-
-
Notifications
You must be signed in to change notification settings - Fork 36k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(email): Check unquiness of email #15205
fix(email): Check unquiness of email #15205
Conversation
Note: I have although left the error message display to a raw message returned from loopback, this is done intentionally because the entire reset logic is going away in any case with passwordless. @BerkeleyTrue: |
Also do we need this on production? |
@raisedadead updated the pull request. |
common/models/user.js
Outdated
// see: | ||
// https://github.com/strongloop/loopback/issues/1137#issuecomment-271437926 | ||
User.validate('email', function( err ) { | ||
if ( this.email && !isEmail(this.email)) { |
This comment was marked as off-topic.
This comment was marked as off-topic.
Sorry, something went wrong.
@raisedadead We originally removed the email check because we only allowed third party sign ups, and that resulted in only having usernames as unique to everyone. Since we are now moving to email first validation, should we just remove the email validation deletion? |
@raisedadead updated the pull request. |
@BerkeleyTrue Excellent point, yes we should do that when we remove GitHub auth completely (maybe after passwordless goes in). Until then this is we would still need this (as we are still creating user accounts, with GitHub) |
Ok, then an addition to passwordless would be to remove the ability to create accounts with github and re-add the original email validations. |
@BerkeleyTrue Yes, that is correct and #10407 should address this. I have updated the user stories so that this is tracked there. |
common/models/user.js
Outdated
// Updated workaround for email validation | ||
// see: | ||
// https://github.com/strongloop/loopback/issues/1137#issuecomment-271437926 | ||
User.validate('email', function( err ) { |
This comment was marked as off-topic.
This comment was marked as off-topic.
Sorry, something went wrong.
common/models/user.js
Outdated
// https://github.com/strongloop/loopback/issues/1137#issuecomment-271437926 | ||
User.validate('email', function( err ) { | ||
if (this.email && !isEmail(this.email)) { | ||
debug(err); |
This comment was marked as off-topic.
This comment was marked as off-topic.
Sorry, something went wrong.
common/models/user.js
Outdated
debug(err); | ||
} | ||
}, { | ||
message: 'Email format is invalid, please check again' |
This comment was marked as off-topic.
This comment was marked as off-topic.
Sorry, something went wrong.
@raisedadead updated the pull request. |
Just confirming again, do we need this on production? |
@raisedadead updated the pull request. |
@raisedadead updated the pull request. |
@@ -608,7 +608,14 @@ module.exports = function(app) { | |||
return User.findById(req.accessToken.userId, function(err, user) { | |||
if (err) { return next(err); } | |||
return user.updateAttribute('password', password, function(err) { | |||
if (err) { return next(err); } | |||
if (err) { |
This comment was marked as off-topic.
This comment was marked as off-topic.
Sorry, something went wrong.
This comment was marked as off-topic.
This comment was marked as off-topic.
Sorry, something went wrong.
This comment was marked as off-topic.
This comment was marked as off-topic.
Sorry, something went wrong.
This comment was marked as off-topic.
This comment was marked as off-topic.
Sorry, something went wrong.
This comment was marked as off-topic.
This comment was marked as off-topic.
Sorry, something went wrong.
if (err) { | ||
debug(err); | ||
req.flash('error', { | ||
msg: err.message || |
This comment was marked as off-topic.
This comment was marked as off-topic.
Sorry, something went wrong.
This comment was marked as off-topic.
This comment was marked as off-topic.
Sorry, something went wrong.
if (this.email && !isEmail(this.email)) { | ||
// Here err is a callback | ||
// See loopback api docs loopback-datasource-juggler/#validatable-validate | ||
debug(err()); |
This comment was marked as off-topic.
This comment was marked as off-topic.
Sorry, something went wrong.
This comment was marked as off-topic.
This comment was marked as off-topic.
Sorry, something went wrong.
This comment was marked as off-topic.
This comment was marked as off-topic.
Sorry, something went wrong.
This comment was marked as off-topic.
This comment was marked as off-topic.
Sorry, something went wrong.
This comment was marked as off-topic.
This comment was marked as off-topic.
Sorry, something went wrong.
This comment was marked as off-topic.
This comment was marked as off-topic.
Sorry, something went wrong.
This comment was marked as off-topic.
This comment was marked as off-topic.
Sorry, something went wrong.
This should let us check for uniqueness of email when the user attributes are updated via the API.