src/Routers/UsersRouter.js

// These methods handle the User-related routes.

import Parse          from 'parse/node';
import Config         from '../Config';
import AccountLockout from '../AccountLockout';
import ClassesRouter  from './ClassesRouter';
import rest           from '../rest';
import Auth           from '../Auth';
import passwordCrypto from '../password';
import RestWrite      from '../RestWrite';
const cryptoUtils = require('../cryptoUtils');

export class UsersRouter extends ClassesRouter {

  className() {
    return '_User';
  }

  handleMe(req) {
    if (!req.info || !req.info.sessionToken) {
      throw new Parse.Error(Parse.Error.INVALID_SESSION_TOKEN, 'invalid session token');
    }
    const sessionToken = req.info.sessionToken;
    return rest.find(req.config, Auth.master(req.config), '_Session',
      { sessionToken },
      { include: 'user' }, req.info.clientSDK)
      .then((response) => {
        if (!response.results ||
          response.results.length == 0 ||
          !response.results[0].user) {
          throw new Parse.Error(Parse.Error.INVALID_SESSION_TOKEN, 'invalid session token');
        } else {
          const user = response.results[0].user;
          // Send token back on the login, because SDKs expect that.
          user.sessionToken = sessionToken;

          // Remove hidden properties.
          for (var key in user) {
            if (user.hasOwnProperty(key)) {
              // Regexp comes from Parse.Object.prototype.validate
              if (key !== "__type" && !(/^[A-Za-z][0-9A-Za-z_]*$/).test(key)) {
                delete user[key];
              }
            }
          }

          return { response: user };
        }
      });
  }

  handleLogIn(req) {
    // Use query parameters instead if provided in url
    if (!req.body.username && req.query.username) {
      req.body = req.query;
    }

    // TODO: use the right error codes / descriptions.
    if (!req.body.username) {
      throw new Parse.Error(Parse.Error.USERNAME_MISSING, 'username is required.');
    }
    if (!req.body.password) {
      throw new Parse.Error(Parse.Error.PASSWORD_MISSING, 'password is required.');
    }
    if (typeof req.body.username !== 'string' || typeof req.body.password !== 'string') {
      throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Invalid username/password.');
    }

    let user;
    let isValidPassword = false;

    return req.config.database.find('_User', { username: req.body.username })
      .then((results) => {
        if (!results.length) {
          throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Invalid username/password.');
        }
        user = results[0];

        if (req.config.verifyUserEmails && req.config.preventLoginWithUnverifiedEmail && !user.emailVerified) {
          throw new Parse.Error(Parse.Error.EMAIL_NOT_FOUND, 'User email is not verified.');
        }
        return passwordCrypto.compare(req.body.password, user.password);
      })
      .then((correct) => {
        isValidPassword = correct;
        const accountLockoutPolicy = new AccountLockout(user, req.config);
        return accountLockoutPolicy.handleLoginAttempt(isValidPassword);
      })
      .then(() => {
        if (!isValidPassword) {
          throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Invalid username/password.');
        }

        // handle password expiry policy
        if (req.config.passwordPolicy && req.config.passwordPolicy.maxPasswordAge) {
          let changedAt = user._password_changed_at;

          if (!changedAt) {
            // password was created before expiry policy was enabled.
            // simply update _User object so that it will start enforcing from now
            changedAt = new Date();
            req.config.database.update('_User', {username: user.username},
              {_password_changed_at: Parse._encode(changedAt)});
          } else {
            // check whether the password has expired
            if (changedAt.__type == 'Date') {
              changedAt = new Date(changedAt.iso);
            }
            // Calculate the expiry time.
            const expiresAt = new Date(changedAt.getTime() + 86400000 * req.config.passwordPolicy.maxPasswordAge);
            if (expiresAt < new Date()) // fail of current time is past password expiry time
              throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Your password has expired. Please reset your password.');
          }
        }

        const token = 'r:' + cryptoUtils.newToken();
        user.sessionToken = token;
        delete user.password;

