diff --git a/app/routes/users.server.routes.js b/app/routes/users.server.routes.js index 967176ce..86306033 100755 --- a/app/routes/users.server.routes.js +++ b/app/routes/users.server.routes.js @@ -12,6 +12,7 @@ module.exports = function(app) { var users = require('../../app/controllers/users.server.controller'); // Setting up the users profile api + app.route('/users/password').post(users.requiresLogin, users.changePassword); app.route('/users/me').get(auth.isAuthenticatedOrApiKey, users.getUser); app.route('/users').put(auth.isAuthenticatedOrApiKey, users.update); @@ -19,8 +20,7 @@ module.exports = function(app) { app.route('/auth/verify/:token').get(users.validateVerificationToken); app.route('/auth/verify').post(users.resendVerificationEmail); - // Setting up the users password api - app.route('/users/password').post(users.requiresLogin, users.changePassword); + // Setting up the password reset api app.route('/auth/forgot').post(users.forgot); app.route('/auth/reset/:token').get(users.validateResetToken); app.route('/auth/reset/:token').post(users.reset); diff --git a/app/tests/user.server.routes.test.js b/app/tests/user.server.routes.test.js index c8e62ef4..ba7960ba 100644 --- a/app/tests/user.server.routes.test.js +++ b/app/tests/user.server.routes.test.js @@ -21,8 +21,8 @@ describe('User CRUD tests', function() { before(function() { // Create user credentials credentials = { - email: 'test732@test.com', - username: 'test732', + email: 'test099@test.com', + username: 'test099', password: 'password3223' }; @@ -40,8 +40,7 @@ describe('User CRUD tests', function() { }); describe(' > Create, Verify and Activate a User > ', function() { - this.timeout(5000); - + this.timeout(10000); it('should be able to create and activate a User', function(done) { async.waterfall([ function(callback) { @@ -103,6 +102,20 @@ describe('User CRUD tests', function() { }); }); + after(function(done){ + User.remove().exec(done); + }); + }); + + describe(' > Reset Password > ', function(){ + this.timeout(10000); + beforeEach(function(done){ + var UserObj = new User(_User); + UserObj.save(function(err){ + done(err); + }) + }); + it('should be able to reset password of a created User with a valid passwordResetToken', function(done) { var changedPassword = 'password1234'; var resetPasswordToken; @@ -155,6 +168,7 @@ describe('User CRUD tests', function() { }); } ], function (err, result) { + credentials.password = changedPassword; done(err); }); }); @@ -203,6 +217,67 @@ describe('User CRUD tests', function() { }); }); + afterEach(function(done){ + User.remove({ username: credentials.username }).exec(done); + }); + }); + + describe(' > User Profile Changes > ', function(){ + var profileSession = new Session(app); + + this.timeout(10000); + beforeEach(function(done){ + var UserObj = new User(_User); + UserObj.save(function(err, user){ + done(err); + }) + }) + + it('should be able to change password when logged in', function(done) { + var changedPassword = 'aVeryBadPassword'; + + async.waterfall([ + function(callback) { + userSession.post('/auth/signin') + .send({ + username: _User.username, + password: _User.password + }) + .expect(200) + .end(function(err, res) { + callback(err); + }); + }, + function(callback) { + userSession.post('/users/password') + .send({ + currentPassword: _User.password, + newPassword: changedPassword, + verifyPassword: changedPassword + }) + .expect(200) + .end(function(err, res) { + callback(err); + }); + }, + function(callback) { + User.findOne({ username: _User.username }) + .exec(function(err, user){ + user.authenticate(changedPassword).should.be.true(); + callback(err); + }); + } + ], function (err) { + done(err); + }); + }); + + afterEach(function(done){ + userSession.get('/auth/signout') + .end(function(err, res) { + User.remove().exec(done); + }); + }) }); after(function(done) {