joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sends 404 when parseServerURL is not set on public pages

Browse Source 
- throws when verifyEmail = true && publicServerURL not set
This commit is contained in:
Florent Vilmart
2016-02-29 20:51:13 -05:00
parent 6aa38ea8ca
commit 28d1a8afe4
8 changed files with 186 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
spec/PublicAPI.spec.js
View File

@@ -1,9 +1,23 @@
var request = require('request'); var request = require('request');
describe("public API", () => { describe("public API", () => {
beforeEach(done => {
setServerConfiguration({
serverURL: 'http://localhost:8378/1',
appId: 'test',
appName: 'unused',
javascriptKey: 'test',
dotNetKey: 'windows',
clientKey: 'client',
restAPIKey: 'rest',
masterKey: 'test',
collectionPrefix: 'test_',
fileKey: 'test',
publicServerURL: 'http://localhost:8378/1'
});
done();
})
it("should get invalid_link.html", (done) => { it("should get invalid_link.html", (done) => {
request('http://localhost:8378/1/apps/invalid_link.html', (err, httpResponse, body) => { request('http://localhost:8378/1/apps/invalid_link.html', (err, httpResponse, body) => {
expect(httpResponse.statusCode).toBe(200); expect(httpResponse.statusCode).toBe(200);
@@ -31,6 +45,42 @@ describe("public API", () => {
done(); done();
}); });
}); });
});
describe("public API without publicServerURL", () => {
beforeEach(done => {
setServerConfiguration({
serverURL: 'http://localhost:8378/1',
appId: 'test',
appName: 'unused',
javascriptKey: 'test',
dotNetKey: 'windows',
clientKey: 'client',
restAPIKey: 'rest',
masterKey: 'test',
collectionPrefix: 'test_',
fileKey: 'test',
});
done();
})
it("should get 404 on verify_email", (done) => {
request('http://localhost:8378/1/apps/test/verify_email', (err, httpResponse, body) => {
expect(httpResponse.statusCode).toBe(404);
done();
});
});
it("should get 404 choose_password", (done) => {
request('http://localhost:8378/1/apps/choose_password?id=test', (err, httpResponse, body) => {
expect(httpResponse.statusCode).toBe(404);
done();
});
});
}) it("should get 404 on request_password_reset", (done) => {
request('http://localhost:8378/1/apps/test/request_password_reset', (err, httpResponse, body) => {
expect(httpResponse.statusCode).toBe(404);
done();
});
});
});

