Skip to content

Commit

Permalink
fix: remove username from verification emails
Browse files Browse the repository at this point in the history
  • Loading branch information
@dblythy
dblythy committed Mar 30, 2023
1 parent 65e5879 commit 78c67d4
Show file tree
Hide file tree
Showing 12 changed files with 132 additions and 216 deletions.
4 changes: 2 additions & 2 deletions spec/AccountLockoutPolicy.spec.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -419,7 +419,7 @@ describe('lockout with password reset option', () => {
await request({
method: 'POST',
url: `${config.publicServerURL}/apps/test/request_password_reset`,
body: `new_password=${newPassword}&token=${token}&username=${username}`,
body: `new_password=${newPassword}&token=${token}`,
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
Expand Down Expand Up @@ -454,7 +454,7 @@ describe('lockout with password reset option', () => {
await request({
method: 'POST',
url: `${config.publicServerURL}/apps/test/request_password_reset`,
body: `new_password=${newPassword}&token=${token}&username=${username}`,
body: `new_password=${newPassword}&token=${token}`,
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
Expand Down
8 changes: 4 additions & 4 deletions spec/EmailVerificationToken.spec.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ describe('Email Verification Token Expiration: ', () => {
}).then(response => {
expect(response.status).toEqual(302);
expect(response.text).toEqual(
'Found. Redirecting to http://localhost:8378/1/apps/invalid_verification_link.html?username=testEmailVerifyTokenValidity&appId=test'
'Found. Redirecting to http://localhost:8378/1/apps/invalid_verification_link.html?appId=test'
);
done();
});
Expand Down Expand Up @@ -133,7 +133,7 @@ describe('Email Verification Token Expiration: ', () => {
}).then(response => {
expect(response.status).toEqual(302);
expect(response.text).toEqual(
'Found. Redirecting to http://localhost:8378/1/apps/verify_email_success.html?username=testEmailVerifyTokenValidity'
'Found. Redirecting to http://localhost:8378/1/apps/verify_email_success.html'
);
done();
});
Expand Down Expand Up @@ -392,7 +392,7 @@ describe('Email Verification Token Expiration: ', () => {
}).then(response => {
expect(response.status).toEqual(302);
expect(response.text).toEqual(
'Found. Redirecting to http://localhost:8378/1/apps/verify_email_success.html?username=testEmailVerifyTokenValidity'
'Found. Redirecting to http://localhost:8378/1/apps/invalid_verification_link.html?appId=test'
);
done();
});
Expand Down Expand Up @@ -445,7 +445,7 @@ describe('Email Verification Token Expiration: ', () => {
}).then(response => {
expect(response.status).toEqual(302);
expect(response.text).toEqual(
'Found. Redirecting to http://localhost:8378/1/apps/invalid_verification_link.html?username=testEmailVerifyTokenValidity&appId=test'
'Found. Redirecting to http://localhost:8378/1/apps/invalid_verification_link.html?appId=test'
);
done();
});
Expand Down
30 changes: 6 additions & 24 deletions spec/PagesRouter.spec.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,7 @@ describe('Pages Router', () => {
const res = await request({
method: 'POST',
url: 'http://localhost:8378/1/apps/test/request_password_reset',
body: `new_password=user1&token=43634643&username=username`,
body: `new_password=user1&token=43634643`,
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
'X-Requested-With': 'XMLHttpRequest',
Expand All @@ -124,7 +124,7 @@ describe('Pages Router', () => {
await request({
method: 'POST',
url: 'http://localhost:8378/1/apps/test/request_password_reset',
body: `new_password=&token=132414&username=Johnny`,
body: `new_password=&token=132414`,
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
'X-Requested-With': 'XMLHttpRequest',
Expand All @@ -137,30 +137,12 @@ describe('Pages Router', () => {
}
});

it('request_password_reset: responds with AJAX error on missing username', async () => {
try {
await request({
method: 'POST',
url: 'http://localhost:8378/1/apps/test/request_password_reset',
body: `new_password=user1&token=43634643&username=`,
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
'X-Requested-With': 'XMLHttpRequest',
},
followRedirects: false,
});
} catch (error) {
expect(error.status).not.toBe(302);
expect(error.text).toEqual('{"code":200,"error":"Missing username"}');
}
});

