From 9d4fa6fd4e13c6beab3b9f5d7dabba0fecf46437 Mon Sep 17 00:00:00 2001 From: Keith Holliday Date: Sun, 24 Jul 2016 17:23:19 -0500 Subject: [PATCH 1/3] Added new user flag when user registers with facebook --- website/server/controllers/api-v3/auth.js | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/website/server/controllers/api-v3/auth.js b/website/server/controllers/api-v3/auth.js index d69597808d..2dd925efe7 100644 --- a/website/server/controllers/api-v3/auth.js +++ b/website/server/controllers/api-v3/auth.js @@ -162,8 +162,10 @@ api.registerLocal = { }; function _loginRes (user, req, res) { + var newUser = false; + if (user.newUser) newUser = true; if (user.auth.blocked) throw new NotAuthorized(res.t('accountSuspended', {userId: user._id})); - return res.respond(200, {id: user._id, apiToken: user.apiToken}); + return res.respond(200, {id: user._id, apiToken: user.apiToken, newUser}); } /** @@ -260,6 +262,7 @@ api.loginSocial = { let savedUser = await user.save(); + user.newUser = true; _loginRes(user, ...arguments); // Clean previous email preferences From e6dd8cc03a424e8b3c080bc6e51cc508a59c8739 Mon Sep 17 00:00:00 2001 From: Keith Holliday Date: Wed, 27 Jul 2016 14:27:21 -0500 Subject: [PATCH 2/3] Added tests for Facebook auth --- .../user/auth/POST-login-local.test.js | 6 ++ .../user/auth/POST-user_auth_social.test.js | 59 +++++++++++++++++++ website/server/controllers/api-v3/auth.js | 4 +- 3 files changed, 66 insertions(+), 3 deletions(-) create mode 100644 test/api/v3/integration/user/auth/POST-user_auth_social.test.js diff --git a/test/api/v3/integration/user/auth/POST-login-local.test.js b/test/api/v3/integration/user/auth/POST-login-local.test.js index 571b23c3ea..86a49ff548 100644 --- a/test/api/v3/integration/user/auth/POST-login-local.test.js +++ b/test/api/v3/integration/user/auth/POST-login-local.test.js @@ -13,6 +13,7 @@ describe('POST /user/auth/local/login', () => { api = requester(); user = await generateUser(); }); + it('success with username', async () => { let response = await api.post(endpoint, { username: user.auth.local.username, @@ -20,6 +21,7 @@ describe('POST /user/auth/local/login', () => { }); expect(response.apiToken).to.eql(user.apiToken); }); + it('success with email', async () => { let response = await api.post(endpoint, { username: user.auth.local.email, @@ -27,6 +29,7 @@ describe('POST /user/auth/local/login', () => { }); expect(response.apiToken).to.eql(user.apiToken); }); + it('user is blocked', async () => { await user.update({ 'auth.blocked': 1 }); await expect(api.post(endpoint, { @@ -38,6 +41,7 @@ describe('POST /user/auth/local/login', () => { message: t('accountSuspended', { userId: user._id }), }); }); + it('wrong password', async () => { await expect(api.post(endpoint, { username: user.auth.local.username, @@ -48,6 +52,7 @@ describe('POST /user/auth/local/login', () => { message: t('invalidLoginCredentialsLong'), }); }); + it('missing username', async () => { await expect(api.post(endpoint, { password: 'wrong-password', @@ -57,6 +62,7 @@ describe('POST /user/auth/local/login', () => { message: t('invalidReqParams'), }); }); + it('missing password', async () => { await expect(api.post(endpoint, { username: user.auth.local.username, diff --git a/test/api/v3/integration/user/auth/POST-user_auth_social.test.js b/test/api/v3/integration/user/auth/POST-user_auth_social.test.js new file mode 100644 index 0000000000..480b680161 --- /dev/null +++ b/test/api/v3/integration/user/auth/POST-user_auth_social.test.js @@ -0,0 +1,59 @@ +import { + generateUser, + requester, + translate as t, +} from '../../../../../helpers/api-integration/v3'; +import