        // Sometimes the authData still has null on that keys
        // https://github.com/ParsePlatform/parse-server/issues/935
        if (user.authData) {
          Object.keys(user.authData).forEach((provider) => {
            if (user.authData[provider] === null) {
              delete user.authData[provider];
            }
          });
          if (Object.keys(user.authData).length == 0) {
            delete user.authData;
          }
        }

        req.config.filesController.expandFilesInObject(req.config, user);

        const expiresAt = req.config.generateSessionExpiresAt();
        const sessionData = {
          sessionToken: token,
          user: {
            __type: 'Pointer',
            className: '_User',
            objectId: user.objectId
          },
          createdWith: {
            'action': 'login',
            'authProvider': 'password'
          },
          restricted: false,
          expiresAt: Parse._encode(expiresAt)
        };

        if (req.info.installationId) {
          sessionData.installationId = req.info.installationId
        }

        const create = new RestWrite(req.config, Auth.master(req.config), '_Session', null, sessionData);
        return create.execute();
      }).then(() => {
        return { response: user };
      });
  }

  handleLogOut(req) {
    const success = {response: {}};
    if (req.info && req.info.sessionToken) {
      return rest.find(req.config, Auth.master(req.config), '_Session',
        { sessionToken: req.info.sessionToken }, undefined, req.info.clientSDK
      ).then((records) => {
        if (records.results && records.results.length) {
          return rest.del(req.config, Auth.master(req.config), '_Session',
            records.results[0].objectId
          ).then(() => {
            return Promise.resolve(success);
          });
        }
        return Promise.resolve(success);
      });
    }
    return Promise.resolve(success);
  }

  _throwOnBadEmailConfig(req) {
    try {
      Config.validateEmailConfiguration({
        emailAdapter: req.config.userController.adapter,
        appName: req.config.appName,
        publicServerURL: req.config.publicServerURL,
        emailVerifyTokenValidityDuration: req.config.emailVerifyTokenValidityDuration
      });
    } catch (e) {
      if (typeof e === 'string') {
        // Maybe we need a Bad Configuration error, but the SDKs won't understand it. For now, Internal Server Error.
        throw new Parse.Error(Parse.Error.INTERNAL_SERVER_ERROR, 'An appName, publicServerURL, and emailAdapter are required for password reset and email verification functionality.');
      } else {
        throw e;
      }
    }
  }

  handleResetRequest(req) {
    this._throwOnBadEmailConfig(req);

    const { email } = req.body;
    if (!email) {
      throw new Parse.Error(Parse.Error.EMAIL_MISSING, "you must provide an email");
    }
    if (typeof email !== 'string') {
      throw new Parse.Error(Parse.Error.INVALID_EMAIL_ADDRESS, 'you must provide a valid email string');
    }
    const userController = req.config.userController;
    return userController.sendPasswordResetEmail(email).then(() => {
      return Promise.resolve({
        response: {}
      });
    }, err => {
      if (err.code === Parse.Error.OBJECT_NOT_FOUND) {
        throw new Parse.Error(Parse.Error.EMAIL_NOT_FOUND, `No user found with email ${email}.`);
      } else {
        throw err;
      }
    });
  }

  handleVerificationEmailRequest(req) {
    this._throwOnBadEmailConfig(req);

    const { email } = req.body;
    if (!email) {
      throw new Parse.Error(Parse.Error.EMAIL_MISSING, 'you must provide an email');
    }
    if (typeof email !== 'string') {
      throw new Parse.Error(Parse.Error.INVALID_EMAIL_ADDRESS, 'you must provide a valid email string');
    }

    return req.config.database.find('_User', { email: email }).then((results) => {
      if (!results.length || results.length < 1) {
        throw new Parse.Error(Parse.Error.EMAIL_NOT_FOUND, `No user found with email ${email}`);
      }
      const user = results[0];

      if (user.emailVerified) {
        throw new Parse.Error(Parse.Error.OTHER_CAUSE, `Email ${email} is already verified.`);
      }

      const userController = req.config.userController;
      userController.sendVerificationEmail(user);
      return { response: {} };
    });
  }


  mountRoutes() {
    this.route('GET', '/users', req => { return this.handleFind(req); });
    this.route('POST', '/users', req => { return this.handleCreate(req); });
    this.route('GET', '/users/me', req => { return this.handleMe(req); });
    this.route('GET', '/users/:objectId', req => { return this.handleGet(req); });
    this.route('PUT', '/users/:objectId', req => { return this.handleUpdate(req); });
    this.route('DELETE', '/users/:objectId', req => { return this.handleDelete(req); });
    this.route('GET', '/login', req => { return this.handleLogIn(req); });
    this.route('POST', '/logout', req => { return this.handleLogOut(req); });
    this.route('POST', '/requestPasswordReset', req => { return this.handleResetRequest(req); });
    this.route('POST', '/verificationEmailRequest', req => { return this.handleVerificationEmailRequest(req); });
  }
}

export default UsersRouter;
Refactor and deduplicate logic in UsersRouter. 2016-02-11 20:01:14 -08:00			`// These methods handle the User-related routes.`