it('request_password_reset: responds with AJAX error on missing token', async () => {
try {
await request({
method: 'POST',
url: 'http://localhost:8378/1/apps/test/request_password_reset',
body: `new_password=user1&token=&username=Johnny`,
body: `new_password=user1&token=`,
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
'X-Requested-With': 'XMLHttpRequest',
Expand Down Expand Up @@ -577,7 +559,7 @@ describe('Pages Router', () => {
spyOnProperty(Page.prototype, 'defaultFile').and.returnValue(jsonPageFile);

const response = await request({
url: `http://localhost:8378/1/apps/test/request_password_reset?token=exampleToken&username=exampleUsername&locale=${exampleLocale}`,
url: `http://localhost:8378/1/apps/test/request_password_reset?token=exampleToken&locale=${exampleLocale}`,
followRedirects: false,
}).catch(e => e);
expect(response.status).toEqual(200);
Expand Down Expand Up @@ -626,7 +608,7 @@ describe('Pages Router', () => {
await reconfigureServer(config);
const response = await request({
url:
'http://localhost:8378/1/apps/test/request_password_reset?token=exampleToken&username=exampleUsername&locale=de-AT',
'http://localhost:8378/1/apps/test/request_password_reset?token=exampleToken&locale=de-AT',
followRedirects: false,
method: 'POST',
});
Expand All @@ -640,7 +622,7 @@ describe('Pages Router', () => {
await reconfigureServer(config);
const response = await request({
url:
'http://localhost:8378/1/apps/test/request_password_reset?token=exampleToken&username=exampleUsername&locale=de-AT',
'http://localhost:8378/1/apps/test/request_password_reset?token=exampleToken&locale=de-AT',
followRedirects: false,
method: 'GET',
});
Expand Down
42 changes: 21 additions & 21 deletions spec/PasswordPolicy.spec.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,7 @@ describe('Password Policy: ', () => {
})
.then(response => {
expect(response.status).toEqual(302);
const re = /http:\/\/localhost:8378\/1\/apps\/choose_password\?token=[a-zA-Z0-9]+\&id=test\&username=testResetTokenValidity/;
const re = /http:\/\/localhost:8378\/1\/apps\/choose_password\?token=[a-zA-Z0-9]+\&id=test\&/;
expect(response.text.match(re)).not.toBe(null);
done();
})
Expand Down Expand Up @@ -622,7 +622,7 @@ describe('Password Policy: ', () => {
})
.then(response => {
expect(response.status).toEqual(302);
const re = /http:\/\/localhost:8378\/1\/apps\/choose_password\?token=([a-zA-Z0-9]+)\&id=test\&username=user1/;
const re = /http:\/\/localhost:8378\/1\/apps\/choose_password\?token=([a-zA-Z0-9]+)\&id=test\&/;
const match = response.text.match(re);
if (!match) {
fail('should have a token');
Expand All @@ -634,7 +634,7 @@ describe('Password Policy: ', () => {
request({
method: 'POST',
url: 'http://localhost:8378/1/apps/test/request_password_reset',
body: `new_password=has2init&token=${token}&username=user1`,
body: `new_password=has2init&token=${token}`,
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
Expand All @@ -645,7 +645,7 @@ describe('Password Policy: ', () => {
.then(response => {
expect(response.status).toEqual(302);
expect(response.text).toEqual(
'Found. Redirecting to http://localhost:8378/1/apps/password_reset_success.html?username=user1'
'Found. Redirecting to http://localhost:8378/1/apps/password_reset_success.html'
);

Parse.User.logIn('user1', 'has2init')
Expand Down Expand Up @@ -714,7 +714,7 @@ describe('Password Policy: ', () => {
})
.then(response => {
expect(response.status).toEqual(302);
const re = /http:\/\/localhost:8378\/1\/apps\/choose_password\?token=([a-zA-Z0-9]+)\&id=test\&username=user1/;
const re = /http:\/\/localhost:8378\/1\/apps\/choose_password\?token=([a-zA-Z0-9]+)\&id=test\&/;
const match = response.text.match(re);
if (!match) {
fail('should have a token');
Expand All @@ -726,7 +726,7 @@ describe('Password Policy: ', () => {
request({
method: 'POST',
url: 'http://localhost:8378/1/apps/test/request_password_reset',
body: `new_password=hasnodigit&token=${token}&username=user1`,
body: `new_password=hasnodigit&token=${token}`,
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
Expand All @@ -737,7 +737,7 @@ describe('Password Policy: ', () => {
.then(response => {
expect(response.status).toEqual(302);
expect(response.text).toEqual(
`Found. Redirecting to http://localhost:8378/1/apps/choose_password?username=user1&token=${token}&id=test&error=Password%20should%20contain%20at%20least%20one%20digit.&app=passwordPolicy`
`Found. Redirecting to http://localhost:8378/1/apps/choose_password?token=${token}&id=test&error=Password%20should%20contain%20at%20least%20one%20digit.&app=passwordPolicy`
);

