Merge pull request #17 from the-t-in-rtf/GH-16

GH-16: Add ability to unlock user with an email address.

src/js/server/utils.js

@@ -173,7 +173,7 @@ fluid.express.user.utils.verifyPassword = function (userRecord, password) {
  * Otherwise a standard error Object is returned.
  *
  * @param {fluid.express.user.utils} that - Utils component.
- * @param {String} username - Username to use for record lookup.
+ * @param {String} username - Username (or email address) to use for record lookup.
  * @param {String} password - Clear text password to validate record with.
  * @return {fluid.promise} - Promise resolving with a `userData` record if the password is correct, otherwise
  * rejecting with an `isError` Object.
@@ -182,7 +182,7 @@ fluid.express.user.utils.unlockUser = function (that, username, password) {
     var promiseTogo = fluid.promise();
     that.byUsernameOrEmailReader.get({username: username}).then(
         function (body) {
-            if (body.username) {
+            if (body.username || body.email) {
                 var user = body;
                 var encodedPassword = fluid.express.user.password.encode(password, user.salt, user.iterations, user.keyLength, user.digest);
                 if (encodedPassword === user.derived_key) {

tests/js/server/forgot-tests.js

@@ -36,6 +36,11 @@ fluid.defaults("fluid.tests.express.user.reset.caseHolder", {
         password: "Password1",
         confirm:  "Password1"
     },
+    emailUser: {
+        email:    "existing@localhost",
+        password: "Password1",
+        confirm:  "Password1"
+    },
     components: {
         cookieJar: {
             type: "kettle.test.cookieJar"
@@ -79,6 +84,24 @@ fluid.defaults("fluid.tests.express.user.reset.caseHolder", {
                 method:   "POST"
             }
         },
+        emailResetForgotRequest: {
+            type: "fluid.test.express.user.request",
+            options: {
+                endpoint: "api/user/forgot",
+                method:   "POST"
+            }
+        },
+        emailResetResetRequest: {
+            type: "fluid.test.express.user.request",
+            options: {
+                user: "{caseHolder}.options.testUser",
+                endpoint: "api/user/reset/%code",
+                method:   "POST",
+                termMap: {
+                    "code": "%code"
+                }
+            }
+        },
         mismatchedPasswordsForgotRequest: {
             type: "fluid.test.express.user.request",
             options: {
@@ -157,6 +180,33 @@ fluid.defaults("fluid.tests.express.user.reset.caseHolder", {
                         }
                     ]
                 },
+                // emailResetForgotRequest
+                {
+                    name: "Testing resetting a user's password using an email address...",
+                    type: "test",
+                    sequence: [
+                        {
+                            func: "{emailResetForgotRequest}.send",
+                            args: [ { email: "{that}.options.testUser.email" } ]
+                        },
+                        // If we catch this event, the timing won't work out to cache the initial response.  We can safely ignore it for now.
+                        //{
+                        //    listener: "fluid.tests.express.user.reset.caseHolder.verifyResponse",
+                        //    event: "{fullResetForgotRequest}.events.onComplete",
+                        //    args: ["{fullResetForgotRequest}", "{fullResetForgotRequest}.nativeResponse", "{arguments}.0", 200]
+                        //},
+                        {
+                            listener: "fluid.tests.express.user.reset.caseHolder.fullResetExtractCodeFromEmailAndReset",
+                            event:    "{testEnvironment}.smtp.mailServer.events.onMessageReceived",
+                            args:     ["{testEnvironment}", "{emailResetResetRequest}"] // testEnvironment, resetRequest
+                        },
+                        {
+                            listener: "fluid.tests.express.user.reset.caseHolder.verifyResponse",
+                            event: "{emailResetResetRequest}.events.onComplete",
+                            args: ["{emailResetResetRequest}.nativeResponse", "{arguments}.0", 200, ["message"]]
+                        }
+                    ]
+                },
                 {
                     name: "Attempt to reset a password with a mismatched confirmation password.",
                     type: "test",

tests/js/server/utils-tests.js

@@ -60,7 +60,7 @@ fluid.defaults("fluid.tests.express.user.utils.caseHolder", {
                     ]
                 },
                 {
-                    name: "Testing unlocking a user with correct credentials.",
+                    name: "Testing unlocking a user with a correct username and password.",
                     type: "test",
                     sequence: [
                         {
@@ -71,6 +71,18 @@ fluid.defaults("fluid.tests.express.user.utils.caseHolder", {
                         }
                     ]
                 },
+                {
+                    name: "Testing unlocking a user with a correct email address and password.",
+                    type: "test",
+                    sequence: [
+                        {
+                            task: "fluid.tests.express.user.utils.unlockPromise",
+                            args: ["{fluid.express.user.utils}", "existing@localhost", "password"],
+                            resolve: "jqUnit.assertEquals",
+                            resolveArgs: ["Check verified username", "existing", "{arguments}.0.username"]
+                        }
+                    ]
+                },
                 {
                     name: "Testing not unlocking a user with incorrect credentials.",
                     type: "test",