Adds liniting into the workflow (#3082) * initial linting of src * fix indent to 2 spaces * Removes unnecessary rules * ignore spec folder for now * Spec linting * Fix spec indent * nits * nits * no no-empty rule 2016-11-24 15:47:41 -05:00			`import Parse from 'parse/node';`
Fixes #1649 (#1650) * Regression test #1649 * Address comments * Comment * Change emails to help debug flaky test failures * More logging info to debug flaky tests 2016-05-25 16:48:18 -07:00			`import Config from '../Config';`
Adds ability to set an account lockout policy (#2601) * Adds ability to set account lockout policy * change fit to it in tests 2016-09-02 17:00:47 -07:00			`import AccountLockout from '../AccountLockout';`
Exploring the interface of a mail adapter Add some tests and demonstrate the adapter loading interface 2016-02-16 23:43:09 -08:00			`import ClassesRouter from './ClassesRouter';`
			`import rest from '../rest';`
			`import Auth from '../Auth';`
Refactor and deduplicate logic in UsersRouter. 2016-02-11 20:01:14 -08:00			`import passwordCrypto from '../password';`
Exploring the interface of a mail adapter Add some tests and demonstrate the adapter loading interface 2016-02-16 23:43:09 -08:00			`import RestWrite from '../RestWrite';`
Enable prefer-const lint rule (#3202) 2016-12-07 15:17:05 -08:00			`const cryptoUtils = require('../cryptoUtils');`
Refactor and deduplicate logic in UsersRouter. 2016-02-11 20:01:14 -08:00
			`export class UsersRouter extends ClassesRouter {`

Finding areas that are untested and need love (#4131) * Makes InstallationRouter like others * Adds testing for Range file requests - Fixes issue with small requests (0-2) * Revert "Makes InstallationRouter like others" This reverts commit e2d2a16ebf2757db6138c7b5b33c97c56c69ead6. * Better handling of errors in FilesRouter * Fix incorrectness in range requests * Better/simpler logic * Only on mongo at it requires Gridstore * Open file streaming to all adapters supporting it * Improves coverage of parsers * Ensures depreciation warning is effective * Removes unused function * de-duplicate logic * Removes necessity of overriding req.params.className on subclasses routers * Use babel-preset-env to ensure min-version compatible code * removes dead code * Leverage indexes in order to infer which field is duplicated upon signup - A note mentioned that it would be possible to leverage using the indexes on username/email to infer which is duplicated * Small nit * Better template to match column name * Restores original implementation for safety * nits 2017-09-05 17:51:11 -04:00			`className() {`
			`return '_User';`
Refactor and deduplicate logic in UsersRouter. 2016-02-11 20:01:14 -08:00			`}`

