npm - apostrophe - Versions diffs - 3.31.0 → 3.32.0 - Mend

apostrophe 3.31.0 → 3.32.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (59) hide show

package/test/login.js CHANGED Viewed

@@ -1,19 +1,14 @@
 const t = require('../test-lib/test.js');
-const assert = require('assert');
-let apos;
+const assert = require('assert').strict;
 describe('Login', function() {
+  let apos;
+  let resetUserId;
+  let resetToken;
   this.timeout(20000);
-  after(function() {
-    return t.destroy(apos);
-  });
-  // EXISTENCE
-  it('should initialize', async function() {
+  before(async function () {
     apos = await t.create({
       root: module,
       modules: {
@@ -25,9 +20,24 @@ describe('Login', function() {
               }
             }
           }
+        },
+        '@apostrophecms/login': {
+          options: {
+            passwordReset: true
+          }
         }
       }
     });
+  });
+  after(function() {
+    return t.destroy(apos);
+  });
+  // EXISTENCE
+  it('should initialize', async function() {
+    assert(apos);
     assert(apos.modules['@apostrophecms/login']);
     assert(apos.user.safe.remove);
@@ -227,7 +237,7 @@ describe('Login', function() {
     assert(page.match(/logged out/));
   });
-  it('Changing a user\'s password should invalidate sessions for that user', async function() {
+  it('changing a user\'s password should invalidate sessions for that user', async function() {
     const jar = apos.http.jar();
@@ -341,7 +351,7 @@ describe('Login', function() {
   });
-  it('Changing a user\'s password should invalidate bearer tokens for that user', async function() {
+  it('changing a user\'s password should invalidate bearer tokens for that user', async function() {
     // Log in
     let response = await apos.http.post('/api/v1/@apostrophecms/login/login', {
@@ -447,4 +457,409 @@ describe('Login', function() {
     assert(!page2.match(/Bob Smith/));
     assert(page2.match(/System Task/));
   });
+  it('should validate POST /login/reset-request', async function() {
+    const jar = apos.http.jar();
+    await apos.http.get(
+      '/',
+      {
+        jar
+      }
+    );
+    await assert.rejects(() => apos.http.post(
+      '/api/v1/@apostrophecms/login/reset-request',
+      {
+        body: {
+          session: true
+        },
+        jar
+      }
+    ), {
+      status: 400
+    });
+  });
+  it('should hide sensitive exceptions POST /login/reset-request', async function() {
+    let log;
+    const orig = apos.util.error;
+    apos.util.error = (m) => {
+      log = m;
+    };
+    const jar = apos.http.jar();
+    await apos.http.get(
+      '/',
+      {
+        jar
+      }
+    );
+    await apos.http.post(
+      '/api/v1/@apostrophecms/login/reset-request',
+      {
+        body: {
+          email: 'invalidUser',
+          session: true
+        },
+        jar
+      }
+    );
+    assert.match(log, /invalidUser/);
+    const user = apos.user.newInstance();
+    user.title = 'noEmail';
+    user.username = 'noEmail';
+    user.password = 'secret';
+    user.role = 'guest';
+    await apos.user.insert(apos.task.getReq(), user);
+    await apos.http.post(
+      '/api/v1/@apostrophecms/login/reset-request',
+      {
+        body: {
+          email: 'noEmail',
+          session: true
+        },
+        jar
+      }
+    );
+    assert.match(log, /noEmail/);
+    apos.util.error = orig;
+  });
+  it('should reset password POST /login/reset-request (request)', async function() {
+    let args;
+    const orig = apos.login.email;
+    apos.login.email = (req, ...a) => {
+      args = a;
+    };
+    const jar = apos.http.jar();
+    await apos.http.get(
+      '/',
+      {
+        jar
+      }
+    );
+    let user = apos.user.newInstance();
+    user.title = 'resetUser';
+    user.email = 'resetUser@example.com';
