Fix User.resetPassword to call createAccessToken()

JonnyBGod · bajtos · commit b8f9b8560975 · 2017-01-20T10:59:46.000+01:00
This allows User subclasses to override the algorithm used for building
one-time access tokens for password recovery.
diff --git a/common/models/user.js b/common/models/user.js
@@ -605,7 +605,7 @@ module.exports = function(User) {
         return cb(err);
       }
 
-      user.accessTokens.create({ ttl: ttl }, function(err, accessToken) {
+      user.createAccessToken(ttl, function(err, accessToken) {
         if (err) {
           return cb(err);
         }
diff --git a/test/user.test.js b/test/user.test.js
@@ -1884,6 +1884,19 @@ describe('User', function() {
         });
       });
 
+      it('calls createAccessToken() to create the token', function(done) {
+        User.prototype.createAccessToken = function(ttl, cb) {
+          cb(null, new AccessToken({id: 'custom-token'}));
+        };
+
+        User.resetPassword({email: options.email}, function() {});
+
+        User.once('resetPasswordRequest', function(info) {
+          expect(info.accessToken.id).to.equal('custom-token');
+          done();
+        });
+      });
+
       it('Password reset over REST rejected without email address', function(done) {
         request(app)
           .post('/test-users/reset')

Original file line number	Diff line number	Diff line change
`@@ -605,7 +605,7 @@ module.exports = function(User) {`
`605`	`605`	`return cb(err);`
`606`	`606`	`}`
`607`	`607`
`608`		`- user.accessTokens.create({ ttl: ttl }, function(err, accessToken) {`
	`608`	`+ user.createAccessToken(ttl, function(err, accessToken) {`
`609`	`609`	`if (err) {`
`610`	`610`	`return cb(err);`
`611`	`611`	`}`