			`handleMe(req) {`
			`if (!req.info \|\| !req.info.sessionToken) {`
Clears session on password change - Fixes error type when passing an invalid session token 2016-02-15 10:12:53 -05:00			`throw new Parse.Error(Parse.Error.INVALID_SESSION_TOKEN, 'invalid session token');`
Refactor and deduplicate logic in UsersRouter. 2016-02-11 20:01:14 -08:00			`}`
Enable prefer-const lint rule (#3202) 2016-12-07 15:17:05 -08:00			`const sessionToken = req.info.sessionToken;`
Refactor and deduplicate logic in UsersRouter. 2016-02-11 20:01:14 -08:00			`return rest.find(req.config, Auth.master(req.config), '_Session',`
No need to transform post-transform keys in mongo adapter 2016-04-25 20:42:19 -07:00			`{ sessionToken },`
Exposes clientSDK into RestQuery, RestWrite and rest 2016-07-12 10:06:13 -04:00			`{ include: 'user' }, req.info.clientSDK)`
Refactor and deduplicate logic in UsersRouter. 2016-02-11 20:01:14 -08:00			`.then((response) => {`
			`if (!response.results \|\|`
			`response.results.length == 0 \|\|`
			`!response.results[0].user) {`
Clears session on password change - Fixes error type when passing an invalid session token 2016-02-15 10:12:53 -05:00			`throw new Parse.Error(Parse.Error.INVALID_SESSION_TOKEN, 'invalid session token');`
Refactor and deduplicate logic in UsersRouter. 2016-02-11 20:01:14 -08:00			`} else {`
Enable prefer-const lint rule (#3202) 2016-12-07 15:17:05 -08:00			`const user = response.results[0].user;`
Send a sessionToken back on /users/me. 2016-02-24 12:51:06 -08:00			`// Send token back on the login, because SDKs expect that.`
			`user.sessionToken = sessionToken;`
Improve email verification (#3681) * Removed hidden keys from users/me. * Ensured that general users cannot update email verified flag. * Updated tests to reflect email verification changes. 2017-05-11 23:14:58 +09:30
			`// Remove hidden properties.`
			`for (var key in user) {`
			`if (user.hasOwnProperty(key)) {`
			`// Regexp comes from Parse.Object.prototype.validate`
			`if (key !== "__type" && !(/^[A-Za-z][0-9A-Za-z_]*$/).test(key)) {`
			`delete user[key];`
			`}`
			`}`
			`}`

Refactor and deduplicate logic in UsersRouter. 2016-02-11 20:01:14 -08:00			`return { response: user };`
			`}`
			`});`
			`}`

			`handleLogIn(req) {`
			`// Use query parameters instead if provided in url`
			`if (!req.body.username && req.query.username) {`
			`req.body = req.query;`
			`}`

			`// TODO: use the right error codes / descriptions.`
			`if (!req.body.username) {`
			`throw new Parse.Error(Parse.Error.USERNAME_MISSING, 'username is required.');`
			`}`
			`if (!req.body.password) {`
			`throw new Parse.Error(Parse.Error.PASSWORD_MISSING, 'password is required.');`
			`}`
Validate username password type when logging in, and validate email when reseting password (#2679) * Validate username password type when logging in, and validate email when reset password * Add test for validation 2016-09-10 00:24:33 +09:00			`if (typeof req.body.username !== 'string' \|\| typeof req.body.password !== 'string') {`
			`throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Invalid username/password.');`
			`}`
Refactor and deduplicate logic in UsersRouter. 2016-02-11 20:01:14 -08:00
			`let user;`
Adds ability to set an account lockout policy (#2601) * Adds ability to set account lockout policy * change fit to it in tests 2016-09-02 17:00:47 -07:00			`let isValidPassword = false;`

Remove 'database' field from request and make all database requests go through config. 2016-02-26 21:17:04 -08:00			`return req.config.database.find('_User', { username: req.body.username })`
Refactor and deduplicate logic in UsersRouter. 2016-02-11 20:01:14 -08:00			`.then((results) => {`
			`if (!results.length) {`
			`throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Invalid username/password.');`
			`}`
			`user = results[0];`
Adds ability to prevent login with unverified emails (#2175) 2016-07-04 12:56:35 -05:00
			`if (req.config.verifyUserEmails && req.config.preventLoginWithUnverifiedEmail && !user.emailVerified) {`
			`throw new Parse.Error(Parse.Error.EMAIL_NOT_FOUND, 'User email is not verified.');`
			`}`
Refactor and deduplicate logic in UsersRouter. 2016-02-11 20:01:14 -08:00			`return passwordCrypto.compare(req.body.password, user.password);`
Adds ability to set an account lockout policy (#2601) * Adds ability to set account lockout policy * change fit to it in tests 2016-09-02 17:00:47 -07:00			`})`
			`.then((correct) => {`
			`isValidPassword = correct;`
Enable prefer-const lint rule (#3202) 2016-12-07 15:17:05 -08:00			`const accountLockoutPolicy = new AccountLockout(user, req.config);`
Adds ability to set an account lockout policy (#2601) * Adds ability to set account lockout policy * change fit to it in tests 2016-09-02 17:00:47 -07:00			`return accountLockoutPolicy.handleLoginAttempt(isValidPassword);`
			`})`
			`.then(() => {`
			`if (!isValidPassword) {`
Refactor and deduplicate logic in UsersRouter. 2016-02-11 20:01:14 -08:00			`throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Invalid username/password.');`
			`}`