66
spec/ValidationAndPasswordsReset.spec.js
View File

@@ -56,6 +56,7 @@ describe("Email Verification", () => {
fileKey: 'test', fileKey: 'test',
verifyUserEmails: true, verifyUserEmails: true,
emailAdapter: emailAdapter, emailAdapter: emailAdapter,
publicServerURL: "http://localhost:8378/1"
}); });
spyOn(emailAdapter, 'sendVerificationEmail'); spyOn(emailAdapter, 'sendVerificationEmail');
var user = new Parse.User(); var user = new Parse.User();
@@ -97,6 +98,7 @@ describe("Email Verification", () => {
fileKey: 'test', fileKey: 'test',
verifyUserEmails: true, verifyUserEmails: true,
emailAdapter: emailAdapter, emailAdapter: emailAdapter,
publicServerURL: "http://localhost:8378/1"
}); });
spyOn(emailAdapter, 'sendVerificationEmail'); spyOn(emailAdapter, 'sendVerificationEmail');
var user = new Parse.User(); var user = new Parse.User();
@@ -137,6 +139,7 @@ describe("Email Verification", () => {
fileKey: 'test', fileKey: 'test',
verifyUserEmails: true, verifyUserEmails: true,
emailAdapter: emailAdapter, emailAdapter: emailAdapter,
publicServerURL: "http://localhost:8378/1"
}); });
spyOn(emailAdapter, 'sendVerificationEmail'); spyOn(emailAdapter, 'sendVerificationEmail');
var user = new Parse.User(); var user = new Parse.User();
@@ -196,6 +199,7 @@ describe("Email Verification", () => {
fileKey: 'test', fileKey: 'test',
verifyUserEmails: true, verifyUserEmails: true,
emailAdapter: emailAdapter, emailAdapter: emailAdapter,
publicServerURL: "http://localhost:8378/1"
}); });
var user = new Parse.User(); var user = new Parse.User();
user.setPassword("asdf"); user.setPassword("asdf");
@@ -284,6 +288,7 @@ describe("Email Verification", () => {
fileKey: 'test', fileKey: 'test',
verifyUserEmails: true, verifyUserEmails: true,
emailAdapter: emailAdapter, emailAdapter: emailAdapter,
publicServerURL: "http://localhost:8378/1"
}); });
var user = new Parse.User(); var user = new Parse.User();
user.setPassword("asdf"); user.setPassword("asdf");
@@ -334,6 +339,7 @@ describe("Email Verification", () => {
fileKey: 'test', fileKey: 'test',
verifyUserEmails: true, verifyUserEmails: true,
emailAdapter: emailAdapter, emailAdapter: emailAdapter,
publicServerURL: "http://localhost:8378/1"
}); });
user.setPassword("asdf"); user.setPassword("asdf");
user.setUsername("zxcv"); user.setUsername("zxcv");
@@ -342,6 +348,25 @@ describe("Email Verification", () => {
}); });
it('redirects you to invalid link if you try to verify email incorrecly', done => { it('redirects you to invalid link if you try to verify email incorrecly', done => {
setServerConfiguration({
serverURL: 'http://localhost:8378/1',
appId: 'test',
appName: 'emailing app',
javascriptKey: 'test',
dotNetKey: 'windows',
clientKey: 'client',
restAPIKey: 'rest',
masterKey: 'test',
collectionPrefix: 'test_',
fileKey: 'test',
verifyUserEmails: true,
emailAdapter: {
sendVerificationEmail: () => Promise.resolve(),
sendPasswordResetEmail: () => Promise.resolve(),
sendMail: () => {}
},
publicServerURL: "http://localhost:8378/1"
});
request.get('http://localhost:8378/1/apps/test/verify_email', { request.get('http://localhost:8378/1/apps/test/verify_email', {
followRedirect: false, followRedirect: false,
}, (error, response, body) => { }, (error, response, body) => {
@@ -352,6 +377,25 @@ describe("Email Verification", () => {
}); });
it('redirects you to invalid link if you try to validate a nonexistant users email', done => { it('redirects you to invalid link if you try to validate a nonexistant users email', done => {
setServerConfiguration({
serverURL: 'http://localhost:8378/1',
appId: 'test',
appName: 'emailing app',
javascriptKey: 'test',
dotNetKey: 'windows',
clientKey: 'client',
restAPIKey: 'rest',
masterKey: 'test',
collectionPrefix: 'test_',
fileKey: 'test',
verifyUserEmails: true,
emailAdapter: {
sendVerificationEmail: () => Promise.resolve(),
sendPasswordResetEmail: () => Promise.resolve(),
sendMail: () => {}
},
publicServerURL: "http://localhost:8378/1"
});
request.get('http://localhost:8378/1/apps/test/verify_email?token=asdfasdf&username=sadfasga', { request.get('http://localhost:8378/1/apps/test/verify_email?token=asdfasdf&username=sadfasga', {
followRedirect: false, followRedirect: false,
}, (error, response, body) => { }, (error, response, body) => {
@@ -393,6 +437,7 @@ describe("Email Verification", () => {
fileKey: 'test', fileKey: 'test',
verifyUserEmails: true, verifyUserEmails: true,
emailAdapter: emailAdapter, emailAdapter: emailAdapter,
publicServerURL: "http://localhost:8378/1"
}); });
user.setPassword("asdf"); user.setPassword("asdf");
user.setUsername("zxcv"); user.setUsername("zxcv");
@@ -443,6 +488,7 @@ describe("Password Reset", () => {
fileKey: 'test', fileKey: 'test',
verifyUserEmails: true, verifyUserEmails: true,
emailAdapter: emailAdapter, emailAdapter: emailAdapter,
publicServerURL: "http://localhost:8378/1"
}); });
user.setPassword("asdf"); user.setPassword("asdf");
user.setUsername("zxcv"); user.setUsername("zxcv");
@@ -459,6 +505,25 @@ describe("Password Reset", () => {
}); });
it('redirects you to invalid link if you try to request password for a nonexistant users email', done => { it('redirects you to invalid link if you try to request password for a nonexistant users email', done => {
setServerConfiguration({
serverURL: 'http://localhost:8378/1',
appId: 'test',
appName: 'emailing app',
javascriptKey: 'test',
dotNetKey: 'windows',
clientKey: 'client',
restAPIKey: 'rest',
masterKey: 'test',
collectionPrefix: 'test_',
fileKey: 'test',
verifyUserEmails: true,
emailAdapter: {
sendVerificationEmail: () => Promise.resolve(),
sendPasswordResetEmail: () => Promise.resolve(),
sendMail: () => {}
},
publicServerURL: "http://localhost:8378/1"
});
request.get('http://localhost:8378/1/apps/test/request_password_reset?token=asdfasdf&username=sadfasga', { request.get('http://localhost:8378/1/apps/test/request_password_reset?token=asdfasdf&username=sadfasga', {
followRedirect: false, followRedirect: false,
}, (error, response, body) => { }, (error, response, body) => {
@@ -533,6 +598,7 @@ describe("Password Reset", () => {
fileKey: 'test', fileKey: 'test',
verifyUserEmails: true, verifyUserEmails: true,
emailAdapter: emailAdapter, emailAdapter: emailAdapter,
publicServerURL: "http://localhost:8378/1"
}); });
user.setPassword("asdf"); user.setPassword("asdf");
user.setUsername("zxcv"); user.setUsername("zxcv");

