move password check to the backend

Author: butlerx

test/fixtures/users.json

@@ -1,40 +1,40 @@
 [
-  { 
+  {
     "name": "test1",
     "email": "[email protected]",
-    "password": "pass1",
+    "password": "password1",
     "termsConditionsAccepted": true,
       "initUserType":"attendee-u13",
     "g-recaptcha-response": "03AHJ_VuufpHRAc3bbYfeMunZ-nOYP5rjdSwlw7e4Btq-RGYYvCRTJJkXptbQuBwJDL0ZWQ7eHeQRoTI9iRZlakVlpVDB9rd0kYw2iNcMXG9qNNNBNv_qNjTyE4RwZ3x0zAt2aqg-LjboEqRyLqbOO032kal8wz_GGKbrykJMV0kiSdCbABlSalNHUwlP9II7nGs1me9x84owsr5ZCFkCYtQehguTm6nMe9HRq7hLbQb4hK8HuWwfqQ1z5CIuKk7el5taxNC1h4QuqWsNgGlWAv_Gqp4dJjz683kNCV2vbTlofz6FwttNZwD-mS1l4OrTCdvdX9JBcipXbjlIF1RFyBbXGvSAftp3_ajmoAjstwSdAZVtD1Whm_x8nUo_0pFp6x0n0Y1j8Ztc87oxAXswI-Yvf8JFu8Bhaw_SwAz2Qk7meR2Mvx5lKz_3IzK_b15gnmXenqamBpksv"
   },
   {
     "name": "test2",
     "email": "[email protected]",
-    "password": "pass2",
+    "password": "passiword2",
     "termsConditionsAccepted": true,
       "initUserType":"attendee-o13",
     "g-recaptcha-response": "03AHJ_VuufpHRAc3bbYfeMunZ-nOYP5rjdSwlw7e4Btq-RGYYvCRTJJkXptbQuBwJDL0ZWQ7eHeQRoTI9iRZlakVlpVDB9rd0kYw2iNcMXG9qNNNBNv_qNjTyE4RwZ3x0zAt2aqg-LjboEqRyLqbOO032kal8wz_GGKbrykJMV0kiSdCbABlSalNHUwlP9II7nGs1me9x84owsr5ZCFkCYtQehguTm6nMe9HRq7hLbQb4hK8HuWwfqQ1z5CIuKk7el5taxNC1h4QuqWsNgGlWAv_Gqp4dJjz683kNCV2vbTlofz6FwttNZwD-mS1l4OrTCdvdX9JBcipXbjlIF1RFyBbXGvSAftp3_ajmoAjstwSdAZVtD1Whm_x8nUo_0pFp6x0n0Y1j8Ztc87oxAXswI-Yvf8JFu8Bhaw_SwAz2Qk7meR2Mvx5lKz_3IzK_b15gnmXenqamBpksv"
   },
   {
     "name": "test3",
     "email": "[email protected]",
-    "password": "pass3",
+    "password": "password3",
     "termsConditionsAccepted": true,
       "initUserType":"parent-guardian",
     "g-recaptcha-response": "03AHJ_VuufpHRAc3bbYfeMunZ-nOYP5rjdSwlw7e4Btq-RGYYvCRTJJkXptbQuBwJDL0ZWQ7eHeQRoTI9iRZlakVlpVDB9rd0kYw2iNcMXG9qNNNBNv_qNjTyE4RwZ3x0zAt2aqg-LjboEqRyLqbOO032kal8wz_GGKbrykJMV0kiSdCbABlSalNHUwlP9II7nGs1me9x84owsr5ZCFkCYtQehguTm6nMe9HRq7hLbQb4hK8HuWwfqQ1z5CIuKk7el5taxNC1h4QuqWsNgGlWAv_Gqp4dJjz683kNCV2vbTlofz6FwttNZwD-mS1l4OrTCdvdX9JBcipXbjlIF1RFyBbXGvSAftp3_ajmoAjstwSdAZVtD1Whm_x8nUo_0pFp6x0n0Y1j8Ztc87oxAXswI-Yvf8JFu8Bhaw_SwAz2Qk7meR2Mvx5lKz_3IzK_b15gnmXenqamBpksv"
   },
   {
     "name": "test4",
     "email": "[email protected]",
-    "password": "pass4",
+    "password": "password4",
     "termsConditionsAccepted": true,
       "initUserType":"mentor",
     "g-recaptcha-response": "03AHJ_VuufpHRAc3bbYfeMunZ-nOYP5rjdSwlw7e4Btq-RGYYvCRTJJkXptbQuBwJDL0ZWQ7eHeQRoTI9iRZlakVlpVDB9rd0kYw2iNcMXG9qNNNBNv_qNjTyE4RwZ3x0zAt2aqg-LjboEqRyLqbOO032kal8wz_GGKbrykJMV0kiSdCbABlSalNHUwlP9II7nGs1me9x84owsr5ZCFkCYtQehguTm6nMe9HRq7hLbQb4hK8HuWwfqQ1z5CIuKk7el5taxNC1h4QuqWsNgGlWAv_Gqp4dJjz683kNCV2vbTlofz6FwttNZwD-mS1l4OrTCdvdX9JBcipXbjlIF1RFyBbXGvSAftp3_ajmoAjstwSdAZVtD1Whm_x8nUo_0pFp6x0n0Y1j8Ztc87oxAXswI-Yvf8JFu8Bhaw_SwAz2Qk7meR2Mvx5lKz_3IzK_b15gnmXenqamBpksv"
   },
   {
     "name": "test5",
     "email": "[email protected]",
-    "password": "pass5",
+    "password": "password5",
     "termsConditionsAccepted": true,
       "initUserType":"champion",
     "g-recaptcha-response": "03AHJ_VuufpHRAc3bbYfeMunZ-nOYP5rjdSwlw7e4Btq-RGYYvCRTJJkXptbQuBwJDL0ZWQ7eHeQRoTI9iRZlakVlpVDB9rd0kYw2iNcMXG9qNNNBNv_qNjTyE4RwZ3x0zAt2aqg-LjboEqRyLqbOO032kal8wz_GGKbrykJMV0kiSdCbABlSalNHUwlP9II7nGs1me9x84owsr5ZCFkCYtQehguTm6nMe9HRq7hLbQb4hK8HuWwfqQ1z5CIuKk7el5taxNC1h4QuqWsNgGlWAv_Gqp4dJjz683kNCV2vbTlofz6FwttNZwD-mS1l4OrTCdvdX9JBcipXbjlIF1RFyBbXGvSAftp3_ajmoAjstwSdAZVtD1Whm_x8nUo_0pFp6x0n0Y1j8Ztc87oxAXswI-Yvf8JFu8Bhaw_SwAz2Qk7meR2Mvx5lKz_3IzK_b15gnmXenqamBpksv"