+    user.username = 'resetUser';
+    user.password = 'secret';
+    user.role = 'guest';
+    user = await apos.user.insert(apos.task.getReq(), user);
+    resetUserId = user._id;
+    await apos.http.post(
+      '/api/v1/@apostrophecms/login/reset-request',
+      {
+        body: {
+          email: 'resetUser',
+          session: true
+        },
+        jar
+      }
+    );
+    {
+      assert(Array.isArray(args));
+      const [ template, data, opts ] = args;
+      assert(template);
+      assert.deepEqual(data.user._id, user._id);
+      assert(data.user.passwordResetAt);
+      assert.match(data.url, /\/login\?reset=/);
+      assert.match(data.url, /&email=/);
+      assert(data.site);
+      assert.equal(opts.to, user.email);
+      assert(opts.subject);
+    }
+    await apos.http.post(
+      '/api/v1/@apostrophecms/login/reset-request',
+      {
+        body: {
+          email: 'resetUser@example.com',
+          session: true
+        },
+        jar
+      }
+    );
+    {
+      assert(Array.isArray(args));
+      const [ template, data, opts ] = args;
+      assert(template);
+      assert.deepEqual(data.user._id, user._id);
+      assert(data.user.passwordResetAt);
+      assert.match(data.url, /\/login\?reset=/);
+      assert.match(data.url, /&email=/);
+      assert(data.site);
+      assert.equal(opts.to, user.email);
+      assert(opts.subject);
+      // Safe the token for the reset tests
+      const url = new URL(data.url);
+      resetToken = url.searchParams.get('reset');
+    }
+    apos.login.email = orig;
+  });
+  it('should reset password GET /login/reset (validate)', async function() {
+    const user = await apos.doc.db.findOne({ _id: resetUserId });
+    // Fail
+    await assert.rejects(() => apos.http.get(
+      '/api/v1/@apostrophecms/login/reset',
+      {
+        qs: {}
+      }
+    ), {
+      status: 400
+    });
+    await assert.rejects(() => apos.http.get(
+      '/api/v1/@apostrophecms/login/reset',
+      {
+        qs: {
+          reset: 'invalid',
+          email: user.username
+        }
+      }
+    ), {
+      status: 400
+    });
+    await assert.rejects(() => apos.http.get(
+      '/api/v1/@apostrophecms/login/reset',
+      {
+        qs: {
+          reset: resetToken,
+          email: 'invalid'
+        }
+      }
+    ), {
+      status: 400
+    });
+    // Success
+    await apos.http.get(
+      '/api/v1/@apostrophecms/login/reset',
+      {
+        qs: {
+          reset: resetToken,
+          email: user.username
+        }
+      }
+    );
+    await apos.http.get(
+      '/api/v1/@apostrophecms/login/reset',
+      {
+        qs: {
+          reset: resetToken,
+          email: user.email
+        }
+      }
+    );
+  });
+  it('should reset password POST /login/reset (validate & reset)', async function() {
+    const jar = apos.http.jar();
+    const user = await apos.doc.db.findOne({ _id: resetUserId });
+    await apos.http.get(
+      '/',
+      {
+        jar
+      }
+    );
+    // Validate
+    await assert.rejects(() => apos.http.post(
+      '/api/v1/@apostrophecms/login/reset',
+      {
+        body: {
+          session: true
+        },
+        jar
+      }
+    ), {
+      status: 400
+    });
+    await assert.rejects(() => apos.http.post(
+      '/api/v1/@apostrophecms/login/reset',
+      {
+        body: {
+          reset: 'invalid',
+          email: user.email,
+          password: 'new more secret',
+          session: true
+        },
+        jar
+      }
+    ), {
+      status: 400
+    });
+    await assert.rejects(() => apos.http.post(
+      '/api/v1/@apostrophecms/login/reset',
+      {
+        body: {
+          reset: resetToken,
+          email: 'invalid',
+          password: 'new more secret',
+          session: true
+        },