1
spec/helper.js
View File

@@ -250,3 +250,4 @@ global.arrayContains = arrayContains;
global.jequal = jequal; global.jequal = jequal;
global.range = range; global.range = range;
global.setServerConfiguration = setServerConfiguration; global.setServerConfiguration = setServerConfiguration;
global.defaultConfiguration = defaultConfiguration;

5
spec/index.spec.js
View File

@@ -56,6 +56,7 @@ describe('server', () => {
apiKey: 'k', apiKey: 'k',
domain: 'd', domain: 'd',
}), }),
publicServerURL: 'http://localhost:8378/1'
}); });
done(); done();
}); });
@@ -80,6 +81,7 @@ describe('server', () => {
domain: 'd', domain: 'd',
} }
}, },
publicServerURL: 'http://localhost:8378/1'
}); });
done(); done();
}); });
@@ -104,6 +106,7 @@ describe('server', () => {
domain: 'd', domain: 'd',
} }
}, },
publicServerURL: 'http://localhost:8378/1'
}); });
done(); done();
}); });
@@ -122,6 +125,7 @@ describe('server', () => {
fileKey: 'test', fileKey: 'test',
verifyUserEmails: true, verifyUserEmails: true,
emailAdapter: './Email/SimpleMailgunAdapter', emailAdapter: './Email/SimpleMailgunAdapter',
publicServerURL: 'http://localhost:8378/1'
})).toThrow('SimpleMailgunAdapter requires an API Key and domain.'); })).toThrow('SimpleMailgunAdapter requires an API Key and domain.');
done(); done();
}); });
@@ -145,6 +149,7 @@ describe('server', () => {
domain: 'd', domain: 'd',
} }
}, },
publicServerURL: 'http://localhost:8378/1'
})).toThrow('SimpleMailgunAdapter requires an API Key and domain.'); })).toThrow('SimpleMailgunAdapter requires an API Key and domain.');
done(); done();
}); });

