Move logic out of User and Classes controllers
into RestWriter
This commit is contained in:
Arthur Cinader
@@ -9,15 +9,6 @@ var RestQuery = require('../RestQuery');
|
||||
var Auth = require('../Auth');
|
||||
|
||||
export class UserController extends AdaptableController {
|
||||
// Add token delete operations to a rest update object
|
||||
static addClearPasswordResetTokenToRestObject(restObject) {
|
||||
const addOps = {
|
||||
_perishable_token: { __op: 'Delete' },
|
||||
_perishable_token_expires_at: { __op: 'Delete' },
|
||||
};
|
||||
return Object.assign({}, restObject, addOps);
|
||||
}
|
||||
|
||||
constructor(adapter, appId, options = {}) {
|
||||
super(adapter, appId, options);
|
||||
}
|
||||
@@ -305,7 +296,7 @@ function updateUserPassword(userId, password, config) {
|
||||
Auth.master(config),
|
||||
'_User',
|
||||
{ objectId: userId },
|
||||
UserController.addClearPasswordResetTokenToRestObject({ password })
|
||||
{ password: password }
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
@@ -95,6 +95,9 @@ RestWrite.prototype.execute = function() {
|
||||
.then(() => {
|
||||
return this.runBeforeTrigger();
|
||||
})
|
||||
.then(() => {
|
||||
return this.deleteEmailRestTokenIfNeeded();
|
||||
})
|
||||
.then(() => {
|
||||
return this.validateSchema();
|
||||
})
|
||||
@@ -745,6 +748,22 @@ RestWrite.prototype.createSessionToken = function() {
|
||||
return createSession();
|
||||
};
|
||||
|
||||
// Delete email reset tokens if user is changing password or email.
|
||||
RestWrite.prototype.deleteEmailRestTokenIfNeeded = function() {
|
||||
if (this.className !== '_User' || this.query === null) {
|
||||
// null query means create
|
||||
return;
|
||||
}
|
||||
|
||||
if ('password' in this.data || 'email' in this.data) {
|
||||
const addOps = {
|
||||
_perishable_token: { __op: 'Delete' },
|
||||
_perishable_token_expires_at: { __op: 'Delete' },
|
||||
};
|
||||
this.data = Object.assign(this.data, addOps);
|
||||
}
|
||||
};
|
||||
|
||||
RestWrite.prototype.destroyDuplicatedSessions = function() {
|
||||
// Only for _Session, and at creation time
|
||||
if (this.className != '_Session' || this.query) {
|
||||
|
||||
@@ -105,27 +105,14 @@ export class ClassesRouter extends PromiseRouter {
|
||||
);
|
||||
}
|
||||
|
||||
// always clear password reset token on email address change
|
||||
beforeUpdate(req) {
|
||||
const { body } = req;
|
||||
if (this.className(req) === '_User' && 'email' in body) {
|
||||
const { userController } = req.config;
|
||||
return userController.constructor.addClearPasswordResetTokenToRestObject(
|
||||
body
|
||||
);
|
||||
}
|
||||
return body;
|
||||
}
|
||||
|
||||
handleUpdate(req) {
|
||||
const body = this.beforeUpdate(req);
|
||||
const where = { objectId: req.params.objectId };
|
||||
return rest.update(
|
||||
req.config,
|
||||
req.auth,
|
||||
this.className(req),
|
||||
where,
|
||||
body,
|
||||
req.body,
|
||||
req.info.clientSDK
|
||||
);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user