+        jar
+      }
+    ), {
+      status: 400
+    });
+    await assert.rejects(() => apos.http.post(
+      '/api/v1/@apostrophecms/login/reset',
+      {
+        body: {
+          reset: resetToken,
+          email: user.email,
+          password: '',
+          session: true
+        },
+        jar
+      }
+    ), {
+      status: 400
+    });
+    await assert.rejects(() => apos.http.post(
+      '/api/v1/@apostrophecms/login/reset',
+      {
+        body: {
+          // explicit check for boolean cheat!
+          reset: false,
+          email: user.email,
+          password: 'new more secret',
+          session: true
+        },
+        jar
+      }
+    ), {
+      status: 400
+    });
+    // Reset
+    await apos.http.post(
+      '/api/v1/@apostrophecms/login/reset',
+      {
+        body: {
+          reset: resetToken,
+          email: user.email,
+          password: 'new more secret',
+          session: true
+        },
+        jar
+      }
+    );
+    // Can not reset anymore
+    await assert.rejects(() => apos.http.post(
+      '/api/v1/@apostrophecms/login/reset',
+      {
+        body: {
+          reset: resetToken,
+          email: user.email,
+          password: 'new even more secret',
+          session: true
+        },
+        jar
+      }
+    ), {
+      status: 400
+    });
+    // Login with the new password
+    await apos.http.post(
+      '/api/v1/@apostrophecms/login/login',
+      {
+        body: {
+          username: user.email,
+          password: 'new more secret',
+          session: true
+        },
+        jar
+      }
+    );
+    const page = await apos.http.get(
+      '/',
+      {
+        jar
+      }
+    );
+    assert(page.match(/logged in/));
+  });
+  it('should find user by reset data', async function() {
+    let user = apos.user.newInstance();
+    user.title = 'getResetUser';
+    user.email = 'getResetUser@example.com';
+    user.username = 'getResetUser';
+    user.password = 'secret';
+    user.role = 'guest';
+    user = await apos.user.insert(apos.task.getReq(), user);
+    // Find by email
+    {
+      const found = await apos.login.getPasswordResetUser(user.email);
+      assert.equal(found._id, user._id);
+    }
+    // Find by username
+    {
+      const found = await apos.login.getPasswordResetUser(user.username);
+      assert.equal(found._id, user._id);
+    }
+    // Fail with no token
+    await assert.rejects(
+      () => apos.login.getPasswordResetUser(user.username, ''),
+      {
+        message: 'invalid'
+      }
+    );
+    await assert.rejects(
+      () => apos.login.getPasswordResetUser(user.username, null),
+      {
+        message: 'invalid'
+      }
+    );
+    await assert.rejects(
+      () => apos.login.getPasswordResetUser(user.username, 'invalid'),
+      {
+        message: 'notfound'
+      }
+    );
+    user.passwordReset = 'secret';
+    user.passwordResetAt = new Date();
+    user = await apos.user.update(apos.task.getReq(), user);
+    // Find by email and validate token
+    {
+      const found = await apos.login.getPasswordResetUser(user.email, 'secret');
+      assert.equal(found._id, user._id);
+    }
+    // // Find by username and validate token
+    {
+      const found = await apos.login.getPasswordResetUser(user.username, 'secret');
+      assert.equal(found._id, user._id);
+    }
+    await assert.rejects(
+      () => apos.login.getPasswordResetUser(user.username, 'invalid'),
+      {
+        message: 'Incorrect passwordReset'
+      }
+    );
+    // Expired
+    user.passwordResetAt = new Date(0);
+    user = await apos.user.update(apos.task.getReq(), user);
+    await assert.rejects(
+      () => apos.login.getPasswordResetUser(user.username, 'invalid'),
+      {
+        message: 'notfound'
+      }
+    );
+  });
 });

