Merge pull request #57 from Human-Connection/master

appinteractive · web-flow · commit 171b90bea257 · 2018-05-11T15:58:14.000+02:00
Merge Master into Develop
diff --git a/config/local.example.json b/config/local.example.json
@@ -4,14 +4,9 @@
   "baseURL": "http://localhost:3030",
   "frontURL": "http://localhost:3000",
   "smtpConfig": {
-    "host": "localhost",
+    "host": "0.0.0.0",
     "port": 1025,
-    "secure": false,
-    "ignoreTLS": true,
-    "auth": {
-      "user": "",
-      "pass": ""
-    }
+    "ignoreTLS": true
   },
   "thumbor": {
     "url": "",
diff --git a/email-templates/account/password-reset/de/style.scss b/email-templates/account/password-reset/de/style.scss
@@ -1 +1 @@
-@import '../../layout/common';
+@import '../../../layout/common';
diff --git a/email-templates/account/password-reset/en/style.scss b/email-templates/account/password-reset/en/style.scss
@@ -1 +1 @@
-@import '../../layout/common';
+@import '../../../layout/common';
diff --git a/email-templates/account/reset-password/de/html.hbs b/email-templates/account/reset-password/de/html.hbs
@@ -20,12 +20,12 @@
 			</tr>
 			<tr>
 				<td class="aligncenter content-block">
-					Wenn du diese Nachricht ignorierst bleibt dein passwort wie es ist.
+					Wenn du diese Nachricht ignorierst, bleibt dein Passwort wie es ist.
 				</td>
 			</tr>
 			<tr>
 				<td class="aligncenter content-block" itemprop="handler" itemscope itemtype="http://schema.org/HttpActionHandler">
-          Wenn du es nicht warst der dein Passwort zurücksetzen wollte <a href='mailto:{{returnEmail}}?subject=I did not reset my password&body=Someone unauthorized sent this reset password request.'>lass es uns wissen!</a>
+          Wenn du es nicht warst, der dein Passwort zurücksetzen wollte, <a href='mailto:{{returnEmail}}?subject=I did not reset my password&body=Someone unauthorized sent this reset password request.'>lass es uns wissen!</a>
 				</td>
 			</tr>
 			<tr>
diff --git a/email-templates/account/reset-password/de/style.scss b/email-templates/account/reset-password/de/style.scss
@@ -1 +1 @@
-@import '../../layout/common';
+@import '../../../layout/common';
diff --git a/email-templates/account/reset-password/en/style.scss b/email-templates/account/reset-password/en/style.scss
@@ -1 +1 @@
-@import '../../layout/common';
+@import '../../../layout/common';
diff --git a/server/authentication.js b/server/authentication.js
@@ -1,6 +1,7 @@
 const authentication = require('feathers-authentication');
 const jwt = require('feathers-authentication-jwt');
 const local = require('feathers-authentication-local');
+const { lowerCase } = require('feathers-hooks-common');
 
 module.exports = function () {
   const app = this;
@@ -17,6 +18,7 @@ module.exports = function () {
   app.service('authentication').hooks({
     before: {
       create: [
+        lowerCase('email', 'username'),
         authentication.hooks.authenticate(config.strategies)
       ],
       remove: [
diff --git a/server/hooks/xss.js b/server/hooks/xss.js
@@ -24,8 +24,9 @@ function clean (dirty) {
   dirty = sanitizeHtml(dirty, {
     allowedTags: ['iframe', 'img', 'p', 'br', 'b', 'i', 'em', 'strong', 'a', 'pre', 'ul', 'li', 'ol', 's', 'strike', 'span', 'blockquote'],
     allowedAttributes: {
-      a: ['href', 'class', 'target', 'data-*'],
-      img: [ 'src' ],
+      a: ['href', 'class', 'target', 'data-*' , 'contenteditable'],
+      span: ['contenteditable'],
+      img: ['src'],
       iframe: ['src', 'class', 'frameborder', 'allowfullscreen']
     },
     allowedIframeHostnames: ['www.youtube.com', 'player.vimeo.com'],
diff --git a/server/services/auth-management/auth-management.hooks.js b/server/services/auth-management/auth-management.hooks.js
@@ -1,6 +1,6 @@
 const isEnabled = require('../../hooks/is-enabled');
 const { authenticate } = require('feathers-authentication').hooks;
-const commonHooks = require('feathers-hooks-common');
+const { iff } = require('feathers-hooks-common');
 
