mirror of
https://github.com/volatiletech/authboss.git
synced 2025-09-16 09:06:20 +02:00
Add new PasswordReset event.
- Make remember clear it's tokens on password reset. - Fix #14
This commit is contained in:
Aaron L
@@ -18,11 +18,12 @@ const (
|
|||||||
EventRecoverEnd
|
EventRecoverEnd
|
||||||
EventGet
|
EventGet
|
||||||
EventGetUserSession
|
EventGetUserSession
|
||||||
|
EventPasswordReset
|
||||||
)
|
)
|
||||||
|
|
||||||
const eventNames = "EventRegisterEventAuthEventAuthFailEventRecoverStartEventRecoverEndEventGetEventGetUserSession"
|
const eventNames = "EventRegisterEventAuthEventAuthFailEventRecoverStartEventRecoverEndEventGetEventGetUserSessionEventPasswordReset"
|
||||||
|
|
||||||
var eventIndexes = [...]uint8{0, 13, 22, 35, 52, 67, 75, 94}
|
var eventIndexes = [...]uint8{0, 13, 22, 35, 52, 67, 75, 94, 112}
|
||||||
|
|
||||||
func (i Event) String() string {
|
func (i Event) String() string {
|
||||||
if i < 0 || i+1 >= Event(len(eventIndexes)) {
|
if i < 0 || i+1 >= Event(len(eventIndexes)) {
|
||||||
|
|||||||
@@ -165,6 +165,7 @@ func TestEventString(t *testing.T) {
|
|||||||
{EventRecoverEnd, "EventRecoverEnd"},
|
{EventRecoverEnd, "EventRecoverEnd"},
|
||||||
{EventGet, "EventGet"},
|
{EventGet, "EventGet"},
|
||||||
{EventGetUserSession, "EventGetUserSession"},
|
{EventGetUserSession, "EventGetUserSession"},
|
||||||
|
{EventPasswordReset, "EventPasswordReset"},
|
||||||
}
|
}
|
||||||
|
|
||||||
for i, test := range tests {
|
for i, test := range tests {
|
||||||
|
|||||||
@@ -251,6 +251,10 @@ func (r *Recover) completeHandlerFunc(ctx *authboss.Context, w http.ResponseWrit
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if err := authboss.Cfg.Callbacks.FireAfter(authboss.EventPasswordReset, ctx); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
ctx.SessionStorer.Put(authboss.SessionKey, primaryID)
|
ctx.SessionStorer.Put(authboss.SessionKey, primaryID)
|
||||||
http.Redirect(w, req, authboss.Cfg.AuthLoginOKPath, http.StatusFound)
|
http.Redirect(w, req, authboss.Cfg.AuthLoginOKPath, http.StatusFound)
|
||||||
default:
|
default:
|
||||||
|
|||||||
@@ -55,6 +55,7 @@ func (r *Remember) Initialize() error {
|
|||||||
|
|
||||||
authboss.Cfg.Callbacks.Before(authboss.EventGetUserSession, r.auth)
|
authboss.Cfg.Callbacks.Before(authboss.EventGetUserSession, r.auth)
|
||||||
authboss.Cfg.Callbacks.After(authboss.EventAuth, r.afterAuth)
|
authboss.Cfg.Callbacks.After(authboss.EventAuth, r.afterAuth)
|
||||||
|
authboss.Cfg.Callbacks.After(authboss.EventPasswordReset, r.afterPassword)
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
@@ -89,6 +90,26 @@ func (r *Remember) afterAuth(ctx *authboss.Context) error {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// afterPassword is called after the password has been reset.
|
||||||
|
func (r *Remember) afterPassword(ctx *authboss.Context) error {
|
||||||
|
if ctx.User == nil {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
id, ok := ctx.User.String(authboss.Cfg.PrimaryID)
|
||||||
|
if !ok {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
ctx.CookieStorer.Del(authboss.CookieRemember)
|
||||||
|
tokenStorer, ok := authboss.Cfg.Storer.(TokenStorer)
|
||||||
|
if !ok {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
return tokenStorer.DelTokens(id)
|
||||||
|
}
|
||||||
|
|
||||||
// new generates a new remember token and stores it in the configured TokenStorer.
|
// new generates a new remember token and stores it in the configured TokenStorer.
|
||||||
// The return value is a token that should only be given to a user if the delivery
|
// The return value is a token that should only be given to a user if the delivery
|
||||||
// method is secure which means at least signed if not encrypted.
|
// method is secure which means at least signed if not encrypted.
|
||||||
|
|||||||
@@ -64,6 +64,37 @@ func TestAfterAuth(t *testing.T) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestAfterPasswordReset(t *testing.T) {
|
||||||
|
r := Remember{}
|
||||||
|
authboss.NewConfig()
|
||||||
|
|
||||||
|
id := "test@email.com"
|
||||||
|
|
||||||
|
storer := mocks.NewMockStorer()
|
||||||
|
authboss.Cfg.Storer = storer
|
||||||
|
session := mocks.NewMockClientStorer()
|
||||||
|
cookies := mocks.NewMockClientStorer()
|
||||||
|
storer.Tokens[id] = []string{"one", "two"}
|
||||||
|
cookies.Values[authboss.CookieRemember] = "token"
|
||||||
|
|
||||||
|
ctx := authboss.NewContext()
|
||||||
|
ctx.User = authboss.Attributes{authboss.Cfg.PrimaryID: id}
|
||||||
|
ctx.SessionStorer = session
|
||||||
|
ctx.CookieStorer = cookies
|
||||||
|
|
||||||
|
if err := r.afterPassword(ctx); err != nil {
|
||||||
|
t.Error(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if _, ok := cookies.Values[authboss.CookieRemember]; ok {
|
||||||
|
t.Error("Expected the remember cookie to be deleted.")
|
||||||
|
}
|
||||||
|
|
||||||
|
if len(storer.Tokens) != 0 {
|
||||||
|
t.Error("Should have wiped out all tokens.")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func TestNew(t *testing.T) {
|
func TestNew(t *testing.T) {
|
||||||
r := &Remember{}
|
r := &Remember{}
|
||||||
authboss.NewConfig()
|
authboss.NewConfig()
|
||||||
|
|||||||
Reference in New Issue
Block a user