test/users-spec.js

@@ -69,7 +69,7 @@ lab.experiment('Profiles Microservice test', { timeout: 5000}, function () {
   lab.test('load', function (done) {
     var id = 'f8bbf130-e7c3-4da6-ad0f-28475d4811c7';
     seneca.act({role: 'cd-profiles', cmd: 'load', id: id}, done);
-  }); 
+  });
 
   lab.test('user_profile_data', function (done) {
     var userId = '';
@@ -92,7 +92,7 @@ lab.experiment('Users Microservice test', { timeout: 5000 }, function(){
     function registerUser(user, cb){
       seneca.act(user, {role: role, cmd: 'register'}, function(err, res){
         if(err) return cb(err);
-
+        expect(!res.ok);
         return cb();
       });
     }
@@ -129,7 +129,7 @@ lab.experiment('Users Microservice test', { timeout: 5000 }, function(){
       var user = {
         "name": "test6",
         "email": "[email protected]",
-        "password": "pass6",
+        "password": "password6",
         "termsConditionsAccepted": true,
         "initUserType": "mentor",
         "g-recaptcha-response": "03AHJ_VuufpHRAc3bbYfeMunZ-nOYP5rjdSwlw7e4Btq-RGYYvCRTJJkXptbQuBwJDL0ZWQ7eHeQRoTI9iRZlakVlpVDB9rd0kYw2iNcMXG9qNNNBNv_qNjTyE4RwZ3x0zAt2aqg-LjboEqRyLqbOO032kal8wz_GGKbrykJMV0kiSdCbABlSalNHUwlP9II7nGs1me9x84owsr5ZCFkCYtQehguTm6nMe9HRq7hLbQb4hK8HuWwfqQ1z5CIuKk7el5taxNC1h4QuqWsNgGlWAv_Gqp4dJjz683kNCV2vbTlofz6FwttNZwD-mS1l4OrTCdvdX9JBcipXbjlIF1RFyBbXGvSAftp3_ajmoAjstwSdAZVtD1Whm_x8nUo_0pFp6x0n0Y1j8Ztc87oxAXswI-Yvf8JFu8Bhaw_SwAz2Qk7meR2Mvx5lKz_3IzK_b15gnmXenqamBpksv"

users.js

@@ -58,6 +58,23 @@ module.exports = function (options) {
     seneca.make(ENTITY_NS).list$(query, done);
   }
 