passport from 'passport'; + +describe('POST /user/auth/social', () => { + let api; + let user; + let endpoint = '/user/auth/social'; + let randomAccessToken = '123456'; + let facebookId = 'facebookId'; + let network = 'facebook'; + + before(async () => { + api = requester(); + user = await generateUser(); + + let expectedResult = {id: facebookId}; + let passportFacebookProfile = sinon.stub(passport._strategies.facebook, 'userProfile'); + passportFacebookProfile.yields(null, expectedResult); + }); + + it('fails if network is not facebook', async () => { + await expect(api.post(endpoint, { + authResponse: {access_token: randomAccessToken}, + network: 'NotFacebook', + })).to.eventually.be.rejected.and.eql({ + code: 401, + error: 'NotAuthorized', + message: t('onlyFbSupported'), + }); + }); + + it('registers a new user', async () => { + let response = await api.post(endpoint, { + authResponse: {access_token: randomAccessToken}, + network, + }); + + expect(response.apiToken).to.exist; + expect(response.id).to.exist; + expect(response.newUser).to.be.true; + }); + + it('logs an existing user in', async () => { + await user.update({ 'auth.facebook.id': facebookId }); + + let response = await api.post(endpoint, { + authResponse: {access_token: randomAccessToken}, + network, + }); + + expect(response.apiToken).to.eql(user.apiToken); + expect(response.id).to.eql(user._id); + expect(response.newUser).to.be.false; + }); +}); diff --git a/website/server/controllers/api-v3/auth.js b/website/server/controllers/api-v3/auth.js index 2dd925efe7..4044ccdfe4 100644 --- a/website/server/controllers/api-v3/auth.js +++ b/website/server/controllers/api-v3/auth.js @@ -162,10 +162,8 @@ api.registerLocal = { }; function _loginRes (user, req, res) { - var newUser = false; - if (user.newUser) newUser = true; if (user.auth.blocked) throw new NotAuthorized(res.t('accountSuspended', {userId: user._id})); - return res.respond(200, {id: user._id, apiToken: user.apiToken, newUser}); + return res.respond(200, {id: user._id, apiToken: user.apiToken, newUser: user.newUser || false}); } /** From 2a76f0c8cf09b6bd8287e1de3d62ade6e17e6769 Mon Sep 17 00:00:00 2001 From: Keith Holliday Date: Tue, 2 Aug 2016 14:29:15 -0500 Subject: [PATCH 3/3] Added lint ignore comment --- .../v3/integration/user/auth/POST-user_auth_social.test.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/test/api/v3/integration/user/auth/POST-user_auth_social.test.js b/test/api/v3/integration/user/auth/POST-user_auth_social.test.js index 480b680161..4bcd7b09fe 100644 --- a/test/api/v3/integration/user/auth/POST-user_auth_social.test.js +++ b/test/api/v3/integration/user/auth/POST-user_auth_social.test.js @@ -24,7 +24,7 @@ describe('POST /user/auth/social', () => { it('fails if network is not facebook', async () => { await expect(api.post(endpoint, { - authResponse: {access_token: randomAccessToken}, + authResponse: {access_token: randomAccessToken}, // eslint-disable-line camelcase network: 'NotFacebook', })).to.eventually.be.rejected.and.eql({ code: 401, @@ -35,7 +35,7 @@ describe('POST /user/auth/social', () => { it('registers a new user', async () => { let response = await api.post(endpoint, { - authResponse: {access_token: randomAccessToken}, + authResponse: {access_token: randomAccessToken}, // eslint-disable-line camelcase network, }); @@ -48,7 +48,7 @@ describe('POST /user/auth/social', () => { await user.update({ 'auth.facebook.id': facebookId }); let response = await api.post(endpoint, { - authResponse: {access_token: randomAccessToken}, + authResponse: {access_token: randomAccessToken}, // eslint-disable-line camelcase network, });