diff --git a/src/js/server/utils.js b/src/js/server/utils.js index 0f2e2c1..681d8ff 100644 --- a/src/js/server/utils.js +++ b/src/js/server/utils.js @@ -173,7 +173,7 @@ fluid.express.user.utils.verifyPassword = function (userRecord, password) { * Otherwise a standard error Object is returned. * * @param {fluid.express.user.utils} that - Utils component. - * @param {String} username - Username to use for record lookup. + * @param {String} username - Username (or email address) to use for record lookup. * @param {String} password - Clear text password to validate record with. * @return {fluid.promise} - Promise resolving with a `userData` record if the password is correct, otherwise * rejecting with an `isError` Object. @@ -182,7 +182,7 @@ fluid.express.user.utils.unlockUser = function (that, username, password) { var promiseTogo = fluid.promise(); that.byUsernameOrEmailReader.get({username: username}).then( function (body) { - if (body.username) { + if (body.username || body.email) { var user = body; var encodedPassword = fluid.express.user.password.encode(password, user.salt, user.iterations, user.keyLength, user.digest); if (encodedPassword === user.derived_key) { diff --git a/tests/js/server/forgot-tests.js b/tests/js/server/forgot-tests.js index 77e334e..39cad4b 100644 --- a/tests/js/server/forgot-tests.js +++ b/tests/js/server/forgot-tests.js @@ -36,6 +36,11 @@ fluid.defaults("fluid.tests.express.user.reset.caseHolder", { password: "Password1", confirm: "Password1" }, + emailUser: { + email: "existing@localhost", + password: "Password1", + confirm: "Password1" + }, components: { cookieJar: { type: "kettle.test.cookieJar" @@ -79,6 +84,24 @@ fluid.defaults("fluid.tests.express.user.reset.caseHolder", { method: "POST" } }, + emailResetForgotRequest: { + type: "fluid.test.express.user.request", + options: { + endpoint: "api/user/forgot", + method: "POST" + } + }, + emailResetResetRequest: { + type: "fluid.test.express.user.request", + options: { + user: "{caseHolder}.options.testUser", + endpoint: "api/user/reset/%code", + method: "POST", + termMap: { + "code": "%code" + } + } + }, mismatchedPasswordsForgotRequest: { type: "fluid.test.express.user.request", options: { @@ -157,6 +180,33 @@ fluid.defaults("fluid.tests.express.user.reset.caseHolder", { } ] }, + // emailResetForgotRequest + { + name: "Testing resetting a user's password using an email address...", + type: "test", + sequence: [ + { + func: "{emailResetForgotRequest}.send", + args: [ { email: "{that}.options.testUser.email" } ] + }, + // If we catch this event, the timing won't work out to cache the initial response. We can safely ignore it for now. + //{ + // listener: "fluid.tests.express.user.reset.caseHolder.verifyResponse", + // event: "{fullResetForgotRequest}.events.onComplete", + // args: ["{fullResetForgotRequest}", "{fullResetForgotRequest}.nativeResponse", "{arguments}.0", 200] + //}, + { + listener: "fluid.tests.express.user.reset.caseHolder.fullResetExtractCodeFromEmailAndReset", + event: "{testEnvironment}.smtp.mailServer.events.onMessageReceived", + args: ["{testEnvironment}", "{emailResetResetRequest}"] // testEnvironment, resetRequest + }, + { + listener: "fluid.tests.express.user.reset.caseHolder.verifyResponse", + event: "{emailResetResetRequest}.events.onComplete", + args: ["{emailResetResetRequest}.nativeResponse", "{arguments}.0", 200, ["message"]] + } + ] + }, { name: "Attempt to reset a password with a mismatched confirmation password.", type: "test", diff --git a/tests/js/server/utils-tests.js b/tests/js/server/utils-tests.js index d5ce4f6..846219b 100644 --- a/tests/js/server/utils-tests.js +++ b/tests/js/server/utils-tests.js @@ -60,7 +60,7 @@ fluid.defaults("fluid.tests.express.user.utils.caseHolder", { ] }, { - name: "Testing unlocking a user with correct credentials.", + name: "Testing unlocking a user with a correct username and password.", type: "test", sequence: [ { @@ -71,6 +71,18 @@ fluid.defaults("fluid.tests.express.user.utils.caseHolder", { } ] }, + { + name: "Testing unlocking a user with a correct email address and password.", + type: "test", + sequence: [ + { + task: "fluid.tests.express.user.utils.unlockPromise", + args: ["{fluid.express.user.utils}", "existing@localhost", "password"], + resolve: "jqUnit.assertEquals", + resolveArgs: ["Check verified username", "existing", "{arguments}.0.username"] + } + ] + }, { name: "Testing not unlocking a user with incorrect credentials.", type: "test",