package/test/modules/@company/bundle/index.js ADDED Viewed

@@ -0,0 +1,10 @@
+module.exports = {
+  options: {
+    label: 'Company bundle override'
+  },
+  webpack: {
+    bundles: {
+      company: {}
+    }
+  }
+};

package/test/modules/@company/bundle/ui/src/company.js ADDED Viewed

@@ -0,0 +1,3 @@
+export default () => {
+  console.log('BUNDLE_OVERRIDE_COMPANY');
+};

package/test/modules/@company/bundle/ui/src/company.scss ADDED Viewed

@@ -0,0 +1,3 @@
+.override-company {
+  font-weight: bold;
+}

package/test/modules/bundle-edge/index.js ADDED Viewed

@@ -0,0 +1,10 @@
+module.exports = {
+  options: {
+    label: 'Bundle edge case test'
+  },
+  webpack: {
+    bundles: {
+      edge: {}
+    }
+  }
+};

package/test/modules/bundle-edge/ui/src/edge.js ADDED Viewed

@@ -0,0 +1,3 @@
+export default () => {
+  console.log('BUNDLE_EDGE');
+};

package/test/modules/bundle-edge/ui/src/edge.scss ADDED Viewed

@@ -0,0 +1,3 @@
+.edge {
+  font-weight: bold;
+}

package/test/modules/bundle-page/index.js CHANGED Viewed

@@ -1,7 +1,8 @@
 module.exports = {
-  extend: '@apostrophecms/piece-page-type',
+  extend: 'bundle-page-type',
   webpack: {
     bundles: {
+      main: {},
       extra: {
         templates: [ 'show' ]
       }

package/test/modules/bundle-page/ui/src/extra.js CHANGED Viewed

@@ -1 +1,3 @@
-export default () => {};
+export default () => {
+  console.log('BUNDLE_EXTRA_PAGE');
+};

package/test/modules/bundle-page/ui/src/extra.scss CHANGED Viewed

@@ -0,0 +1,3 @@
+.extra-page {
+  font-weight: bold;
+}

package/test/modules/bundle-page/ui/src/main.js ADDED Viewed

@@ -0,0 +1,3 @@
+export default () => {
+  console.log('BUNDLE_MAIN_PAGE');
+};

package/test/modules/bundle-page/ui/src/main.scss ADDED Viewed

@@ -0,0 +1,3 @@
+.main-page {
+  font-weight: bold;
+}

package/test/modules/bundle-page-type/index.js ADDED Viewed

@@ -0,0 +1,12 @@
+module.exports = {
+  extend: '@apostrophecms/piece-page-type',
+  webpack: {
+    bundles: {
+      main: {},
+      another: {}
+    }
+  },
+  options: {
+    label: 'Bundle base page type'
+  }
+};

package/test/modules/bundle-page-type/ui/src/another.js ADDED Viewed

@@ -0,0 +1,3 @@
+export default () => {
+  console.log('BUNDLE_ANOTHER_PAGE_TYPE');
+};

package/test/modules/bundle-page-type/ui/src/index.js ADDED Viewed

@@ -0,0 +1,3 @@
+export default () => {
+  console.log('BUNDLE_INDEX_PAGE_TYPE');
+};

package/test/modules/bundle-page-type/ui/src/index.scss ADDED Viewed

@@ -0,0 +1,3 @@
+.index-page-type {
+  font-weight: bold;
+}

package/test/modules/bundle-page-type/ui/src/main.js ADDED Viewed

@@ -0,0 +1,3 @@
+export default () => {
+  console.log('BUNDLE_MAIN_PAGE_TYPE');
+};

package/test/modules/bundle-page-type/ui/src/main.scss ADDED Viewed

@@ -0,0 +1,3 @@
+.main-page-type {
+  font-weight: bold;
+}

package/test/modules/bundle-widget/ui/src/extra2.js CHANGED Viewed

@@ -1 +1,3 @@
-export default () => {};
+export default () => {
+  console.log('BUNDLE_WIDGET_EXTRA2');
+};

package/test-lib/test.js CHANGED Viewed

@@ -29,7 +29,15 @@ const packageJsonInfo = {
   }
 };
 for (const dir of dirs) {
-  packageJsonInfo.dependencies[dir] = '1.0.0';
+  // Add namespaced modules support
+  if (dir.startsWith('@')) {
+    const submodules = fs.readdirSync(path.join(extras, dir));
+    for (const submodule of submodules) {
+      packageJsonInfo.dependencies[`${dir}/${submodule}`] = '1.0.0';
+    }
+  } else {
+    packageJsonInfo.dependencies[dir] = '1.0.0';
+  }
 }
 fs.writeFileSync(packageJson, JSON.stringify(packageJsonInfo, null, '  '));