Adds password expiry support to password policy (#3068) * Adding support for password expiry policy * Renamed daysBeforeExpiry -> maxPasswordAge 2016-11-21 21:16:38 +05:30			`// handle password expiry policy`
			`if (req.config.passwordPolicy && req.config.passwordPolicy.maxPasswordAge) {`
			`let changedAt = user._password_changed_at;`

			`if (!changedAt) {`
			`// password was created before expiry policy was enabled.`
			`// simply update _User object so that it will start enforcing from now`
			`changedAt = new Date();`
			`req.config.database.update('_User', {username: user.username},`
			`{_password_changed_at: Parse._encode(changedAt)});`
			`} else {`
			`// check whether the password has expired`
			`if (changedAt.__type == 'Date') {`
			`changedAt = new Date(changedAt.iso);`
			`}`
			`// Calculate the expiry time.`
			`const expiresAt = new Date(changedAt.getTime() + 86400000 * req.config.passwordPolicy.maxPasswordAge);`
			`if (expiresAt < new Date()) // fail of current time is past password expiry time`
			`throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Your password has expired. Please reset your password.');`
			`}`
			`}`

Enable prefer-const lint rule (#3202) 2016-12-07 15:17:05 -08:00			`const token = 'r:' + cryptoUtils.newToken();`
Refactor and deduplicate logic in UsersRouter. 2016-02-11 20:01:14 -08:00			`user.sessionToken = token;`
			`delete user.password;`
Properly sets installationId on creating session with 3rd party auth 2016-03-20 10:50:34 -04:00
Fixes #935, cleans up authData null keys on login for android crash 2016-03-11 09:33:09 -05:00			`// Sometimes the authData still has null on that keys`
Properly sets installationId on creating session with 3rd party auth 2016-03-20 10:50:34 -04:00			`// https://github.com/ParsePlatform/parse-server/issues/935`
Fixes #935, cleans up authData null keys on login for android crash 2016-03-11 09:33:09 -05:00			`if (user.authData) {`
			`Object.keys(user.authData).forEach((provider) => {`
			`if (user.authData[provider] === null) {`
			`delete user.authData[provider];`
			`}`
			`});`
			`if (Object.keys(user.authData).length == 0) {`
			`delete user.authData;`
			`}`
			`}`
Properly sets installationId on creating session with 3rd party auth 2016-03-20 10:50:34 -04:00
Refactor and deduplicate logic in UsersRouter. 2016-02-11 20:01:14 -08:00			`req.config.filesController.expandFilesInObject(req.config, user);`

Enable prefer-const lint rule (#3202) 2016-12-07 15:17:05 -08:00			`const expiresAt = req.config.generateSessionExpiresAt();`
			`const sessionData = {`
Refactor and deduplicate logic in UsersRouter. 2016-02-11 20:01:14 -08:00			`sessionToken: token,`
			`user: {`
			`__type: 'Pointer',`
			`className: '_User',`
			`objectId: user.objectId`
			`},`
			`createdWith: {`
			`'action': 'login',`
			`'authProvider': 'password'`
			`},`
			`restricted: false,`
			`expiresAt: Parse._encode(expiresAt)`
			`};`

			`if (req.info.installationId) {`
			`sessionData.installationId = req.info.installationId`
			`}`

Enable prefer-const lint rule (#3202) 2016-12-07 15:17:05 -08:00			`const create = new RestWrite(req.config, Auth.master(req.config), '_Session', null, sessionData);`
Refactor and deduplicate logic in UsersRouter. 2016-02-11 20:01:14 -08:00			`return create.execute();`
			`}).then(() => {`
			`return { response: user };`
			`});`
			`}`

