pr comments:

consolidate write operations also tweak test text
2018-10-09 17:34:04 -07:00
parent 6ebce1832b
commit b3b4461fe2
3 changed files with 42 additions and 49 deletions
--- a/spec/ValidationAndPasswordsReset.spec.js
+++ b/spec/ValidationAndPasswordsReset.spec.js
@@ -910,7 +910,7 @@ describe('Custom Pages, Email Verification, Password Reset', () => {
    });
  });

-  it('deletes password reset token', done => {
+  it('deletes password reset token on email address change', done => {
    reconfigureServer({
      appName: 'coolapp',
      publicServerURL: 'http://localhost:1337/1',
@@ -929,13 +929,14 @@ describe('Custom Pages, Email Verification, Password Reset', () => {
        return user
          .signUp(null)
          .then(() => Parse.User.requestPasswordReset('test@parse.com'))
-          .then(() => config.database.adapter
-            .find(
+          .then(() =>
+            config.database.adapter.find(
              '_User',
              { fields: {} },
              { username: 'zxcv' },
              { limit: 1 }
-            ))
+            )
+          )
          .then(results => {
            // validate that there is a token
            expect(results.length).toEqual(1);
@@ -943,18 +944,19 @@ describe('Custom Pages, Email Verification, Password Reset', () => {
            user.set('email', 'test2@parse.com');
            return user.save();
          })
-          .then(() => config.database.adapter
-            .find(
+          .then(() =>
+            config.database.adapter.find(
              '_User',
              { fields: {} },
              { username: 'zxcv' },
-              { limit: 1 })
+              { limit: 1 }
+            )
          )
          .then(results => {
            expect(results.length).toEqual(1);
            expect(results[0]['_perishable_token']).toBeUndefined();
            done();
-          })
+          });
      })
      .catch(error => {
        fail(JSON.stringify(error));
--- a/src/Controllers/UserController.js
+++ b/src/Controllers/UserController.js
@@ -9,6 +9,15 @@ var RestQuery = require('../RestQuery');
 var Auth = require('../Auth');

 export class UserController extends AdaptableController {
+  // Add token delete operations to a rest update object
+  static addClearPasswordResetTokenToRestObject(restObject) {
+    const addOps = {
+      _perishable_token: { __op: 'Delete' },
+      _perishable_token_expires_at: { __op: 'Delete' },
+    };
+    return Object.assign({}, restObject, addOps);
+  }
+
  constructor(adapter, appId, options = {}) {
    super(adapter, appId, options);
  }
@@ -242,35 +251,17 @@ export class UserController extends AdaptableController {
    });
  }

-  clearPasswordResetToken(objectId) {
-    return this.config.database.update(
-      '_User',
-      { objectId },
-      {
-        _perishable_token: { __op: 'Delete' },
-        _perishable_token_expires_at: { __op: 'Delete' },
-      }
-    )
-  }
-
  updatePassword(username, token, password) {
-    return (
-      this.checkResetTokenValidity(username, token)
-        .then(user =>
-          Promise.all([
-            updateUserPassword(user.objectId, password, this.config),
-            this.clearPasswordResetToken(user.objectId)
-          ]))
-        .then(results => results[0])
-        .catch(error => {
-          if (error.message) {
-            // in case of Parse.Error, fail with the error message only
-            return Promise.reject(error.message);
-          } else {
-            return Promise.reject(error);
-          }
-        })
-    );
+    return this.checkResetTokenValidity(username, token)
+      .then(user => updateUserPassword(user.objectId, password, this.config))
+      .catch(error => {
+        if (error.message) {
+          // in case of Parse.Error, fail with the error message only
+          return Promise.reject(error.message);
+        } else {
+          return Promise.reject(error);
+        }
+      });
  }

  defaultVerificationEmail({ link, user, appName }) {
@@ -314,9 +305,7 @@ function updateUserPassword(userId, password, config) {
    Auth.master(config),
    '_User',
    { objectId: userId },
-    {
-      password: password,
-    }
+    UserController.addClearPasswordResetTokenToRestObject({ password })
  );
 }

--- a/src/Routers/ClassesRouter.js
+++ b/src/Routers/ClassesRouter.js
@@ -105,27 +105,29 @@ export class ClassesRouter extends PromiseRouter {
    );
  }

-  afterUpdate(req, response) {
-    if (this.className(req) === '_User' && ('email' in req.body)) {
-      const userController = req.config.userController;
-      return userController.clearPasswordResetToken(req.params.objectId)
-        .then(() =>
-          response
-        );
+  // always clear password reset token on email address change
+  beforeUpdate(req) {
+    const { body } = req;
+    if (this.className(req) === '_User' && 'email' in body) {
+      const { userController } = req.config;
+      return userController.constructor.addClearPasswordResetTokenToRestObject(
+        body
+      );
    }
-    return Promise.resolve(response);
+    return body;
  }

  handleUpdate(req) {
+    const body = this.beforeUpdate(req);
    const where = { objectId: req.params.objectId };
    return rest.update(
      req.config,
      req.auth,
      this.className(req),
      where,
-      req.body,
+      body,
      req.info.clientSDK
-    ).then(this.afterUpdate.bind(this, req));
+    );
  }

  handleDelete(req) {