Reset password fix #1133
Reset password fix #1133
Conversation
| return this.config.database.adaptiveCollection('_User').then(function (collection) { | ||
| // Need direct database access because verification token is not a parse field | ||
| return collection.findOneAndUpdate({ username: username },// query | ||
| { $set: { _perishable_token: null } } // update |
There was a problem hiding this comment.
should we not unset that? to delete value altogether, I recall we had problems with $set: { key: null } with oAuth
There was a problem hiding this comment.
You mean change it to { $unset: { _perishable_token: null } } instead of setting it to null or we should keep the token there? I am open to this. :)
Current coverage is
|
|
@carmenlau updated the pull request. |
|
last tiny thing, can you add a unit test that would get the user from the DB and check that the update it OK? we had a previous unit test and it seemed to be working where it wasn't |
|
@carmenlau updated the pull request. |
1 similar comment
|
@carmenlau updated the pull request. |
carmenlau
force-pushed
the
reset-password-fix
branch
from
271de12
to
ebbda59
Compare
|
Updated! |
| @@ -573,7 +573,15 @@ describe("Password Reset", () => { | |||
| expect(response.body).toEqual('Found. Redirecting to http://localhost:8378/1/apps/password_reset_success.html'); | |||
|
|
|||
| Parse.User.logIn("zxcv", "hello").then(function(user){ | |||
| done(); | |||
| let config = new Config('test'); | |||
|
Travis seems to be drunk... |
|
can you rebase on master, a fix was pushed earlier for the failing builds |
… object in user before save is empty when reset password. parse-community#951
…is not a parse field, cannot clear it through rest. Update it separately. parse-community#951
carmenlau
force-pushed
the
reset-password-fix
branch
from
ebbda59
to
603bf97
Compare
|
Done :) |
|
Sweet, glad to see a fix :) If you want to help with some optimization, the current method does 1 database read (to find the user) and two writes (to update the password, and clear the token) but it could be done with no reads and one write (by making the |
refs #951
There are 2 updates in this PR.
1. Fix cannot reset password, when the app defined user before save.
In the original implementation,
updateUserPasswordupdate the password directly throughRestWritebut theoriginalDataargument is missing. So if the app has defined user before save, reset password will be fail. To fix this, I updatedupdateUserPasswordfunction to reuserestlib update function.2.
_perishable_tokenis a private field, clear it throughRestWritewill cause "Permission denied for this action." error.Fix this by access db directly when clear
_perishable_tokenafter reset password.Let me know for any problems about the PR, hope this help!:)