diff --git a/README.md b/README.md index 188e8d06..ecc41bb7 100644 --- a/README.md +++ b/README.md @@ -216,6 +216,7 @@ The client keys used with Parse are no longer necessary with Parse Server. If yo * `revokeSessionOnPasswordReset` - When a user changes their password, either through the reset password email or while logged in, all sessions are revoked if this is true. Set to false if you don't want to revoke sessions. * `accountLockout` - Lock account when a malicious user is attempting to determine an account password by trial and error. * `passwordPolicy` - Optional password policy rules to enforce. +* `customPages` - A hash with urls to override email verification links, password reset links and specify frame url for masking user-facing pages. Available keys: `parseFrameURL`, `invalidLink`, `choosePassword`, `passwordResetSuccess`, `verifyEmailSuccess`. ##### Logging diff --git a/spec/UserController.spec.js b/spec/UserController.spec.js new file mode 100644 index 00000000..498f70b6 --- /dev/null +++ b/spec/UserController.spec.js @@ -0,0 +1,59 @@ +var UserController = require('../src/Controllers/UserController').UserController; +var emailAdapter = require('./MockEmailAdapter') +var AppCache = require('../src/cache').AppCache; + +describe('UserController', () => { + var user = { + _email_verify_token: 'testToken', + username: 'testUser', + email: 'test@example.com' + } + + describe('sendVerificationEmail', () => { + describe('parseFrameURL not provided', () => { + it('uses publicServerURL', (done) => { + + AppCache.put(defaultConfiguration.appId, Object.assign({}, defaultConfiguration, { + publicServerURL: 'http://www.example.com', + customPages: { + parseFrameURL: undefined + } + })) + + emailAdapter.sendVerificationEmail = (options) => { + expect(options.link).toEqual('http://www.example.com/apps/test/verify_email?token=testToken&username=testUser') + done() + } + + var userController = new UserController(emailAdapter, 'test', { + verifyUserEmails: true + }) + + userController.sendVerificationEmail(user) + }) + }) + + describe('parseFrameURL provided', () => { + it('uses parseFrameURL and includes the destination in the link parameter', (done) => { + + AppCache.put(defaultConfiguration.appId, Object.assign({}, defaultConfiguration, { + publicServerURL: 'http://www.example.com', + customPages: { + parseFrameURL: 'http://someother.example.com/handle-parse-iframe' + } + })) + + emailAdapter.sendVerificationEmail = (options) => { + expect(options.link).toEqual('http://someother.example.com/handle-parse-iframe?link=%2Fapps%2Ftest%2Fverify_email&token=testToken&username=testUser') + done() + } + + var userController = new UserController(emailAdapter, 'test', { + verifyUserEmails: true + }) + + userController.sendVerificationEmail(user) + }) + }) + }) +}); diff --git a/spec/ValidationAndPasswordsReset.spec.js b/spec/ValidationAndPasswordsReset.spec.js index f32813fb..cb4de0e6 100644 --- a/spec/ValidationAndPasswordsReset.spec.js +++ b/spec/ValidationAndPasswordsReset.spec.js @@ -12,7 +12,8 @@ describe("Custom Pages, Email Verification, Password Reset", () => { invalidLink: "myInvalidLink", verifyEmailSuccess: "myVerifyEmailSuccess", choosePassword: "myChoosePassword", - passwordResetSuccess: "myPasswordResetSuccess" + passwordResetSuccess: "myPasswordResetSuccess", + parseFrameURL: "http://example.com/handle-parse-iframe" }, publicServerURL: "https://my.public.server.com/1" }) @@ -22,6 +23,7 @@ describe("Custom Pages, Email Verification, Password Reset", () => { expect(config.verifyEmailSuccessURL).toEqual("myVerifyEmailSuccess"); expect(config.choosePasswordURL).toEqual("myChoosePassword"); expect(config.passwordResetSuccessURL).toEqual("myPasswordResetSuccess"); + expect(config.parseFrameURL).toEqual("http://example.com/handle-parse-iframe"); expect(config.verifyEmailURL).toEqual("https://my.public.server.com/1/apps/test/verify_email"); expect(config.requestResetPasswordURL).toEqual("https://my.public.server.com/1/apps/test/request_password_reset"); done(); diff --git a/src/Config.js b/src/Config.js index 01b15303..d262aad4 100644 --- a/src/Config.js +++ b/src/Config.js @@ -246,6 +246,10 @@ export class Config { return this.customPages.passwordResetSuccess || `${this.publicServerURL}/apps/password_reset_success.html`; } + get parseFrameURL() { + return this.customPages.parseFrameURL; + } + get verifyEmailURL() { return `${this.publicServerURL}/apps/${this.applicationId}/verify_email`; } diff --git a/src/Controllers/UserController.js b/src/Controllers/UserController.js index 48b4c7f0..b6ca02a5 100644 --- a/src/Controllers/UserController.js +++ b/src/Controllers/UserController.js @@ -119,7 +119,8 @@ export class UserController extends AdaptableController { // We may need to fetch the user in case of update email this.getUserIfNeeded(user).then((user) => { const username = encodeURIComponent(user.username); - const link = `${this.config.verifyEmailURL}?token=${token}&username=${username}`; + + const link = buildEmailLink(this.config.verifyEmailURL, username, token, this.config); const options = { appName: this.config.appName, link: link, @@ -153,8 +154,8 @@ export class UserController extends AdaptableController { .then(user => { const token = encodeURIComponent(user._perishable_token); const username = encodeURIComponent(user.username); - const link = `${this.config.requestResetPasswordURL}?token=${token}&username=${username}` + const link = buildEmailLink(this.config.requestResetPasswordURL, username, token, this.config); const options = { appName: this.config.appName, link: link, @@ -215,4 +216,16 @@ function updateUserPassword(userId, password, config) { }); } +function buildEmailLink(destination, username, token, config) { + const usernameAndToken = `token=${token}&username=${username}` + + if (config.parseFrameURL) { + const destinationWithoutHost = destination.replace(config.publicServerURL, ''); + + return `${config.parseFrameURL}?link=${encodeURIComponent(destinationWithoutHost)}&${usernameAndToken}`; + } else { + return `${destination}?${usernameAndToken}`; + } +} + export default UserController;