Parse.User.logIn('user1', 'has 1 digit')
Expand Down Expand Up @@ -900,7 +900,7 @@ describe('Password Policy: ', () => {
})
.then(response => {
expect(response.status).toEqual(302);
const re = /http:\/\/localhost:8378\/1\/apps\/choose_password\?token=([a-zA-Z0-9]+)\&id=test\&username=user1/;
const re = /http:\/\/localhost:8378\/1\/apps\/choose_password\?token=([a-zA-Z0-9]+)\&id=test\&/;
const match = response.text.match(re);
if (!match) {
fail('should have a token');
Expand All @@ -912,7 +912,7 @@ describe('Password Policy: ', () => {
request({
method: 'POST',
url: 'http://localhost:8378/1/apps/test/request_password_reset',
body: `new_password=xuser12&token=${token}&username=user1`,
body: `new_password=xuser12&token=${token}`,
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
Expand All @@ -923,7 +923,7 @@ describe('Password Policy: ', () => {
.then(response => {
expect(response.status).toEqual(302);
expect(response.text).toEqual(
`Found. Redirecting to http://localhost:8378/1/apps/choose_password?username=user1&token=${token}&id=test&error=Password%20cannot%20contain%20your%20username.&app=passwordPolicy`
`Found. Redirecting to http://localhost:8378/1/apps/choose_password?token=${token}&id=test&error=Password%20cannot%20contain%20your%20username.&app=passwordPolicy`
);

Parse.User.logIn('user1', 'r@nd0m')
Expand Down Expand Up @@ -991,7 +991,7 @@ describe('Password Policy: ', () => {
resolveWithFullResponse: true,
});
expect(response.status).toEqual(302);
const re = /http:\/\/localhost:8378\/1\/apps\/choose_password\?token=([a-zA-Z0-9]+)\&id=test\&username=user1/;
const re = /http:\/\/localhost:8378\/1\/apps\/choose_password\?token=([a-zA-Z0-9]+)\&id=test\&/;
const match = response.text.match(re);
if (!match) {
fail('should have a token');
Expand All @@ -1003,7 +1003,7 @@ describe('Password Policy: ', () => {
await request({
method: 'POST',
url: 'http://localhost:8378/1/apps/test/request_password_reset',
body: `new_password=xuser12&token=${token}&username=user1`,
body: `new_password=xuser12&token=${token}`,
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
'X-Requested-With': 'XMLHttpRequest',
Expand Down Expand Up @@ -1051,7 +1051,7 @@ describe('Password Policy: ', () => {
})
.then(response => {
expect(response.status).toEqual(302);
const re = /http:\/\/localhost:8378\/1\/apps\/choose_password\?token=([a-zA-Z0-9]+)\&id=test\&username=user1/;
const re = /http:\/\/localhost:8378\/1\/apps\/choose_password\?token=([a-zA-Z0-9]+)\&id=test\&/;
const match = response.text.match(re);
if (!match) {
fail('should have a token');
Expand All @@ -1063,7 +1063,7 @@ describe('Password Policy: ', () => {
request({
method: 'POST',
url: 'http://localhost:8378/1/apps/test/request_password_reset',
body: `new_password=uuser11&token=${token}&username=user1`,
body: `new_password=uuser11&token=${token}`,
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
Expand All @@ -1074,7 +1074,7 @@ describe('Password Policy: ', () => {
.then(response => {
expect(response.status).toEqual(302);
expect(response.text).toEqual(
'Found. Redirecting to http://localhost:8378/1/apps/password_reset_success.html?username=user1'
'Found. Redirecting to http://localhost:8378/1/apps/password_reset_success.html'
);

