Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ajax password reset #5332

Merged
merged 22 commits into from
Mar 14, 2019
Merged

Conversation

moonion
Copy link
Contributor

@moonion moonion commented Jan 30, 2019

These changes will allow more comfortable use of the password reset route, eliminating the redirects and page reloads when reaching it through ajax request.

For example, here on client side we will be able to handle the errors without reloading the page:

    const params = {
      new_password,
      confirm_new_password: new_password,
      username,
      token,
    };

    const formBody = Object.keys(params).map((key) => {
      return encodeURIComponent(key) + '=' + encodeURIComponent(params[key]);
    }).join('&');

    const url = `${Parse.serverURL}/apps/${Parse.applicationId}/request_password_reset`

    return fetch(url, {
      method: 'POST',
      headers: {
        'Content-Type': 'application/x-www-form-urlencoded',
        'X-Requested-With': 'XMLHttpRequest'
      },
      body: formBody
    }).then(fetchresp => {
      return fetchresp.json()
    })
      .then(payload => {
        console.log("CLIENT RESPONSE: ", payload)


        if (payload.code) {
          console.log("SOME ERROR HAPPENED")
          throw payload
        }

        return payload
      }
    )

@moonion moonion closed this Jan 30, 2019
@moonion moonion reopened this Jan 30, 2019
@moonion moonion changed the title Ajax password reset WIP: Ajax password reset Jan 30, 2019
@flovilmart
Copy link
Contributor

@moonion
Copy link
Contributor Author

moonion commented Jan 30, 2019

@flovilmart
req.xhr works for us when we added 'X-Requested-With': 'XMLHttpRequest' header manually

@moonion moonion changed the title WIP: Ajax password reset Ajax password reset Jan 30, 2019
@flovilmart
Copy link
Contributor

flovilmart commented Jan 30, 2019

uhm ok, can you perhaps factor so req.xhr is not all over the place? The current implementation lacks elegance.

let error;
 if (!username) {
    error = new Parse.Error(
	          Parse.Error.USERNAME_MISSING,
	          'Missing username'
	        );
} else if (!token) {
   error = new Parse.Error(
	          Parse.Error.OTHER_CAUSE,
	          'Missing token'
	        );
} else if (!new_password) {
    error = new Parse.Error(
	          Parse.Error.PASSWORD_MISSING,
	          'Missing password'
	        );
}

if (error) {
   if (req.xhr) { throw error }
   return this.invalidLink(res);
}

Copy link
Contributor

@flovilmart flovilmart left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we make the implementation a bit more elegant, right now it's kinda messy.
There are multiple avenues for that, from swapping the promise callbacks depending on the context or what I was suggesting.

src/Routers/PublicAPIRouter.js Outdated Show resolved Hide resolved
@codecov
Copy link

codecov bot commented Jan 30, 2019

Codecov Report

Merging #5332 into master will increase coverage by 0.01%.
The diff coverage is 100%.

Impacted file tree graph

@@            Coverage Diff            @@
##           master   #5332      +/-   ##
=========================================
+ Coverage   93.88%   93.9%   +0.01%     
=========================================
  Files         123     123              
  Lines        9012    9024      +12     
=========================================
+ Hits         8461    8474      +13     
+ Misses        551     550       -1
Impacted Files Coverage Δ
src/Controllers/UserController.js 94.33% <100%> (+0.94%) ⬆️
src/Routers/PublicAPIRouter.js 92.1% <100%> (+0.92%) ⬆️
src/RestWrite.js 93.07% <0%> (ø) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update bf033be...a8d9504. Read the comment docs.

@flovilmart
Copy link
Contributor

@moonion the code is nicer, can you add tests please and make sure they pass?

Sent with GitHawk

@moonion
Copy link
Contributor Author

moonion commented Feb 5, 2019

@flovilmart I believe this will do?

@flovilmart
Copy link
Contributor

flovilmart commented Feb 5, 2019

@moonion I am glad you added a test as it is not passing. I guess it needs more work

Sent with GitHawk

@moonion
Copy link
Contributor Author

moonion commented Feb 5, 2019

Yes, i noticed, though wierdly it passes for me. Trying to figure out what's wrong.

@moonion
Copy link
Contributor Author

moonion commented Feb 5, 2019

if (!username) {
      throw new Error(
        Error.USERNAME_MISSING,
        'Missing username'
      );
    }

Am i supposed to call errors like this in src file? Must have been the source of problem.

@flovilmart
Copy link
Contributor

flovilmart commented Feb 5, 2019

I am not sure what you are referring to. But the test fail, which is either because the test is malformed and the username is improperly passed, or that the implementation cannot read the user as it should.

As it seems only your test is failing, I would think the test is not properly formed

Sent with GitHawk

@moonion
Copy link
Contributor Author

moonion commented Feb 5, 2019

Wait a moment, i must have been looking in the wrong place. According to this https://travis-ci.org/parse-community/parse-server/jobs/489019227 ,for example, its not only my test is failing, but a few others, that are related to the update password function that was changed in the router by my commit. This confuses a bit.