 const isAction = () => {
   let args = Array.from(arguments);
@@ -13,7 +13,7 @@ module.exports = {
     find: [],
     get: [],
     create: [
-      commonHooks.iff(
+      iff(
         isAction('passwordChange', 'identityChange'),
         [
           authenticate('jwt'),
diff --git a/server/services/auth-management/notifier.js b/server/services/auth-management/notifier.js
@@ -37,14 +37,33 @@ module.exports = function (app) {
       )
     );
 
+    let language = user.userSettings ? user.userSettings.uiLanguage : user.language || 'en';
+
     const templatePath = path.join(
       __dirname,
       '../../../email-templates/account',
       templatename,
-      user.language || 'en'
+      language
     );
 
-    const hashLink = getLink(linktype, user.verifyToken || null);
+    let token;
+
+    switch (linktype) {
+    case 'invite-email':
+      token = user.verifyToken;
+      break;
+    case 'verify':
+      token = user.verifyToken;
+      break;
+    case 'reset':
+      token = user.resetToken;
+      break;
+    case 'verifyChanges':
+      token = user.changeToken;
+      break;
+    }
+
+    const hashLink = getLink(linktype, token || null);
     const frontURL = app.get('frontURL');
     const backURL = app.get('baseURL');
 
@@ -62,7 +81,7 @@ module.exports = function (app) {
       name: user.name || user.email,
       email: user.email,
       code: user.code || null,
-      language: user.language || 'en',
+      language: language,
       link: hashLink,
       returnEmail: returnEmail,
       frontURL,
@@ -95,9 +114,7 @@ module.exports = function (app) {
     if (app.get('debug')) {
       const filename = String(Date.now()) + '.html';
       const filepath = path.join(__dirname, '../../../tmp/emails/', filename);
-      fs.outputFile(filepath, email.html).catch(err => {
-        app.error('Error saving email', err);
-      });
+      fs.outputFileSync(filepath, email.html);
     }
 
     return app
@@ -124,23 +141,31 @@ module.exports = function (app) {
           user
         );
       case 'resendVerifySignup':
-        return buildEmail('verify-email', 'Confirm signup', 'verify', user);
+        return buildEmail(
+          'verify-email',
+          'Confirm signup',
+          'verify',
+          user);
       case 'verifySignup':
         return buildEmail(
           'email-verified',
           'Email address verified',
           'verify',
           user
         );
-      case 'resetPwd':
-        return buildEmail('reset-password', 'Password reset', 'reset', user);
       case 'sendResetPwd':
         return buildEmail(
-          'password-was-reset',
-          'Your password was reset',
+          'reset-password',
+          'Password reset',
           'reset',
           user
         );
+      case 'resetPwd':
+        return buildEmail(
+          'password-reset',
+          'Your password was reset',
+          'reset',
+          user);
       case 'passwordChange':
         return buildEmail(
           'password-change',
diff --git a/server/services/organizations/organizations.hooks.js b/server/services/organizations/organizations.hooks.js
@@ -1,4 +1,4 @@
-const { unless, when, isProvider, softDelete, stashBefore } = require('feathers-hooks-common');
+const { unless, when, isProvider, populate, softDelete, stashBefore } = require('feathers-hooks-common');
 const { isVerified } = require('feathers-authentication-management').hooks;
 const { authenticate } = require('feathers-authentication').hooks;
 const { associateCurrentUser } = require('feathers-authentication-hooks');
@@ -27,6 +27,15 @@ const thumbnailOptions = {
 
 const xssFields = ['description', 'descriptionExcerpt'];
 
+const reviewerSchema = {
+  include: {
+    service: 'users',
+    nameAs: 'reviewer',
+    parentField: 'reviewedBy',
+    childField: '_id'
+  }
+};
+
 module.exports = {
   before: {
     all: [
@@ -90,7 +99,8 @@ module.exports = {
 
   after: {
     all: [
-      xss({ fields: xssFields })
+      xss({ fields: xssFields }),
+      populate({ schema: reviewerSchema }),
       // populate({ schema: userSchema }),
       // populate({ schema: followerSchema })
     ],
diff --git a/server/services/users/users.hooks.js b/server/services/users/users.hooks.js
@@ -49,12 +49,25 @@ const candosSchema = {
   }
 };
 