Parse.User.logIn('user1', 'uuser11')
Expand Down Expand Up @@ -1317,7 +1317,7 @@ describe('Password Policy: ', () => {
})
.then(response => {
expect(response.status).toEqual(302);
const re = /http:\/\/localhost:8378\/1\/apps\/choose_password\?token=([a-zA-Z0-9]+)\&id=test\&username=user1/;
const re = /http:\/\/localhost:8378\/1\/apps\/choose_password\?token=([a-zA-Z0-9]+)\&id=test\&/;
const match = response.text.match(re);
if (!match) {
fail('should have a token');
Expand All @@ -1329,7 +1329,7 @@ describe('Password Policy: ', () => {
request({
method: 'POST',
url: 'http://localhost:8378/1/apps/test/request_password_reset',
body: `new_password=uuser11&token=${token}&username=user1`,
body: `new_password=uuser11&token=${token}`,
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
Expand All @@ -1340,7 +1340,7 @@ describe('Password Policy: ', () => {
.then(response => {
expect(response.status).toEqual(302);
expect(response.text).toEqual(
'Found. Redirecting to http://localhost:8378/1/apps/password_reset_success.html?username=user1'
'Found. Redirecting to http://localhost:8378/1/apps/password_reset_success.html'
);

Parse.User.logIn('user1', 'uuser11')
Expand Down Expand Up @@ -1472,7 +1472,7 @@ describe('Password Policy: ', () => {
})
.then(response => {
expect(response.status).toEqual(302);
const re = /http:\/\/localhost:8378\/1\/apps\/choose_password\?token=([a-zA-Z0-9]+)\&id=test\&username=user1/;
const re = /http:\/\/localhost:8378\/1\/apps\/choose_password\?token=([a-zA-Z0-9]+)\&id=test\&/;
const match = response.text.match(re);
if (!match) {
fail('should have a token');
Expand All @@ -1484,7 +1484,7 @@ describe('Password Policy: ', () => {
return request({
method: 'POST',
url: 'http://localhost:8378/1/apps/test/request_password_reset',
body: `new_password=user1&token=${token}&username=user1`,
body: `new_password=user1&token=${token}`,
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
Expand All @@ -1500,7 +1500,7 @@ describe('Password Policy: ', () => {
const token = data[1];
expect(response.status).toEqual(302);
expect(response.text).toEqual(
`Found. Redirecting to http://localhost:8378/1/apps/choose_password?username=user1&token=${token}&id=test&error=New%20password%20should%20not%20be%20the%20same%20as%20last%201%20passwords.&app=passwordPolicy`
`Found. Redirecting to http://localhost:8378/1/apps/choose_password?token=${token}&id=test&error=New%20password%20should%20not%20be%20the%20same%20as%20last%201%20passwords.&app=passwordPolicy`
);
done();
return Promise.resolve();
Expand Down
26 changes: 2 additions & 24 deletions spec/PublicAPI.spec.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,28 +10,6 @@ const request = function (url, callback) {
};

describe('public API', () => {
it('should return missing username error on ajax request without username provided', async () => {
await reconfigureServer({
publicServerURL: 'http://localhost:8378/1',
});

try {
await req({
method: 'POST',
url: 'http://localhost:8378/1/apps/test/request_password_reset',
body: `new_password=user1&token=43634643&username=`,
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
'X-Requested-With': 'XMLHttpRequest',
},
followRedirects: false,
});
} catch (error) {
expect(error.status).not.toBe(302);
expect(error.text).toEqual('{"code":200,"error":"Missing username"}');
}
});

it('should return missing token error on ajax request without token provided', async () => {
await reconfigureServer({
publicServerURL: 'http://localhost:8378/1',
Expand All @@ -41,7 +19,7 @@ describe('public API', () => {
await req({
method: 'POST',
url: 'http://localhost:8378/1/apps/test/request_password_reset',
body: `new_password=user1&token=&username=Johnny`,
body: `new_password=user1&token=`,
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
'X-Requested-With': 'XMLHttpRequest',
Expand All @@ -63,7 +41,7 @@ describe('public API', () => {
await req({
method: 'POST',
url: 'http://localhost:8378/1/apps/test/request_password_reset',
body: `new_password=&token=132414&username=Johnny`,
body: `new_password=&token=132414`,
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
'X-Requested-With': 'XMLHttpRequest',
Expand Down
Loading

0 comments on commit 78c67d4

Please sign in to comment.