jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Add email query param to reset code path

Browse Source 
This reduces any attack surface
This commit is contained in:
Girish Ramakrishnan
2018-06-12 17:22:41 -07:00
parent 5a6ea33694
commit 32e6b9024c
8 changed files with 68 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/test/database-test.js
View File

@@ -315,8 +315,8 @@ describe('database', function () {
});
});
it('can get by resetToken fails for empty resetToken', function (done) {
userdb.getByResetToken('', function (error, user) {
it('getByResetToken fails for empty resetToken', function (done) {
userdb.getByResetToken(USER_0.email, '', function (error, user) {
expect(error).to.be.ok();
expect(error.reason).to.be(DatabaseError.INTERNAL_ERROR);
expect(user).to.not.be.ok();
@@ -324,8 +324,17 @@ describe('database', function () {
});
});
it('getByResetToken fails for bad email', function (done) {
userdb.getByResetToken(USER_0.email + 'x', USER_0.resetToken, function (error, user) {
expect(error).to.be.ok();
expect(error.reason).to.be(DatabaseError.NOT_FOUND);
expect(user).to.not.be.ok();
done();
});
});
it('can get by resetToken', function (done) {
userdb.getByResetToken(USER_0.resetToken, function (error, user) {
userdb.getByResetToken(USER_0.email, USER_0.resetToken, function (error, user) {
expect(error).to.not.be.ok();
expect(user).to.eql(USER_0);
done();