+const userSettingsPrivateSchema = {
+  include: {
+    service: 'usersettings',
+    nameAs: 'userSettings',
+    parentField: '_id',
+    childField: 'userId',
+    asArray: false
+  }
+};
+
 const userSettingsSchema = {
   include: {
     service: 'usersettings',
     nameAs: 'userSettings',
     parentField: '_id',
     childField: 'userId',
+    query: {
+      $select: ['uiLanguage', 'contentLanguages'],
+    },
     asArray: false
   }
 };
@@ -109,6 +122,7 @@ module.exports = {
       ...restrict,
       hashPassword(),
       disableMultiItemChange(),
+      lowerCase('email', 'username'),
       when(isProvider('external'),
         restrictUserRole()
       ),
@@ -118,6 +132,7 @@ module.exports = {
       ...restrict,
       // hashPassword(),
       disableMultiItemChange(),
+      lowerCase('email', 'username'),
       // Only set slug once
       when(
         hook => {
@@ -137,6 +152,7 @@ module.exports = {
     all: [
       populate({ schema: badgesSchema }),
       populate({ schema: candosSchema }),
+      populate({ schema: userSettingsSchema }),
       cleanupBasicData
     ],
     find: [
@@ -145,15 +161,12 @@ module.exports = {
     ],
     get: [
       thumbnails(thumbnailOptions),
-
       // remove personal data if its not the current authenticated user
-      iff(isProvider('external'),
-        when(isOwnEntry(false), [
-          cleanupPersonalData
-        ])
+      iff(isOwnEntry(false),
+        cleanupPersonalData,
       ),
       iff(isOwnEntry(),
-        populate({ schema: userSettingsSchema })
+        populate({ schema: userSettingsPrivateSchema })
       )
     ],
     create: [
diff --git a/test/services/auth-management.test.js b/test/services/auth-management.test.js
@@ -1,10 +1,73 @@
 const assert = require('assert');
 const app = require('../../server/app');
+const service = app.service('authManagement');
+const userService = app.service('users');
+const fs = require('fs-extra');
+const path = require('path');
+const cheerio = require('cheerio');
+let user = null;
 
 describe('\'authManagement\' service', () => {
-  it('registered the service', () => {
-    const service = app.service('authManagement');
+  before(function(done) {
+    this.server = app.listen(3031);
+    this.server.once('listening', () => done());
+  });
+
+  after(function(done) {
+    this.server.close(done);
+  });
+
+  beforeEach(async () => {
+    await app.get('mongooseClient').connection.dropDatabase();
+    user = await userService.create({
+      email: 'test@test.de',
+      password: '1234',
+      name: 'Peter',
+      role: 'admin'
+    });
+  });
+
+  afterEach(async () => {
+    await app.get('mongooseClient').connection.dropDatabase();
+    user = null;
+  });
 
+  it('registered the service', () => {
     assert.ok(service, 'Registered the service');
   });
+
+  it('can reset password', async () => {
+    await service.create({
+      action: 'sendResetPwd',
+      value: {
+        email: user.email
+      }
+    });
+
+    const token = await getTokenFromMail();
+
+    const result = await service.create({
+      action: 'resetPwdLong',
+      value: {
+        token,
+        password: '123456'
+      }
+    });
+    assert.ok(result, 'password can be reset');
+  });
 });
+
+const getTokenFromMail = async () => {
+  // Get token from tmp email file
+  const mailDir = path.join(__dirname, '../../tmp/emails');
+  const fileName = await fs.readdirSync(mailDir)[0];
+  const mailFile = path.join(mailDir, fileName);
+  const mailContent = await fs.readFileSync(mailFile, 'utf8');
+  const $ = await cheerio.load(mailContent);
+  let url;
+  await $('a.btn-primary').each((i, el) => {
+    url = el.attribs['href'];
+  });
+  const token = url.split('/').pop();
+  return token;
+};
diff --git a/test/services/authentication.js b/test/services/authentication.js

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-@import '../../layout/common';`
	`1`	`+@import '../../../layout/common';`