joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Validate username password type when logging in, and validate email when reseting password (#2679)

Browse Source 
* Validate username password type when logging in, and validate email when reset password

* Add test for validation
This commit is contained in:
BAm Wang
2016-09-10 00:24:33 +09:00
committed by Florent Vilmart
parent eb1cfcf351
commit 58a2ee32fa
2 changed files with 103 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

97
spec/ParseUser.spec.js
View File

@@ -74,6 +74,58 @@ describe('Parse.User testing', () => {
});
});
it('user login with non-string username with REST API', (done) => {
Parse.User.signUp('asdf', 'zxcv', null, {
success: () => {
return rp.post({
url: 'http://localhost:8378/1/login',
headers: {
'X-Parse-Application-Id': Parse.applicationId,
'X-Parse-REST-API-Key': 'rest',
},
json: {
_method: 'GET',
username: {'$regex':'^asd'},
password: 'zxcv',
}
}).then((res) => {
fail(`no request should succeed: ${JSON.stringify(res)}`);
done();
}).catch((err) => {
expect(err.statusCode).toBe(404);
expect(err.message).toMatch('{"code":101,"error":"Invalid username/password."}');
done();
});
},
});
});
it('user login with non-string username with REST API', (done) => {
Parse.User.signUp('asdf', 'zxcv', null, {
success: () => {
return rp.post({
url: 'http://localhost:8378/1/login',
headers: {
'X-Parse-Application-Id': Parse.applicationId,
'X-Parse-REST-API-Key': 'rest',
},
json: {
_method: 'GET',
username: 'asdf',
password: {'$regex':'^zx'},
}
}).then((res) => {
fail(`no request should succeed: ${JSON.stringify(res)}`);
done();
}).catch((err) => {
expect(err.statusCode).toBe(404);
expect(err.message).toMatch('{"code":101,"error":"Invalid username/password."}');
done();
});
},
});
});
it("user login", (done) => {
Parse.User.signUp("asdf", "zxcv", null, {
success: function(user) {
@@ -2465,6 +2517,51 @@ describe('Parse.User testing', () => {
});
});
it('should not send email when email is not a string', (done) => {
let emailCalled = false;
let emailOptions;
var emailAdapter = {
sendVerificationEmail: (options) => {
emailOptions = options;
emailCalled = true;
},
sendPasswordResetEmail: () => Promise.resolve(),
sendMail: () => Promise.resolve()
}
reconfigureServer({
appName: 'unused',
verifyUserEmails: true,
emailAdapter: emailAdapter,
publicServerURL: 'http://localhost:8378/1',
});
var user = new Parse.User();
user.set('username', 'asdf@jkl.com');
user.set('password', 'zxcv');
user.set('email', 'asdf@jkl.com');
user.signUp(null, {
success: (user) => {
return rp.post({
url: 'http://localhost:8378/1/requestPasswordReset',
headers: {
'X-Parse-Application-Id': Parse.applicationId,
'X-Parse-Session-Token': user.sessionToken,
'X-Parse-REST-API-Key': 'rest',
},
json: {
email: {"$regex":"^asd"},
}
}).then((res) => {
fail('no request should succeed: ' + JSON.stringify(res));
done();
}).catch((err) => {
expect(err.statusCode).toBe(400);
expect(err.message).toMatch('{"code":125,"error":"you must provide a valid email string"}');
done();
});
},
});
});
it('should aftersave with full object', (done) => {
var hit = 0;

6
src/Routers/UsersRouter.js
View File

@@ -79,6 +79,9 @@ export class UsersRouter extends ClassesRouter {
if (!req.body.password) {
throw new Parse.Error(Parse.Error.PASSWORD_MISSING, 'password is required.');
}
if (typeof req.body.username !== 'string' || typeof req.body.password !== 'string') {
throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Invalid username/password.');
}
let user;
let isValidPassword = false;
@@ -190,6 +193,9 @@ export class UsersRouter extends ClassesRouter {
if (!email) {
throw new Parse.Error(Parse.Error.EMAIL_MISSING, "you must provide an email");
}
if (typeof email !== 'string') {
throw new Parse.Error(Parse.Error.INVALID_EMAIL_ADDRESS, 'you must provide a valid email string');
}
let userController = req.config.userController;
return userController.sendPasswordResetEmail(email).then(token => {
return Promise.resolve({