toEqual(200); | ||
| expect(resetResponse.text).toEqual('"Password successfully reset"'); | ||
|
|
||
| await Parse.User.logIn('zxcv', 'hello'); | ||
| const config = Config.get('test'); | ||
| const results = await config.database.adapter.find( | ||
| '_User', | ||
| { fields: {} }, | ||
| { username: 'zxcv' }, | ||
| { limit: 1 } | ||
| ); | ||
| // _perishable_token should be unset after reset password | ||
| expect(results.length).toEqual(1); | ||
| expect(results[0]['_perishable_token']).toEqual(undefined); | ||
| done(); | ||
| }, | ||
| sendMail: () => {}, | ||
| }; | ||
| await reconfigureServer({ | ||
| appName: 'emailing app', | ||
| verifyUserEmails: true, | ||
| emailAdapter: emailAdapter, | ||
| publicServerURL: 'http://localhost:8378/1', | ||
| }); | ||
| user.setPassword('asdf'); | ||
| user.setUsername('zxcv'); | ||
| user.set('email', '[email protected]'); | ||
| await user.signUp(); | ||
| await Parse.User.requestPasswordReset('[email protected]'); | ||
| }); | ||
|
|
||
| it('should return ajax failure error on ajax request with wrong data provided', async () => { | ||
| await reconfigureServer({ | ||
| publicServerURL: 'http://localhost:8378/1', | ||
| }); | ||
|
|
||
| try { | ||
| await request({ | ||
| method: 'POST', | ||
| url: 'http://localhost:8378/1/apps/test/request_password_reset', | ||
| body: `new_password=user1&token=12345&username=Johnny`, | ||
| headers: { | ||
| 'Content-Type': 'application/x-www-form-urlencoded', | ||
| 'X-Requested-With': 'XMLHttpRequest', | ||
| }, | ||
| followRedirects: false, | ||
| }); | ||
| } catch (error) { | ||
| expect(error.status).not.toBe(302); | ||
| expect(error.text).toEqual( | ||
| '{"code":-1,"error":"Failed to reset password (Username/email or token is invalid)"}' | ||
| ); | ||
| } | ||
| }); | ||
|
|
||
| it('deletes password reset token on email address change', done => { | ||
| reconfigureServer({ | ||
| appName: 'coolapp', | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why would we be in a catch and have no error? that seems bad.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I had the same feeling. I could back track and see what the underlying cause is.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yeah, we shouldn't throw without a message.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just committed a fix