diff --git a/app/controllers/users/users.profile.server.controller.js b/app/controllers/users/users.profile.server.controller.js index 8f4ea7cb..d6176f30 100755 --- a/app/controllers/users/users.profile.server.controller.js +++ b/app/controllers/users/users.profile.server.controller.js @@ -15,44 +15,36 @@ exports.update = function(req, res) { // Init Variables var user = req.user; - // For security measurement we remove the roles from the req.body object + // To improve security we remove the roles from the req.body object delete req.body.roles; - if (user) { - // Merge existing user - user = _.extend(user, req.body); - user.updated = Date.now(); + // Merge existing user + user = _.extend(user, req.body); + user.updated = Date.now(); - user.save(function(err) { - if (err) { - return res.status(500).send({ - message: errorHandler.getErrorMessage(err) - }); - } - req.login(user, function(loginErr) { - if (err) { - res.status(500).send(loginErr); - } else { - user = helpers.removeSensitiveModelData('private_user', user); - res.json(user); - } + user.save(function(err) { + if (err) { + return res.status(500).send({ + message: errorHandler.getErrorMessage(err) }); - + } + req.login(user, function(loginErr) { + if (err) { + res.status(500).send(loginErr); + } else { + user = helpers.removeSensitiveModelData('private_user', user); + res.json(user); + } }); - } else { - res.status(401).send({ - message: 'User is not signed in' - }); - } + + }); }; /** * Send User */ exports.getUser = function(req, res) { - var _user = helpers.removeSensitiveModelData('private_user', req.user); + var user = helpers.removeSensitiveModelData('private_user', req.user); - res.json(_user); - - res.end(); + return res.json(user); }; diff --git a/app/tests/user.server.routes.test.js b/app/tests/user.server.routes.test.js index ba7960ba..765e70aa 100644 --- a/app/tests/user.server.routes.test.js +++ b/app/tests/user.server.routes.test.js @@ -272,6 +272,79 @@ describe('User CRUD tests', function() { }); }); + it('should be able to update user when logged in', function(done) { + var newUser = {}; + newUser.firstName = 'goodnight'; + newUser.lastName = 'everyone'; + + newUser.email = 'grcg@gcrc.com'; + newUser.username = 'grcg'; + + async.waterfall([ + function(callback) { + userSession.post('/auth/signin') + .send({ + username: _User.username, + password: _User.password + }) + .expect(200) + .end(function(err, res) { + callback(err); + }); + }, + function(callback) { + userSession.put('/users') + .send(newUser) + .expect(200) + .end(function(err, res) { + callback(err); + }); + }, + function(callback) { + User.findOne({ username: newUser.username }) + .exec(function(err, user){ + user.firstName.should.equal(newUser.firstName); + user.lastName.should.equal(newUser.lastName); + user.email.should.equal(newUser.email); + user.username.should.equal(newUser.username); + callback(err); + }); + } + ], function (err) { + done(err); + }); + }); + + it('should be able to fetch user when logged in', function(done) { + async.waterfall([ + function(callback) { + userSession.post('/auth/signin') + .send({ + username: _User.username, + password: _User.password + }) + .expect(200) + .end(function(err, res) { + callback(err); + }); + }, + function(callback) { + userSession.get('/users/me') + .expect(200) + .end(function(err, res) { + var user = res.body; + user.firstName.should.equal(_User.firstName); + user.lastName.should.equal(_User.lastName); + user.email.should.equal(_User.email); + user.username.should.equal(_User.username); + callback(err); + }); + } + ], function (err) { + done(err); + }); + }); + afterEach(function(done){ userSession.get('/auth/signout') .end(function(err, res) {