asyavee/medusa-store
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Closes #53

Browse Source 
Use email for reset password and reset password token
This commit is contained in:
Oliver Windall Juhl
2020-05-11 13:55:44 +02:00
committed by GitHub
parent 8255a839f6
commit 809133fa2a
7 changed files with 100 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/medusa/src/api/routes/admin/users/__tests__/reset-password-token.js
+18 -16
View File
@@ -2,26 +2,28 @@ import { IdMap } from "medusa-test-utils"
import { request } from "../../../../../helpers/test-request"
import { UserServiceMock } from "../../../../../services/__mocks__/user"
describe("POST /admin/users/:id/reset-password-token", () => {
describe("POST /admin/users/password-token", () => {
describe("successfully generates reset password token", () => {
let subject
beforeAll(async () => {
subject = await request(
"POST",
`/admin/users/${IdMap.getId("test-user")}/reset-password-token`,
{
adminSession: {
jwt: {
userId: IdMap.getId("admin_user"),
},
subject = await request("POST", `/admin/users/password-token`, {
payload: {
email: "vandijk@test.dk",
},
adminSession: {
jwt: {
userId: IdMap.getId("admin_user"),
},
}
)
},
})
})
afterAll(() => {
jest.clearAllMocks()
it("calls UserService retrieve", () => {
expect(UserServiceMock.retrieveByEmail).toHaveBeenCalledTimes(1)
expect(UserServiceMock.retrieveByEmail).toHaveBeenCalledWith(
"vandijk@test.dk"
)
})
it("calls UserService generateResetPasswordToken", () => {
@@ -29,12 +31,12 @@ describe("POST /admin/users/:id/reset-password-token", () => {
1
)
expect(UserServiceMock.generateResetPasswordToken).toHaveBeenCalledWith(
IdMap.getId("test-user")
IdMap.getId("vandijk")
)
})
it("returns 200", () => {
expect(subject.status).toEqual(200)
it("returns 204", () => {
expect(subject.status).toEqual(204)
})
})
})
packages/medusa/src/api/routes/admin/users/__tests__/reset-password.js
+21 -26
View File
@@ -3,7 +3,7 @@ import jwt from "jsonwebtoken"
import { request } from "../../../../../helpers/test-request"
import { UserServiceMock } from "../../../../../services/__mocks__/user"
describe("POST /admin/users/:id/reset-password", () => {
describe("POST /admin/users/reset-password", () => {
describe("successfully resets password", () => {
let subject
@@ -13,42 +13,37 @@ describe("POST /admin/users/:id/reset-password", () => {
it("calls UserService setPassword", async () => {
const exp = Math.floor(Date.now() / 1000) + 60 * 15
const token = jwt.sign(
{
userId: "test-user-id",
name: "Oliver Juhl",
email: "oliver@test.dk",
exp,
},
"123456789hash"
)
subject = await request(
"POST",
`/admin/users/test-user-id/reset-password`,
{
payload: {
token,
password: "new-password",
},
adminSession: {
jwt: {
userId: IdMap.getId("admin_user"),
subject = await request("POST", `/admin/users/reset-password`, {
payload: {
email: "vandijk@test.dk",
token: jwt.sign(
{
user_id: IdMap.getId("vandijk"),
name: "Virgil Van Dijk",
email: "vandijk@test.dk",
exp,
},
"1234"
),
password: "new-password",
},
adminSession: {
jwt: {
userId: IdMap.getId("admin_user"),
},
}
)
},
})
expect(UserServiceMock.setPassword).toHaveBeenCalledTimes(1)
expect(UserServiceMock.setPassword).toHaveBeenCalledWith(
"test-user-id",
IdMap.getId("vandijk"),
"new-password"
)
})
it("returns updated user", () => {
expect(subject.body._id).toEqual("test-user-id")
expect(subject.body._id).toEqual(IdMap.getId("vandijk"))
})
it("returns 200", () => {
expect(subject.status).toEqual(200)
})
packages/medusa/src/api/routes/admin/users/index.js
+7 -7
View File
@@ -10,20 +10,20 @@ export default app => {
route.get("/:user_id", middlewares.wrap(require("./get-user").default))
route.post("/", middlewares.wrap(require("./create-user").default))
route.post("/:user_id", middlewares.wrap(require("./update-user").default))
route.post(
"/:user_id/set-password",
middlewares.wrap(require("./set-password").default)
)
route.post(
"/:user_id/reset-password-token",
"/password-token",
middlewares.wrap(require("./reset-password-token").default)
)
route.post(
"/:user_id/reset-password",
"/reset-password",
middlewares.wrap(require("./reset-password").default)
)
route.post("/:user_id", middlewares.wrap(require("./update-user").default))
route.post(
"/:user_id/set-password",
middlewares.wrap(require("./set-password").default)
)
route.delete("/:user_id", middlewares.wrap(require("./delete-user").default))
packages/medusa/src/api/routes/admin/users/reset-password-token.js
+18 -3
View File
@@ -1,9 +1,24 @@
import { MedusaError, Validator } from "medusa-core-utils"
export default async (req, res) => {
const { user_id } = req.params
const schema = Validator.object().keys({
email: Validator.string()
.email()
.required(),
})
const { value, error } = schema.validate(req.body)
if (error) {
throw new MedusaError(MedusaError.Types.INVALID_DATA, error.details)
}
try {
const userService = req.scope.resolve("userService")
const token = await userService.generateResetPasswordToken(user_id)
res.json(token)
const user = await userService.retrieveByEmail(value.email)
await userService.generateResetPasswordToken(user._id)
res.sendStatus(204)
} catch (error) {
throw error
}
packages/medusa/src/api/routes/admin/users/reset-password.js
+6 -3
View File
@@ -2,8 +2,10 @@ import { MedusaError, Validator } from "medusa-core-utils"
import jwt from "jsonwebtoken"
export default async (req, res) => {
const { user_id } = req.params
const schema = Validator.object().keys({
email: Validator.string()
.email()
.required(),
token: Validator.string().required(),
password: Validator.string().required(),
})
@@ -15,11 +17,12 @@ export default async (req, res) => {
try {
const userService = req.scope.resolve("userService")
let user = await userService.retrieve(user_id)
let user = await userService.retrieveByEmail(value.email)
const decodedToken = await jwt.verify(value.token, user.password_hash)
if (!decodedToken) {
if (!decodedToken || decodedToken.user_id !== user._id) {
res.status(401).send("Invalid or expired password reset token")
return
}
await userService.setPassword(user._id, value.password)