28
src/Config.js
View File

@@ -50,44 +50,34 @@ export class Config {
if (typeof appName !== 'string') { if (typeof appName !== 'string') {
throw 'An app name is required when using email verification.'; throw 'An app name is required when using email verification.';
} }
if (!process.env.TESTING && typeof publicServerURL !== 'string') { if (typeof publicServerURL !== 'string') {
if (process.env.NODE_ENV === 'production') { throw 'A public server url is required when using email verification.';
throw 'A public server url is required when using email verification.';
} else {
console.warn("");
console.warn("You should set publicServerURL to serve the public pages");
console.warn("");
}
} }
} }
} }
get linksServerURL() {
return this.publicServerURL || this.serverURL;
}
get invalidLinkURL() { get invalidLinkURL() {
return this.customPages.invalidLink || `${this.linksServerURL}/apps/invalid_link.html`; return this.customPages.invalidLink || `${this.publicServerURL}/apps/invalid_link.html`;
} }
get verifyEmailSuccessURL() { get verifyEmailSuccessURL() {
return this.customPages.verifyEmailSuccess || `${this.linksServerURL}/apps/verify_email_success.html`; return this.customPages.verifyEmailSuccess || `${this.publicServerURL}/apps/verify_email_success.html`;
} }
get choosePasswordURL() { get choosePasswordURL() {
return this.customPages.choosePassword || `${this.linksServerURL}/apps/choose_password`; return this.customPages.choosePassword || `${this.publicServerURL}/apps/choose_password`;
} }
get requestResetPasswordURL() { get requestResetPasswordURL() {
return `${this.linksServerURL}/apps/${this.applicationId}/request_password_reset`; return `${this.publicServerURL}/apps/${this.applicationId}/request_password_reset`;
} }
get passwordResetSuccessURL() { get passwordResetSuccessURL() {
return this.customPages.passwordResetSuccess || `${this.linksServerURL}/apps/password_reset_success.html`; return this.customPages.passwordResetSuccess || `${this.publicServerURL}/apps/password_reset_success.html`;
} }
get verifyEmailURL() { get verifyEmailURL() {
return `${this.linksServerURL}/apps/${this.applicationId}/verify_email`; return `${this.publicServerURL}/apps/${this.applicationId}/verify_email`;
} }
}; };