+  function checkPassword (args, done) {
+    var containsNumber = /[0-9]/.test(args.password);
+    var containsCharacter = /[!|@|#|$|%|^|&|*|(|)|-|_]/.test(args.password);
+    var containsCapital = /[A-Z]/.test(args.password);
+    var containsLowerCase = /[a-z]/.test(args.password);
+    var minPasswordLength = 8;
+
+    if (args.password === args.email) {
+      return done(null, {ok: false, token: args.token, why: 'Password must not be the same as your email address'});
+    } if ((args.password.length < minPasswordLength) || !(containsNumber || containsCharacter)) {
+      return done(null, {ok: false, token: args.token, why: 'Password must be a minimum of 8 characters in length and contain at least one number or punctuation character'});
+    } if (_.includes(args.roles, 'cdf-admin') && (!containsNumber || !containsCharacter || !containsCapital || !containsLowerCase)) {
+      return done(null, {ok: false, token: args.token, why: 'An admin account must contain at least one number, one special character and one capital.'});
+    }
+    return done(null, args);
+  }
+
   function cmd_register (args, done) {
     var isChampion = args.isChampion === true;
     var locality = args.locality || 'en_US';
@@ -120,29 +137,35 @@ module.exports = function (options) {
 
       args.mailingList = (args.mailingList) ? 1 : 0;
 
-      seneca.act({role: 'user', cmd: 'register'}, args, function (err, registerResponse) {
+      checkPassword(args, function (err, args) {
         if (err) return done(err);
-        if (!registerResponse.ok) {
-          return done(null, registerResponse);
+        if (typeof args.ok !== 'undefined' && !args.ok) {
+          return done(null, args);
         }
-
-        var user = registerResponse.user;
-        // Create user profile based on initial user type.
-        var userType = 'attendee-o13';
-        if (user.initUserType) userType = user.initUserType.name;
-
-        var profileData = {
-          userId: user.id,
-          name: user.name,
-          email: user.email,
-          userType: userType
-        };
-        seneca.act({role: 'cd-profiles', cmd: 'save', profile: profileData}, function (err, profile) {
+        seneca.act({role: 'user', cmd: 'register'}, args, function (err, registerResponse) {
           if (err) return done(err);
-          if (registerResponse.ok === true && isChampion === true) {
-            seneca.act({role: 'cd-salesforce', cmd: 'queud_update_users', param: {user: registerResponse.user}, fatal$: false});
+          if (!registerResponse.ok) {
+            return done(null, registerResponse);
           }
-          done(null, registerResponse);
+
+          var user = registerResponse.user;
+          // Create user profile based on initial user type.
+          var userType = 'attendee-o13';
+          if (user.initUserType) userType = user.initUserType.name;
+
+          var profileData = {
+            userId: user.id,
+            name: user.name,
+            email: user.email,
+            userType: userType
+          };
+          seneca.act({role: 'cd-profiles', cmd: 'save', profile: profileData}, function (err, profile) {
+            if (err) return done(err);
+            if (registerResponse.ok === true && isChampion === true) {
+              seneca.act({role: 'cd-salesforce', cmd: 'queud_update_users', param: {user: registerResponse.user}, fatal$: false});
+            }
+            done(null, registerResponse);
+          });
         });
       });
     }
@@ -347,20 +370,27 @@ module.exports = function (options) {
         return done(null, { ok: false, token: args.token, why: 'Reset stale.' });
       }
 
-      var userEntity = seneca.make$('sys/user');
-
+      var userEntity = seneca.make$(ENTITY_NS);
       userEntity.load$({ id: reset.user }, function (err, user) {
         if (err) { return done(err); }
-        seneca.act({ role: 'user', cmd: 'change_password', user: user, password: args.password, repeat: args.repeat }, function (err, out) {
+        user.password = args.password;
+        checkPassword(user, function (err, user) {
           if (err) { return done(err); }
+          if (typeof user.ok !== 'undefined' && !user.ok) {
+            return done(null, user);
+          }
+          delete user.password;
+          seneca.act({ role: 'user', cmd: 'change_password', user: user, password: args.password, repeat: args.repeat }, function (err, out) {
+            if (err) { return done(err); }
 
-          out.reset = reset;
-          if (!out.ok) { return done(null, out); }
+            out.reset = reset;
+            if (!out.ok) { return done(null, out); }
 
-          reset.active = false;
-          reset.save$(function (err, reset) {
-            if (err) { return done(err); }
-            return done(null, { user: user, reset: reset, ok: true });
+            reset.active = false;
+            reset.save$(function (err, reset) {
+              if (err) { return done(err); }
+              return done(null, { user: user, reset: reset, ok: true });
+            });
           });
         });
       });