From afbfbdd01c53e66b9552ce7c66b3cb044407d42b Mon Sep 17 00:00:00 2001
From: Matteo Pagliazzi <matteopagliazzi@gmail.com>
Date: Sat, 21 Nov 2015 14:27:24 +0100
Subject: [PATCH] fix mongoose promise, some user validation, tests urls

---
 .../user/auth/POST-register_local.test.js     | 28 +++++++++----------
 website/src/models/user.js                    |  7 ++---
 website/src/server.js                         |  2 +-
 3 files changed, 18 insertions(+), 19 deletions(-)

diff --git a/test/api/v3/integration/user/auth/POST-register_local.test.js b/test/api/v3/integration/user/auth/POST-register_local.test.js
index 4be22ed0ec..d5bd25a970 100644
--- a/test/api/v3/integration/user/auth/POST-register_local.test.js
+++ b/test/api/v3/integration/user/auth/POST-register_local.test.js
@@ -6,7 +6,7 @@ import {
 import { v4 as generateRandomUserName } from 'uuid';
 import { each } from 'lodash';
 
-describe('POST /user/register/local', () => {
+describe('POST /user/auth/local/register', () => {
   context('username and email are free', () => {
     it('registers a new user', () => {
       let api = requester();
@@ -14,7 +14,7 @@ describe('POST /user/register/local', () => {
       let email = `${username}@example.com`;
       let password = 'password';
 
-      return api.post('/user/register/local', {
+      return api.post('/user/auth/local/register', {
         username:        username,
         email:           email,
         password:        password,
@@ -33,7 +33,7 @@ describe('POST /user/register/local', () => {
       let password = 'password';
       let confirmPassword = 'not password';
 
-      return expect(api.post('/user/register/local', {
+      return expect(api.post('/user/auth/local/register', {
         username:        username,
         email:           email,
         password:        password,
@@ -51,7 +51,7 @@ describe('POST /user/register/local', () => {
       let password = 'password';
       let confirmPassword = 'password';
 
-      return expect(api.post('/user/register/local', {
+      return expect(api.post('/user/auth/local/register', {
         email:           email,
         password:        password,
         confirmPassword: confirmPassword,
@@ -68,7 +68,7 @@ describe('POST /user/register/local', () => {
       let password = 'password';
       let confirmPassword = 'password';
 
-      return expect(api.post('/user/register/local', {
+      return expect(api.post('/user/auth/local/register', {
         username:        username,
         password:        password,
         confirmPassword: confirmPassword,
@@ -85,7 +85,7 @@ describe('POST /user/register/local', () => {
       let email = `${username}@example.com`;
       let confirmPassword = 'password';
 
-      return expect(api.post('/user/register/local', {
+      return expect(api.post('/user/auth/local/register', {
         username:        username,
         email:           email,
         confirmPassword: confirmPassword,
@@ -115,7 +115,7 @@ describe('POST /user/register/local', () => {
       let uniqueEmail = `${generateRandomUserName()}@exampe.com`;
       let password = 'password';
 
-      return expect(api.post('/user/register/local', {
+      return expect(api.post('/user/auth/local/register', {
         username:        username,
         email:           uniqueEmail,
         password:        password,
@@ -132,7 +132,7 @@ describe('POST /user/register/local', () => {
       let uniqueUsername = generateRandomUserName();
       let password = 'password';
 
-      return expect(api.post('/user/register/local', {
+      return expect(api.post('/user/auth/local/register', {
         username:        uniqueUsername,
         email:           email,
         password:        password,
@@ -156,7 +156,7 @@ describe('POST /user/register/local', () => {
     });
 
     it('sets all site tour values to -2 (already seen)', () => {
-      return api.post('/user/register/local', {
+      return api.post('/user/auth/local/register', {
         username:        username,
         email:           email,
         password:        password,
@@ -171,7 +171,7 @@ describe('POST /user/register/local', () => {
     });
 
     it('populates user with default todos, not no other task types', () => {
-      return api.post('/user/register/local', {
+      return api.post('/user/auth/local/register', {
         username:        username,
         email:           email,
         password:        password,
@@ -185,7 +185,7 @@ describe('POST /user/register/local', () => {
     });
 
     it('populates user with default tags', () => {
-      return api.post('/user/register/local', {
+      return api.post('/user/auth/local/register', {
         username:        username,
         email:           email,
         password:        password,
@@ -207,7 +207,7 @@ describe('POST /user/register/local', () => {
     });
 
     it('sets all common tutorial flags to true', () => {
-      return api.post('/user/register/local', {
+      return api.post('/user/auth/local/register', {
         username:        username,
         email:           email,
         password:        password,
@@ -222,7 +222,7 @@ describe('POST /user/register/local', () => {
     });
 
     it('populates user with default todos, habits, and rewards', () => {
-      return api.post('/user/register/local', {
+      return api.post('/user/auth/local/register', {
         username:        username,
         email:           email,
         password:        password,
@@ -236,7 +236,7 @@ describe('POST /user/register/local', () => {
     });
 
     it('populates user with default tags', () => {
-      return api.post('/user/register/local', {
+      return api.post('/user/auth/local/register', {
         username:        username,
         email:           email,
         password:        password,
diff --git a/website/src/models/user.js b/website/src/models/user.js
index f4810bae01..2d001a3ca6 100644
--- a/website/src/models/user.js
+++ b/website/src/models/user.js
@@ -26,7 +26,7 @@ export let schema = new Schema({
 
   auth: {
     blocked: Boolean,
-    facebook: Schema.Types.Mixed, // TODO validate
+    facebook: {type: Schema.Types.Mixed, default: {}}, // TODO validate, IMPORTANT make sure the {} default isn't shared across all user objects
     local: {
       email: {
         type: String,
@@ -610,8 +610,7 @@ function _setProfileName (user) {
 }
 
 schema.pre('validate', function beforeValidateUser (next) {
-  // Validate the auth path (doesn't work with schema.path('auth').validate)
-  if (!this.auth.facebook.id) {
+  if (!this.auth.facebook.id || this.auth.local.email || this.auth.local.username) {
     if (!this.auth.local.email) {
       this.invalidate('auth.local.email', shared.i18n.t('missingEmail'));
       return next();
@@ -624,7 +623,7 @@ schema.pre('validate', function beforeValidateUser (next) {
   }
 
   // Validate password and password confirmation and create hashed version
-  if (this.isModified('auth.local.password') || this.isNew() && !this.auth.facebook.id) {
+  if (this.isModified('auth.local.password') || this.isNew() && !this.auth.facebook.id) { // TODO this does not catch when you already have social auth and password isn't passedß
     if (!this.auth.local.password) {
       this.invalidate('auth.local.password', shared.i18n.t('missingPassword'));
       return next();
diff --git a/website/src/server.js b/website/src/server.js
index aa0013d89e..d5b9176472 100644
--- a/website/src/server.js
+++ b/website/src/server.js
@@ -30,7 +30,7 @@ let app = express();
 // Mongoose configuration
 
 // Use Q promises instead of mpromise in mongoose
-mongoose.Promise = Q;
+mongoose.Promise = Q.Promise;
 let mongooseOptions = !IS_PROD ? {} : {
   replset: { socketOptions: { keepAlive: 1, connectTimeoutMS: 30000 } },
   server: { socketOptions: { keepAlive: 1, connectTimeoutMS: 30000 } },