@moonion
Copy link
Contributor Author

moonion commented Feb 5, 2019

Yes, i was confused by "Parse is undefined" in these reports and thought that I need to use Error instead of Parse.Error in src files for some reason. My bad, will revert the changes right now.

@moonion
Copy link
Contributor Author

moonion commented Feb 5, 2019

I am pretty confident this works as intended, can you confirm?

There still seem to be failure when making test related to password policy, since error handling was changed, looking into it.

@flovilmart
Copy link
Contributor

The errors are pretty straightforward in Travis logs. I seems that the changes proposed are breaking existing tests.

Sent with GitHawk

@moonion
Copy link
Contributor Author

moonion commented Feb 5, 2019

Found the error in code. Seems that tests are passing now...

@flovilmart
Copy link
Contributor

@moonion this seems very light on the test side as you only test that the call fails when you fail to provide a username. Can we get at least one test of the 'happy path' which makes sure the call resolves correctly, and appropriately?

@moonion
Copy link
Contributor Author

moonion commented Feb 6, 2019

Right now i replaced the error to show neutral text about wrong username/token, similar to previous "invalid link" error, and check if the error refers to password policy, in which case i show it instead. Probably now tests cover everything in commit if i done everything right.

@moonion
Copy link
Contributor Author

moonion commented Feb 8, 2019

Will this be enough for current merge request?

@flovilmart
Copy link
Contributor

I’ll review later before end of week

Sent with GitHawk

@moonion
Copy link
Contributor Author

moonion commented Feb 8, 2019

Thank you

@moonion
Copy link
Contributor Author

moonion commented Feb 18, 2019

So?..

@flovilmart
Copy link
Contributor

@dplewis would you have a chance to review it?

Sent with GitHawk

Copy link
Member

@dplewis dplewis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a few nits. Looks good so far.

I'm not an expert on password reset but looks like all the success / errors are handled.

@@ -909,6 +909,97 @@ describe('Password Policy: ', () => {
});
});

it('Should return error when password violates Password Policy and reset through ajax', done => {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you rewrite your tests using async / await?

Reading this is confusing with all the nested promises.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

async / await is not used in any of the tests, and i noticed there is actually a lot of branching promises in the other tests, since .catch blocks contain specific error messages for almost each action. Is it really necessary to rewrite this test?

spec/PublicAPI.spec.js Outdated Show resolved Hide resolved
spec/PublicAPI.spec.js Outdated Show resolved Hide resolved
spec/ValidationAndPasswordsReset.spec.js Outdated Show resolved Hide resolved
spec/ValidationAndPasswordsReset.spec.js Outdated Show resolved Hide resolved
src/Routers/PublicAPIRouter.js Show resolved Hide resolved
spec/PublicAPI.spec.js Outdated Show resolved Hide resolved
@moonion
Copy link
Contributor Author

moonion commented Feb 22, 2019

Thank you, will be on it next week.

@dplewis dplewis requested a review from acinader March 14, 2019 19:49
@dplewis
Copy link
Member

dplewis commented Mar 14, 2019

@acinader @moonion A recent PR #5399 was causing this PR to fail. This has been addressed.

Also Cannot read "message" of undefined. error was fixed

Copy link
Contributor

@acinader acinader left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

some questions @dplewis to get up to speed.

@@ -246,7 +246,7 @@ export class UserController extends AdaptableController {
return this.checkResetTokenValidity(username, token)
.then(user => updateUserPassword(user.objectId, password, this.config))
.catch(error => {
if (error.message) {
if (error && error.message) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why would we be in a catch and have no error? that seems bad.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I had the same feeling. I could back track and see what the underlying cause is.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah, we shouldn't throw without a message.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just committed a fix

src/Routers/PublicAPIRouter.js Show resolved Hide resolved
@@ -90,7 +90,7 @@ export class UserController extends AdaptableController {
)
.then(results => {
if (results.length != 1) {
throw undefined;
Copy link
Contributor

@acinader acinader Mar 14, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

did a little git blame sleuthing on this one.

git show 7e868b2

note the comment that used to be there:

       // Trying to verify email when not enabled
       // TODO: Better error here.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't even notice that.

@dplewis dplewis merged commit d84566a into parse-community:master Mar 14, 2019
UnderratedDev pushed a commit to UnderratedDev/parse-server that referenced this pull request Mar 21, 2020
* adapted public api route for use with ajax

* Elegant error handling

* Fixed error return

* Public API error flow redone, tests

* Fixed code to pre-build form

* Public API change password return params

* Reverted errors in resetPassword

* Fixed querystring call

* Success test on ajax password reset

* Added few more routes to tests for coverage

* More tests and redone error return slightly

* Updated error text

* Console logs removal, renamed test, added {} to if

* Wrong error sent

* Revert changes

* Revert "Revert changes"

This reverts commit 68ee2c4.

* real revert of {}

* nits and test fix

* fix tests

* throw proper error
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants