Ajax password reset (#5332)

* adapted public api route for use with ajax * Elegant error handling * Fixed error return * Public API error flow redone, tests * Fixed code to pre-build form * Public API change password return params * Reverted errors in resetPassword * Fixed querystring call * Success test on ajax password reset * Added few more routes to tests for coverage * More tests and redone error return slightly * Updated error text * Console logs removal, renamed test, added {} to if * Wrong error sent * Revert changes * Revert "Revert changes" This reverts commit 68ee2c44bf2411ca8b56b039a4d490a7e2f99ae9. * real revert of {} * nits and test fix * fix tests * throw proper error
2019-03-14 23:06:18 +02:00
parent bf033becbd
commit d84566ac28
5 changed files with 258 additions and 16 deletions
--- a/spec/PasswordPolicy.spec.js
+++ b/spec/PasswordPolicy.spec.js
@@ -913,6 +913,65 @@ describe('Password Policy: ', () => {
    });
  });

+  it('Should return error when password violates Password Policy and reset through ajax', async done => {
+    const user = new Parse.User();
+    const emailAdapter = {
+      sendVerificationEmail: () => Promise.resolve(),
+      sendPasswordResetEmail: async options => {
+        const response = await request({
+          url: options.link,
+          followRedirects: false,
+          simple: false,
+          resolveWithFullResponse: true,
+        });
+        expect(response.status).toEqual(302);
+        const re = /http:\/\/localhost:8378\/1\/apps\/choose_password\?token=([a-zA-Z0-9]+)\&id=test\&username=user1/;
+        const match = response.text.match(re);
+        if (!match) {
+          fail('should have a token');
+          return;
+        }
+        const token = match[1];
+
+        try {
+          await request({
+            method: 'POST',
+            url: 'http://localhost:8378/1/apps/test/request_password_reset',
+            body: `new_password=xuser12&token=${token}&username=user1`,
+            headers: {
+              'Content-Type': 'application/x-www-form-urlencoded',
+              'X-Requested-With': 'XMLHttpRequest',
+            },
+            followRedirects: false,
+          });
+        } catch (error) {
+          expect(error.status).not.toBe(302);
+          expect(error.text).toEqual(
+            '{"code":-1,"error":"Password cannot contain your username."}'
+          );
+        }
+        await Parse.User.logIn('user1', 'r@nd0m');
+        done();
+      },
+      sendMail: () => {},
+    };
+    await reconfigureServer({
+      appName: 'passwordPolicy',
+      verifyUserEmails: false,
+      emailAdapter: emailAdapter,
+      passwordPolicy: {
+        doNotAllowUsername: true,
+      },
+      publicServerURL: 'http://localhost:8378/1',
+    });
+    user.setUsername('user1');
+    user.setPassword('r@nd0m');
+    user.set('email', 'user1@parse.com');
+    await user.signUp();
+
+    await Parse.User.requestPasswordReset('user1@parse.com');
+  });
+
  it('should reset password even if the new password contains user name while the policy allows', done => {
    const user = new Parse.User();
    const emailAdapter = {