From 3f9becaaff3b0eaa9362f062b4c35abfa2d1f0b1 Mon Sep 17 00:00:00 2001
From: Shane Tomlinson <stomlinson@mozilla.com>
Date: Fri, 27 Apr 2012 22:22:09 +0100
Subject: [PATCH] Cleanup after huge rebase.

* /wsapi/complete_email_addition no longer has to bcrypt the password, so the previously mentioned race condition should be a thing of the past.
* in pages/start.js, signUp is now a module so it has to be started.
* in controllers/actions.js doEmailConfirmed is no longer an action and is no longer needed.
---
 lib/wsapi/complete_email_addition.js          | 48 ++-----------------
 resources/static/pages/start.js               |  3 +-
 .../static/test/cases/controllers/actions.js  | 19 --------
 tests/primary-then-secondary-test.js          |  2 +-
 4 files changed, 6 insertions(+), 66 deletions(-)

diff --git a/lib/wsapi/complete_email_addition.js b/lib/wsapi/complete_email_addition.js
index e7c61d66d..0b705abcb 100644
--- a/lib/wsapi/complete_email_addition.js
+++ b/lib/wsapi/complete_email_addition.js
@@ -22,55 +22,13 @@ exports.process = function(req, res) {
       return wsapi.databaseDown(res, err);
     }
 
-    if (!err && r.needs_password && !req.body.pass) {
-      err = "user must choose a password";
-    }
-    if (!err && !r.needs_password && req.body.pass) {
-      err = "a password may not be set at this time";
-    }
-    if (!err && r.needs_password) err = wsapi.checkPassword(req.body.pass);
-
-    if (err) {
-      logger.info("addition of email fails: " + err);
-      return res.json({
-        success: false,
-        reason: err
-      });
-    }
-
-    // got verification secret's second paramter is a password.  That password
-    // will only be used on new account creation.  Because we know this is not
-    // a new account, we don't provide it.
-    db.gotVerificationSecret(req.body.token, "", function(e, email, uid) {
+    db.gotVerificationSecret(req.body.token, function(e, email, uid) {
       if (e) {
         logger.warn("couldn't complete email verification: " + e);
         wsapi.databaseDown(res, e);
       } else {
-        // now do we need to set the password?
-        if (r.needs_password && req.body.pass) {
-          // requiring the client to wait until the bcrypt process is complete
-          // here exacerbates race conditions in front-end code.  We'll return
-          // success early, here, then update the password after the fact.
-          // The worst thing that could happen is that password update could
-          // fail (due to extreme load), and the user will have to reset
-          // their password.
-          wsapi.authenticateSession(req.session, uid, 'password');
-          res.json({ success: true });
-
-          wsapi.bcryptPassword(req.body.pass, function(err, hash) {
-            if (err) {
-              logger.warn("couldn't bcrypt password during email verification: " + err);
-              return;
-            }
-            db.updatePassword(uid, hash, function(err) {
-              if (err) {
-                logger.warn("couldn't update password during email verification: " + err);
-              }
-            });
-          });
-        } else {
-          res.json({ success: true });
-        }
+        wsapi.authenticateSession(req.session, uid, 'password');
+        res.json({ success: true });
       }
     });
   });
diff --git a/resources/static/pages/start.js b/resources/static/pages/start.js
index 34e4c2dec..cd57372ba 100644
--- a/resources/static/pages/start.js
+++ b/resources/static/pages/start.js
@@ -66,7 +66,8 @@ $(function() {
       module.start({});
     }
     else if (path === "/signup") {
-      bid.signUp();
+      var module = bid.signUp.create();
+      module.start({});
     }
     else if (path === "/forgot") {
       bid.forgot();
diff --git a/resources/static/test/cases/controllers/actions.js b/resources/static/test/cases/controllers/actions.js
index 488639009..11c58cd96 100644
--- a/resources/static/test/cases/controllers/actions.js
+++ b/resources/static/test/cases/controllers/actions.js
@@ -112,25 +112,6 @@
     testActionStartsModule('doGenerateAssertion', { email: TEST_EMAIL }, "generate_assertion");
   });
 
-  asyncTest("doEmailChosen - start the email_chosen service", function() {
-    testActionStartsModule('doEmailChosen', { email: TEST_EMAIL }, "email_chosen");
-  });
-
-
-  asyncTest("doEmailConfirmed - generate an assertion for the email", function() {
-    createController({
-      ready: function() {
-        testHelpers.register("assertion_generated", function(msg, info) {
-          ok(info.assertion, "assertion generated");
-          start();
-        });
-
-        user.syncEmailKeypair(TEST_EMAIL, function() {
-          controller.doEmailConfirmed({email: TEST_EMAIL});
-        });
-      }
-    });
-  });
 
   asyncTest("doStageUser with successful creation - trigger user_staged", function() {
     createController({
diff --git a/tests/primary-then-secondary-test.js b/tests/primary-then-secondary-test.js
index 8f0072aca..d8f17406d 100755
--- a/tests/primary-then-secondary-test.js
+++ b/tests/primary-then-secondary-test.js
@@ -86,7 +86,7 @@ suite.addBatch({
       assert.strictEqual(r.code, 200);
       assert.strictEqual(JSON.parse(r.body).success, false);
     },
-    "but with a password": {
+    "with a password": {
       topic: wsapi.post('/wsapi/stage_email', {
         email: SECONDARY_EMAIL,
         pass: TEST_PASS,
-- 
GitLab