Fix password reset, email verification for custom endpoint (#7236)

* fixed incorrect endpoint for password reset and email verification * added tests
2021-03-03 00:53:02 +01:00
parent add67fdd22
commit d789ca6b40
2 changed files with 88 additions and 3 deletions
--- a/spec/PagesRouter.spec.js
+++ b/spec/PagesRouter.spec.js
@@ -63,7 +63,7 @@ describe('Pages Router', () => {
      expect(response.status).toBe(200);
    });

-    it('responds with 404 if publicServerURL is not confgured', async () => {
+    it('responds with 404 if publicServerURL is not configured', async () => {
      await reconfigureServer({
        appName: 'unused',
        pages: { enableRouter: true },
@@ -971,5 +971,82 @@ describe('Pages Router', () => {
        expect(response.text).toBe('Not found.');
      });
    });
+
+    describe('custom endpoint', () => {
+      it('password reset works with custom endpoint', async () => {
+        config.pages.pagesEndpoint = 'customEndpoint';
+        await reconfigureServer(config);
+        const sendPasswordResetEmail = spyOn(
+          config.emailAdapter,
+          'sendPasswordResetEmail'
+        ).and.callThrough();
+        const user = new Parse.User();
+        user.setUsername('exampleUsername');
+        user.setPassword('examplePassword');
+        user.set('email', 'mail@example.com');
+        await user.signUp();
+        await Parse.User.requestPasswordReset(user.getEmail());
+
+        const link = sendPasswordResetEmail.calls.all()[0].args[0].link;
+        const linkResponse = await request({
+          url: link,
+          followRedirects: false,
+        });
+        expect(linkResponse.status).toBe(200);
+
+        const appId = linkResponse.headers['x-parse-page-param-appid'];
+        const token = linkResponse.headers['x-parse-page-param-token'];
+        const username = linkResponse.headers['x-parse-page-param-username'];
+        const publicServerUrl = linkResponse.headers['x-parse-page-param-publicserverurl'];
+        const passwordResetPagePath = pageResponse.calls.all()[0].args[0];
+        expect(appId).toBeDefined();
+        expect(token).toBeDefined();
+        expect(username).toBeDefined();
+        expect(publicServerUrl).toBeDefined();
+        expect(passwordResetPagePath).toMatch(new RegExp(`\/${pages.passwordReset.defaultFile}`));
+        pageResponse.calls.reset();
+
+        const formUrl = `${publicServerUrl}/${config.pages.pagesEndpoint}/${appId}/request_password_reset`;
+        const formResponse = await request({
+          url: formUrl,
+          method: 'POST',
+          body: {
+            token,
+            username,
+            new_password: 'newPassword',
+          },
+          headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+          followRedirects: false,
+        });
+        expect(formResponse.status).toEqual(200);
+        expect(pageResponse.calls.all()[0].args[0]).toContain(
+          `/${pages.passwordResetSuccess.defaultFile}`
+        );
+      });
+
+      it('email verification works with custom endpoint', async () => {
+        config.pages.pagesEndpoint = 'customEndpoint';
+        await reconfigureServer(config);
+        const sendVerificationEmail = spyOn(
+          config.emailAdapter,
+          'sendVerificationEmail'
+        ).and.callThrough();
+        const user = new Parse.User();
+        user.setUsername('exampleUsername');
+        user.setPassword('examplePassword');
+        user.set('email', 'mail@example.com');
+        await user.signUp();
+
+        const link = sendVerificationEmail.calls.all()[0].args[0].link;
+        const linkResponse = await request({
+          url: link,
+          followRedirects: false,
+        });
+        expect(linkResponse.status).toBe(200);
+
+        const pagePath = pageResponse.calls.all()[0].args[0];
+        expect(pagePath).toMatch(new RegExp(`\/${pages.emailVerificationSuccess.defaultFile}`));
+      });
+    });
  });
 });
--- a/src/Config.js
+++ b/src/Config.js
@@ -451,7 +451,7 @@ export class Config {
  }

  get requestResetPasswordURL() {
-    return `${this.publicServerURL}/apps/${this.applicationId}/request_password_reset`;
+    return `${this.publicServerURL}/${this.pagesEndpoint}/${this.applicationId}/request_password_reset`;
  }

  get passwordResetSuccessURL() {
@@ -466,7 +466,15 @@ export class Config {
  }

  get verifyEmailURL() {
-    return `${this.publicServerURL}/apps/${this.applicationId}/verify_email`;
+    return `${this.publicServerURL}/${this.pagesEndpoint}/${this.applicationId}/verify_email`;
+  }
+
+  // TODO: Remove this function once PagesRouter replaces the PublicAPIRouter;
+  // the (default) endpoint has to be defined in PagesRouter only.
+  get pagesEndpoint() {
+    return this.pages && this.pages.enableRouter && this.pages.pagesEndpoint
+      ? this.pages.pagesEndpoint
+      : 'apps';
  }
 }