github/meteor
1
1
Fork 0
mirror of https://github.com/meteor/meteor.git synced 2026-05-02 03:01:46 -04:00
Code Issues Packages Projects Releases Wiki Activity

[fix #8218] cleaning up reset tokens also cleans up enroll tokens (#8474)

Browse Source 
* solved issue 8218 with expireresettoken removing enroll tokens

* style fix

* tests fix

* solved issue 8218 with expireresettoken removing enroll tokens

* style fix
This commit is contained in:
mutdmour
2017-03-29 17:21:14 +02:00
committed by Jesse Rosenberger
parent be79aa8708
commit 3c011c9dc6
2 changed files with 38 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
packages/accounts-base/accounts_server.js
View File

@@ -1076,14 +1076,16 @@ Ap._generateStampedLoginToken = function () {
///
function expirePasswordToken(accounts, oldestValidDate, tokenFilter, userId) {
var userFilter = userId ? {_id: userId} : {};
accounts.users.update(_.extend(userFilter, tokenFilter, {
const userFilter = userId ? {_id: userId} : {};
const resetRangeOr = {
$or: [
{ "services.password.reset.when": { $lt: oldestValidDate } },
{ "services.password.reset.when": { $lt: +oldestValidDate } }
]
}), {
};
const expireFilter = { $and: [tokenFilter, resetRangeOr] };
accounts.users.update({...userFilter, ...expireFilter}, {
$unset: {
"services.password.reset": ""
}

34
packages/accounts-password/password_tests.js
View File

@@ -1474,7 +1474,7 @@ if (Meteor.isServer) (function () {
);
Tinytest.add(
'passwords - reset password doesn\t work if email changed after email sent',
"passwords - reset password doesn't work if email changed after email sent",
function (test) {
var username = Random.id();
var email = username + '-intercept@example.com';
@@ -1688,15 +1688,45 @@ if (Meteor.isServer) (function () {
function (test) {
var email = test.id + '-intercept@example.com';
var userId = Accounts.createUser({email: email, password: 'password'});
Accounts.sendEnrollmentEmail(userId, email);
test.isTrue(!!Meteor.users.findOne(userId).services.password.reset);
Accounts._expirePasswordEnrollTokens(new Date(), userId);
test.isUndefined(Meteor.users.findOne(userId).services.password.reset);
}
)
Tinytest.add(
"passwords - enroll tokens don't get cleaned up when reset tokens are cleaned up",
function (test) {
var email = test.id + '-intercept@example.com';
var userId = Accounts.createUser({email: email, password: 'password'});
Accounts.sendEnrollmentEmail(userId, email);
var enrollToken = Meteor.users.findOne(userId).services.password.reset;
test.isTrue(enrollToken);
Accounts._expirePasswordResetTokens(new Date(), userId);
test.equal(enrollToken, Meteor.users.findOne(userId).services.password.reset);
}
)
Tinytest.add(
"passwords - reset tokens don't get cleaned up when enroll tokens are cleaned up",
function (test) {
var email = test.id + '-intercept@example.com';
var userId = Accounts.createUser({email: email, password: 'password'});
Accounts.sendResetPasswordEmail(userId, email);
var resetToken = Meteor.users.findOne(userId).services.password.reset;
test.isTrue(resetToken);
Accounts._expirePasswordEnrollTokens(new Date(), userId);
test.equal(resetToken,Meteor.users.findOne(userId).services.password.reset);
}
)
// We should be able to change the username
Tinytest.add("passwords - change username", function (test) {
var username = Random.id();