Skip to content
Snippets Groups Projects
Commit 8a63fbd9 authored by Zachary Carter's avatar Zachary Carter
Browse files

User should not have to auth when email added/verified on same browser

parent ff37329a
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
lib/wsapi/email_for_token.js
+ 2
1
View file @ 8a63fbd9
...@@ -55,7 +55,8 @@ exports.process = function(req, res) { ...@@ -55,7 +55,8 @@ exports.process = function(req, res) {
req.params.token === req.session.pendingCreation) { req.params.token === req.session.pendingCreation) {
must_auth = false; must_auth = false;
} }
else if (typeof req.session.pendingReverification === 'string') { else if (typeof req.session.pendingReverification === 'string' ||
typeof req.session.pendingAddition === 'string') {
must_auth = false; must_auth = false;
} }
// NOTE: for reverification, we require you're authenticated. it's not enough // NOTE: for reverification, we require you're authenticated. it's not enough
......
tests/forgotten-pass-test.js
+ 49
1
View file @ 8a63fbd9
...@@ -25,6 +25,9 @@ start_stop.addStartupBatches(suite); ...@@ -25,6 +25,9 @@ start_stop.addStartupBatches(suite);
// var 'token' // var 'token'
var token = undefined; var token = undefined;
// stores wsapi client context
var oldContext;
// create a new account via the api with (first address) // create a new account via the api with (first address)
suite.addBatch({ suite.addBatch({
"staging an account": { "staging an account": {
...@@ -101,6 +104,52 @@ suite.addBatch({ ...@@ -101,6 +104,52 @@ suite.addBatch({
} }
}); });
// should not require auth to complete
suite.addBatch({
"given a token, getting an email": {
topic: function() {
wsapi.get('/wsapi/email_for_token', { token: token }).call(this);
},
"account created": function(err, r) {
assert.equal(r.code, 200);
var body = JSON.parse(r.body);
assert.strictEqual(body.success, true);
assert.strictEqual(body.must_auth, false);
}
}
});
// New context for a second client
suite.addBatch({
"change context": function () {
oldContext = wsapi.getContext();
wsapi.setContext({});
}
});
// should require auth to complete for second client
suite.addBatch({
"given a token, getting an email": {
topic: function() {
wsapi.get('/wsapi/email_for_token', { token: token }).call(this);
},
"account created": function(err, r) {
assert.equal(r.code, 200);
var body = JSON.parse(r.body);
assert.strictEqual(body.success, true);
assert.strictEqual(body.must_auth, true);
}
}
});
// restore context of first client
suite.addBatch({
"restore context": function () {
wsapi.setContext(oldContext);
}
});
// confirm second email email address to the account // confirm second email email address to the account
suite.addBatch({ suite.addBatch({
"create second account": { "create second account": {
...@@ -290,7 +339,6 @@ suite.addBatch({ ...@@ -290,7 +339,6 @@ suite.addBatch({
// browser should be prompted to authenticate // browser should be prompted to authenticate
// New context for a second client // New context for a second client
var oldContext;
suite.addBatch({ suite.addBatch({
"change context": function () { "change context": function () {
oldContext = wsapi.getContext(); oldContext = wsapi.getContext();
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment