diff --git a/app/controllers/users/users.password.server.controller.js b/app/controllers/users/users.password.server.controller.js index bdeb0505..9d569bf1 100755 --- a/app/controllers/users/users.password.server.controller.js +++ b/app/controllers/users/users.password.server.controller.js @@ -84,7 +84,6 @@ exports.forgot = function(req, res) { const fn = pug.compileFile(__dirname + "/../../views/templates/reset-password-email.server.view.pug"); res.locals['url'] = 'http://' + req.headers.host + '/auth/reset/' + token; - console.log(res.locals); var renderedHtml = fn(res.locals); done(null, renderedHtml, user); }, @@ -142,9 +141,9 @@ exports.validateResetToken = function(req, res) { }); } if (!user) { - return res.redirect('/#!/password/reset/invalid'); + return res.redirect(400, '/#!/password/reset/invalid'); } - + res.redirect('/#!/password/reset/' + req.params.token); }); }; @@ -187,7 +186,7 @@ exports.reset = function(req, res, next) { done(null, savedUser); }); } else { - done('Password reset token is invalid or has expired.', null); + done('invalid_reset_token', null); } }); }, @@ -211,12 +210,18 @@ exports.reset = function(req, res, next) { } ], function(err) { if (err) { - res.status(500).send({ + if(err === 'invalid_reset_token'){ + return res.status(400).send({ + message: 'Password reset token is invalid or has expired.' + }); + } + + return res.status(500).send({ message: err.message || err }); } - return res.json({ + res.json({ message: 'Successfully changed your password!' }); }); diff --git a/app/tests/form.server.routes.test.js b/app/tests/form.server.routes.test.js index f7b740e9..3de6057d 100644 --- a/app/tests/form.server.routes.test.js +++ b/app/tests/form.server.routes.test.js @@ -9,7 +9,8 @@ var should = require('should'), User = mongoose.model('User'), Form = mongoose.model('Form'), Field = mongoose.model('Field'), - FormSubmission = mongoose.model('FormSubmission'); + FormSubmission = mongoose.model('FormSubmission'), + async = require('async'); /** * Globals @@ -191,7 +192,6 @@ describe('Form Routes Unit tests', function() { done(); }); - }); it(' > should be able to create a Form if form_fields are undefined', function(done) { @@ -242,7 +242,6 @@ describe('Form Routes Unit tests', function() { done(); }); }); - }); it(' > should be able to delete a Form if signed in', function(done) { @@ -277,7 +276,6 @@ describe('Form Routes Unit tests', function() { done(); }); }); - }); it('should be able to save new form while logged in', function(done){ @@ -310,14 +308,70 @@ describe('Form Routes Unit tests', function() { }); }); + it(' > should be able to get list of users\' forms sorted by date created while logged in', function(done) { + var myForm1 = { + title: 'First Form', + language: 'en', + admin: user.id, + form_fields: [ + new Field({'fieldType':'textfield', 'title':'First Name', 'fieldValue': ''}), + new Field({'fieldType':'checkbox', 'title':'nascar', 'fieldValue': ''}), + new Field({'fieldType':'checkbox', 'title':'hockey', 'fieldValue': ''}) + ], + isLive: true + }; + + var myForm2 = { + title: 'Second Form', + language: 'en', + admin: user.id, + form_fields: [ + new Field({'fieldType':'textfield', 'title':'Last Name', 'fieldValue': ''}), + new Field({'fieldType':'checkbox', 'title':'formula one', 'fieldValue': ''}), + new Field({'fieldType':'checkbox', 'title':'football', 'fieldValue': ''}) + ], + isLive: true + }; + + var FormObj1 = new Form(myForm1); + var FormObj2 = new Form(myForm2); + + async.waterfall([ + function(callback) { + FormObj1.save(function(err){ + callback(err); + }); + }, + function(callback) { + FormObj2.save(function(err){ + callback(err); + }); + }, + function(callback) { + loginSession.get('/forms') + .expect(200) + .end(function(err, res) { + res.body.length.should.equal(2); + res.body[0].title.should.equal('Second Form'); + res.body[1].title.should.equal('First Form'); + + // Call the assertion callback + callback(err); + }); + } + ], function (err) { + done(err); + }); + }); + afterEach('should be able to signout user', function(done){ authenticatedSession.get('/auth/signout') .expect(200) .end(function(signoutErr, signoutRes) { - console.log(signoutRes.error.text); - // Handle signout error - if (signoutErr) return done(signoutErr); + if (signoutErr) { + return done(signoutErr); + } authenticatedSession.destroy(); done(); }); diff --git a/app/tests/user.server.routes.test.js b/app/tests/user.server.routes.test.js index 89918285..c8e62ef4 100644 --- a/app/tests/user.server.routes.test.js +++ b/app/tests/user.server.routes.test.js @@ -6,20 +6,19 @@ var should = require('should'), mongoose = require('mongoose'), User = mongoose.model('User'), config = require('../../config/config'), - tmpUser = mongoose.model(config.tempUserCollection); + tmpUser = mongoose.model(config.tempUserCollection), + async = require('async'); /** * Globals */ -var credentials, _User, activateToken, userSession; +var credentials, _User, userSession; /** * Form routes tests */ describe('User CRUD tests', function() { - this.timeout(30000); - - beforeEach(function() { + before(function() { // Create user credentials credentials = { email: 'test732@test.com', @@ -31,77 +30,182 @@ describe('User CRUD tests', function() { _User = { email: credentials.email, username: credentials.username, - password: credentials.password + password: credentials.password, + firstName: 'John', + lastName: 'Smith' }; //Initialize Session userSession = Session(app); }); - it(' > Create, Verify and Activate a User > ', function() { + describe(' > Create, Verify and Activate a User > ', function() { + this.timeout(5000); - it('should be able to create a temporary (non-activated) User', function(done) { - userSession.post('/auth/signup') - .send(_User) - .expect(200) - .end(function(FormSaveErr) { - // Handle error - should.not.exist(FormSaveErr); - - tmpUser.findOne({username: _User.username}, function (err, user) { - should.not.exist(err); + it('should be able to create and activate a User', function(done) { + async.waterfall([ + function(callback) { + userSession.post('/auth/signup') + .send(_User) + .expect(200) + .end(function(err) { + callback(err) + }); + }, + function(callback) { + tmpUser.findOne({username: _User.username}) + .lean() + .exec(function (err, user) { should.exist(user); _User.username.should.equal(user.username); _User.firstName.should.equal(user.firstName); _User.lastName.should.equal(user.lastName); - activateToken = user.GENERATED_VERIFYING_URL; - - userSession.get('/auth/verify/'+activateToken) - .expect(200) - .end(function(VerifyErr, VerifyRes) { - // Handle error - if (VerifyErr) { - return done(VerifyErr); - } - - (VerifyRes.text).should.equal('User successfully verified'); - - userSession.post('/auth/signin') - .send(credentials) - .expect('Content-Type', /json/) - .expect(200) - .end(function(signinErr, signinRes) { - // Handle signin error - if (signinErr) { - return done(signinErr); - } - - var user = signinRes.body; - (user.username).should.equal(credentials.username); - - userSession.get('/auth/signout') - .expect(200) - .end(function(signoutErr, signoutRes) { - - // Handle signout error - if (signoutErr) { - return done(signoutErr); - } - - (signoutRes.text).should.equal('You have successfully logged out.'); - - done(); - }); - }); - }); + callback(err, user.GENERATED_VERIFYING_URL); }); - }); + }, + function(activateToken, callback) { + userSession.get('/auth/verify/' + activateToken) + .expect(200) + .end(function(err, res) { + (res.text).should.equal('User successfully verified'); + callback(err); + }); + }, + function(callback) { + userSession.post('/auth/signin') + .send(credentials) + .expect('Content-Type', /json/) + .expect(200) + .end(function(err, res) { + (res.body.username).should.equal(credentials.username); + callback(err); + }); + }, + function(callback) { + userSession.get('/auth/signout') + .expect(200) + .end(function(err, res) { + (res.text).should.equal('You have successfully logged out.'); + callback(err); + }); + }, + function(callback) { + User.findOne({ username: _User.username }) + .lean() + .exec(function(err, user){ + should.exist(user); + callback(err); + }); + } + ], function (err) { + done(err); + }); + }); + + it('should be able to reset password of a created User with a valid passwordResetToken', function(done) { + var changedPassword = 'password1234'; + var resetPasswordToken; + + async.waterfall([ + function(callback) { + userSession.post('/auth/forgot') + .send({ username: _User.username }) + .expect(200) + .end(function(err) { + callback(err); + }); + }, + function(callback) { + User.findOne({ username: _User.username }) + .lean() + .exec(function(err, user){ + if(err){ + callback(err); + } + callback(null, user.resetPasswordToken) + }); + }, + function(resetPasswordToken, callback) { + userSession.get('/auth/reset/' + resetPasswordToken) + .expect(302) + .end(function(err) { + callback(err, resetPasswordToken); + }); + }, + function(resetPasswordToken, callback) { + userSession.post('/auth/reset/' + resetPasswordToken) + .send({ + newPassword: changedPassword, + verifyPassword: changedPassword + }) + .expect(200) + .end(function(err, res) { + callback(err, resetPasswordToken); + }); + }, + function(resetPasswordToken, callback) { + User.findOne({ username: _User.username }) + .exec(function(err, user){ + should.exist(user); + user.authenticate(changedPassword).should.be.true(); + should.not.exist(user.resetPasswordToken); + + callback(err); + }); + } + ], function (err, result) { + done(err); + }); + }); + + it('should be not able to reset password of a created User with a invalid passwordResetToken', function(done) { + var changedPassword = 'password4321'; + var resetPasswordToken = 'thisIsNotAValidToken'; + + async.waterfall([ + function(callback) { + userSession.post('/auth/forgot') + .send({ username: credentials.username }) + .expect(200) + .end(function(err, res) { + callback(err); + }); + }, + function(callback) { + userSession.get('/auth/reset/' + resetPasswordToken) + .expect(400) + .end(function(err) { + callback(err); + }); + }, + function(callback) { + userSession.post('/auth/reset/' + resetPasswordToken) + .send({ + newPassword: changedPassword, + verifyPassword: changedPassword + }) + .expect(400) + .end(function(err, res) { + callback(err); + }); + }, + function(callback) { + User.findOne({ username: _User.username }) + .exec(function(err, user){ + should.exist(user); + user.authenticate(changedPassword).should.be.false(); + callback(err); + }); + } + ], function (err, result) { + done(err); + }); }); }); - afterEach(function(done) { + after(function(done) { User.remove().exec(function () { tmpUser.remove().exec(function(){ userSession.destroy();