Allow password reset request for users in realms

beeman · beeman · commit e7831f6c4d53 · 2016-11-30T16:57:59.000-05:00
diff --git a/common/models/user.js b/common/models/user.js
@@ -546,11 +546,12 @@ module.exports = function(User) {
   };
 
   /**
-   * Create a short lived acess token for temporary login. Allows users
+   * Create a short lived access token for temporary login. Allows users
    * to change passwords if forgotten.
    *
    * @options {Object} options
-   * @prop {String} email The user's email address
+   * @property {String} email The user's email address
+   * @property {String} realm The user's realm (optional)
    * @callback {Function} callback
    * @param {Error} err
    */
@@ -575,7 +576,13 @@ module.exports = function(User) {
     } catch (err) {
       return cb(err);
     }
-    UserModel.findOne({ where: { email: options.email }}, function(err, user) {
+    var where = {
+      email: options.email
+    };
+    if (options.realm) {
+      where.realm = options.realm;
+    }
+    UserModel.findOne({ where: where }, function(err, user) {
       if (err) {
         return cb(err);
       }
diff --git a/test/user.test.js b/test/user.test.js
@@ -15,6 +15,7 @@ describe('User', function() {
   var validCredentials = {email: validCredentialsEmail, password: 'bar'};
   var validCredentialsEmailVerified = {email: 'foo1@bar.com', password: 'bar1', emailVerified: true};
   var validCredentialsEmailVerifiedOverREST = {email: 'foo2@bar.com', password: 'bar2', emailVerified: true};
+  var validCredentialsWithRealm = {email: 'foo3@bar.com', password: 'bar', realm: 'foobar'};
   var validCredentialsWithTTL = {email: 'foo@bar.com', password: 'bar', ttl: 3600};
   var validCredentialsWithTTLAndScope = {email: 'foo@bar.com', password: 'bar', ttl: 3600, scope: 'all'};
   var validMixedCaseEmailCredentials = {email: 'Foo@bar.com', password: 'bar'};
@@ -1878,6 +1879,58 @@ describe('User', function() {
           });
       });
     });
+
+    describe('User.resetPassword(options, cb) requiring realm', function() {
+      var realmUser;
+
+      beforeEach(function(done) {
+        User.create(validCredentialsWithRealm, function(err, u) {
+          if (err) return done(err);
+
+          realmUser = u;
+          done();
+        });
+      });
+
+      it('Reports when email is not found in realm', function(done) {
+        User.resetPassword({
+          email: realmUser.email,
+          realm: 'unknown'
+        }, function(err) {
+          assert(err);
+          assert.equal(err.code, 'EMAIL_NOT_FOUND');
+          assert.equal(err.statusCode, 404);
+
+          done();
+        });
+      });
+
+      it('Creates a temp accessToken to allow a user in realm to change password', function(done) {
+        var calledBack = false;
+
+        User.resetPassword({
+          email: realmUser.email,
+          realm: realmUser.realm
+        }, function() {
+          calledBack = true;
+        });
+
+        User.once('resetPasswordRequest', function(info) {
+          assert(info.email);
+          assert(info.accessToken);
+          assert(info.accessToken.id);
+          assert.equal(info.accessToken.ttl / 60, 15);
+          assert(calledBack);
+          info.accessToken.user(function(err, user) {
+            if (err) return done(err);
+
+            assert.equal(user.email, realmUser.email);
+
+            done();
+          });
+        });
+      });
+    });
   });
 
   describe('Email Update', function() {