			`handleLogOut(req) {`
Enable prefer-const lint rule (#3202) 2016-12-07 15:17:05 -08:00			`const success = {response: {}};`
Refactor and deduplicate logic in UsersRouter. 2016-02-11 20:01:14 -08:00			`if (req.info && req.info.sessionToken) {`
			`return rest.find(req.config, Auth.master(req.config), '_Session',`
Exposes clientSDK into RestQuery, RestWrite and rest 2016-07-12 10:06:13 -04:00			`{ sessionToken: req.info.sessionToken }, undefined, req.info.clientSDK`
Refactor and deduplicate logic in UsersRouter. 2016-02-11 20:01:14 -08:00			`).then((records) => {`
			`if (records.results && records.results.length) {`
			`return rest.del(req.config, Auth.master(req.config), '_Session',`
			`records.results[0].objectId`
			`).then(() => {`
			`return Promise.resolve(success);`
			`});`
			`}`
			`return Promise.resolve(success);`
			`});`
			`}`
			`return Promise.resolve(success);`
			`}`
Properly sets installationId on creating session with 3rd party auth 2016-03-20 10:50:34 -04:00
Resend Verification Email Endpoint (#3543) * Endpoint to Handle Verification Email Request * Adds tests for verificationEmailRequest endpoint * Better error responses for `/verificationEmailRequest` 2017-03-04 13:30:52 -08:00			`_throwOnBadEmailConfig(req) {`
Fixes #1649 (#1650) * Regression test #1649 * Address comments * Comment * Change emails to help debug flaky test failures * More logging info to debug flaky tests 2016-05-25 16:48:18 -07:00			`try {`
			`Config.validateEmailConfiguration({`
Better e-mail adapter testing (#2208) 2016-07-05 12:08:46 -07:00			`emailAdapter: req.config.userController.adapter,`
Fixes #1649 (#1650) * Regression test #1649 * Address comments * Comment * Change emails to help debug flaky test failures * More logging info to debug flaky tests 2016-05-25 16:48:18 -07:00			`appName: req.config.appName,`
			`publicServerURL: req.config.publicServerURL,`
Adds ability to expire email verify token (#2216) 2016-07-19 01:10:36 -05:00			`emailVerifyTokenValidityDuration: req.config.emailVerifyTokenValidityDuration`
Fixes #1649 (#1650) * Regression test #1649 * Address comments * Comment * Change emails to help debug flaky test failures * More logging info to debug flaky tests 2016-05-25 16:48:18 -07:00			`});`
			`} catch (e) {`
			`if (typeof e === 'string') {`
			`// Maybe we need a Bad Configuration error, but the SDKs won't understand it. For now, Internal Server Error.`
Resend Verification Email Endpoint (#3543) * Endpoint to Handle Verification Email Request * Adds tests for verificationEmailRequest endpoint * Better error responses for `/verificationEmailRequest` 2017-03-04 13:30:52 -08:00			`throw new Parse.Error(Parse.Error.INTERNAL_SERVER_ERROR, 'An appName, publicServerURL, and emailAdapter are required for password reset and email verification functionality.');`
Fixes #1649 (#1650) * Regression test #1649 * Address comments * Comment * Change emails to help debug flaky test failures * More logging info to debug flaky tests 2016-05-25 16:48:18 -07:00			`} else {`
			`throw e;`
			`}`
			`}`
Resend Verification Email Endpoint (#3543) * Endpoint to Handle Verification Email Request * Adds tests for verificationEmailRequest endpoint * Better error responses for `/verificationEmailRequest` 2017-03-04 13:30:52 -08:00			`}`