66
src/Routers/PublicAPIRouter.js
View File

@@ -11,10 +11,13 @@ let views = path.resolve(__dirname, '../../views');
export class PublicAPIRouter extends PromiseRouter { export class PublicAPIRouter extends PromiseRouter {
verifyEmail(req) { verifyEmail(req) {
var token = req.query.token; let { token, username }= req.query;
var username = req.query.username; let appId = req.params.appId;
var appId = req.params.appId; let config = new Config(appId);
var config = new Config(appId);
if (!config.publicServerURL) {
return this.missingPublicServerURL();
}
if (!token || !username) { if (!token || !username) {
return this.invalidLink(req); return this.invalidLink(req);
@@ -33,9 +36,9 @@ export class PublicAPIRouter extends PromiseRouter {
changePassword(req) { changePassword(req) {
return new Promise((resolve, reject) => { return new Promise((resolve, reject) => {
var config = new Config(req.query.id); let config = new Config(req.query.id);
if (!config.serverURL) { if (!config.publicServerURL) {
return Promise.resolve({ return resolve({
status: 404, status: 404,
text: 'Not found.' text: 'Not found.'
}); });
@@ -45,7 +48,7 @@ export class PublicAPIRouter extends PromiseRouter {
if (err) { if (err) {
return reject(err); return reject(err);
} }
data = data.replace("PARSE_SERVER_URL", `'${config.serverURL}'`); data = data.replace("PARSE_SERVER_URL", `'${config.publicServerURL}'`);
resolve({ resolve({
text: data text: data
}) })
@@ -55,13 +58,18 @@ export class PublicAPIRouter extends PromiseRouter {
requestResetPassword(req) { requestResetPassword(req) {
var { username, token } = req.query; let config = req.config;
if (!config.publicServerURL) {
return this.missingPublicServerURL();
}
let { username, token } = req.query;
if (!username || !token) { if (!username || !token) {
return this.invalidLink(req); return this.invalidLink(req);
} }
let config = req.config;
return config.userController.checkResetTokenValidity(username, token).then( (user) => { return config.userController.checkResetTokenValidity(username, token).then( (user) => {
return Promise.resolve({ return Promise.resolve({
status: 302, status: 302,
@@ -73,7 +81,14 @@ export class PublicAPIRouter extends PromiseRouter {
} }
resetPassword(req) { resetPassword(req) {
var {
let config = req.config;
if (!config.publicServerURL) {
return this.missingPublicServerURL();
}
let {
username, username,
token, token,
new_password new_password
@@ -83,14 +98,12 @@ export class PublicAPIRouter extends PromiseRouter {
return this.invalidLink(req); return this.invalidLink(req);
} }
let config = req.config;
return config.userController.updatePassword(username, token, new_password).then((result) => { return config.userController.updatePassword(username, token, new_password).then((result) => {
return Promise.resolve({ return Promise.resolve({
status: 302, status: 302,
location: config.passwordResetSuccessURL location: config.passwordResetSuccessURL
}); });
}, (err) => { }, (err) => {
console.error(err);
return Promise.resolve({ return Promise.resolve({
status: 302, status: 302,
location: `${config.choosePasswordURL}?token=${token}&id=${config.applicationId}&username=${username}&error=${err}&app=${config.appName}` location: `${config.choosePasswordURL}?token=${token}&id=${config.applicationId}&username=${username}&error=${err}&app=${config.appName}`
@@ -106,20 +119,37 @@ export class PublicAPIRouter extends PromiseRouter {
}); });
} }
missingPublicServerURL() {
return Promise.resolve({
text: 'Not found.',
status: 404
});
}
setConfig(req) { setConfig(req) {
req.config = new Config(req.params.appId); req.config = new Config(req.params.appId);
return Promise.resolve(); return Promise.resolve();
} }
mountRoutes() { mountRoutes() {
this.route('GET','/apps/:appId/verify_email', this.setConfig, req => { return this.verifyEmail(req); }); this.route('GET','/apps/:appId/verify_email',
this.route('GET','/apps/choose_password', req => { return this.changePassword(req); }); req => { this.setConfig(req) },
this.route('POST','/apps/:appId/request_password_reset', this.setConfig, req => { return this.resetPassword(req); }); req => { return this.verifyEmail(req); });
this.route('GET','/apps/:appId/request_password_reset', this.setConfig, req => { return this.requestResetPassword(req); });
this.route('GET','/apps/choose_password',
req => { return this.changePassword(req); });
this.route('POST','/apps/:appId/request_password_reset',
req => { this.setConfig(req) },
req => { return this.resetPassword(req); });
this.route('GET','/apps/:appId/request_password_reset',
req => { this.setConfig(req) },
req => { return this.requestResetPassword(req); });
} }
expressApp() { expressApp() {
var router = express(); let router = express();
router.use("/apps", express.static(public_html)); router.use("/apps", express.static(public_html));
router.use("/", super.expressApp()); router.use("/", super.expressApp());
return router; return router;

2
src/index.js
View File

@@ -182,7 +182,7 @@ function ParseServer({
maxUploadSize: maxUploadSize maxUploadSize: maxUploadSize
})); }));
api.use('/', bodyParser.urlencoded({extended: false}), new PublicAPIRouter().expressApp()); api.use('/', bodyParser.urlencoded({extended: false}), new PublicAPIRouter().expressApp());
// TODO: separate this from the regular ParseServer object // TODO: separate this from the regular ParseServer object
if (process.env.TESTING == 1) { if (process.env.TESTING == 1) {

3
src/middlewares.js
View File

@@ -174,6 +174,9 @@ var handleParseErrors = function(err, req, res, next) {
res.status(httpStatus); res.status(httpStatus);
res.json({code: err.code, error: err.message}); res.json({code: err.code, error: err.message});
} else if (err.status && err.message) {
res.status(err.status);
res.json({error: err.message});
} else { } else {
console.log('Uncaught internal server error.', err, err.stack); console.log('Uncaught internal server error.', err, err.stack);
res.status(500); res.status(500);