			`handleResetRequest(req) {`
			`this._throwOnBadEmailConfig(req);`

Enable prefer-const lint rule (#3202) 2016-12-07 15:17:05 -08:00			`const { email } = req.body;`
Fixes #1649 (#1650) * Regression test #1649 * Address comments * Comment * Change emails to help debug flaky test failures * More logging info to debug flaky tests 2016-05-25 16:48:18 -07:00			`if (!email) {`
			`throw new Parse.Error(Parse.Error.EMAIL_MISSING, "you must provide an email");`
			`}`
Validate username password type when logging in, and validate email when reseting password (#2679) * Validate username password type when logging in, and validate email when reset password * Add test for validation 2016-09-10 00:24:33 +09:00			`if (typeof email !== 'string') {`
			`throw new Parse.Error(Parse.Error.INVALID_EMAIL_ADDRESS, 'you must provide a valid email string');`
			`}`
Enable prefer-const lint rule (#3202) 2016-12-07 15:17:05 -08:00			`const userController = req.config.userController;`
Adds liniting into the workflow (#3082) * initial linting of src * fix indent to 2 spaces * Removes unnecessary rules * ignore spec folder for now * Spec linting * Fix spec indent * nits * nits * no no-empty rule 2016-11-24 15:47:41 -05:00			`return userController.sendPasswordResetEmail(email).then(() => {`
			`return Promise.resolve({`
			`response: {}`
			`});`
Fixes #1649 (#1650) * Regression test #1649 * Address comments * Comment * Change emails to help debug flaky test failures * More logging info to debug flaky tests 2016-05-25 16:48:18 -07:00			`}, err => {`
			`if (err.code === Parse.Error.OBJECT_NOT_FOUND) {`
			throw new Parse.Error(Parse.Error.EMAIL_NOT_FOUND, `No user found with email ${email}.`);
			`} else {`
			`throw err;`
			`}`
			`});`
Refactors verify_email, adds public html 2016-02-25 19:04:27 -05:00			`}`
Properly sets installationId on creating session with 3rd party auth 2016-03-20 10:50:34 -04:00
Resend Verification Email Endpoint (#3543) * Endpoint to Handle Verification Email Request * Adds tests for verificationEmailRequest endpoint * Better error responses for `/verificationEmailRequest` 2017-03-04 13:30:52 -08:00			`handleVerificationEmailRequest(req) {`
			`this._throwOnBadEmailConfig(req);`

			`const { email } = req.body;`
			`if (!email) {`
			`throw new Parse.Error(Parse.Error.EMAIL_MISSING, 'you must provide an email');`
			`}`
			`if (typeof email !== 'string') {`
			`throw new Parse.Error(Parse.Error.INVALID_EMAIL_ADDRESS, 'you must provide a valid email string');`
			`}`

			`return req.config.database.find('_User', { email: email }).then((results) => {`
			`if (!results.length \|\| results.length < 1) {`
			throw new Parse.Error(Parse.Error.EMAIL_NOT_FOUND, `No user found with email ${email}`);
			`}`
			`const user = results[0];`

			`if (user.emailVerified) {`
			throw new Parse.Error(Parse.Error.OTHER_CAUSE, `Email ${email} is already verified.`);
			`}`

			`const userController = req.config.userController;`
			`userController.sendVerificationEmail(user);`
			`return { response: {} };`
			`});`
			`}`

Refactor and deduplicate logic in UsersRouter. 2016-02-11 20:01:14 -08:00
Refactors routers 2016-02-19 23:47:44 -05:00			`mountRoutes() {`
			`this.route('GET', '/users', req => { return this.handleFind(req); });`
			`this.route('POST', '/users', req => { return this.handleCreate(req); });`
Reverts calling next() after handling response (#2634) * Revert "Makes sure routes don't overlap and yield a header set error" * removes next() calls in PromiseRouter * Reverts calling next() after response * Adds fail calls when next() calls traverse tests 2016-09-09 17:28:41 -04:00			`this.route('GET', '/users/me', req => { return this.handleMe(req); });`
Refactors routers 2016-02-19 23:47:44 -05:00			`this.route('GET', '/users/:objectId', req => { return this.handleGet(req); });`
			`this.route('PUT', '/users/:objectId', req => { return this.handleUpdate(req); });`
			`this.route('DELETE', '/users/:objectId', req => { return this.handleDelete(req); });`
			`this.route('GET', '/login', req => { return this.handleLogIn(req); });`
			`this.route('POST', '/logout', req => { return this.handleLogOut(req); });`
Resend Verification Email Endpoint (#3543) * Endpoint to Handle Verification Email Request * Adds tests for verificationEmailRequest endpoint * Better error responses for `/verificationEmailRequest` 2017-03-04 13:30:52 -08:00			`this.route('POST', '/requestPasswordReset', req => { return this.handleResetRequest(req); });`
			`this.route('POST', '/verificationEmailRequest', req => { return this.handleVerificationEmailRequest(req); });`
Refactor and deduplicate logic in UsersRouter. 2016-02-11 20:01:14 -08:00			`}`
			`}`

			`export default UsersRouter;`