thegameofcode · luismesas · Aug 11, 2017 · Aug 10, 2017 · Aug 11, 2017 · Aug 11, 2017
diff --git a/config_sample.json b/config_sample.json
@@ -147,7 +147,7 @@
 		"validateOldPassword": false,
 		"regexValidation": "(?=.*\\d)(?=.*[A-Z])(?=.*[a-z]).{8}",
 		"message": "Your password must be at least 8 characters and must contain at least one capital, one lower and one number.",
-		"generatedRegex": "([a-z][\\d][A-Z]){3,4}",
+		"generatedRegex": "([a-z]{2})([0-9]{2})([A-Z]{4})",
 		"from": "hello@example.com",
 		"subject": "Recover Example User Password",
 		"body": "Here is your new password for accessing to your Example account, if you want, you can update it anytime from your edit profile screen. <p> __PASSWD__ <p> you can also click <a href='__LINK__' >here</a> from your mobile device to get in. If you receiver this email by error or you are sure you didn't requested it, please contact support@example.com"

diff --git a/src/managers/dao.js b/src/managers/dao.js
@@ -158,7 +158,6 @@ function findOneUser(criteria, options, cbk) {
 }
 
 function updateOne(coll, criteria, update, cbk) {
-
 	coll.updateOne(criteria, update, function (err, res) {
 		if (err) {
 			return cbk(err, null);

diff --git a/src/managers/user.js b/src/managers/user.js
@@ -318,7 +318,7 @@ function createUserPrivateCall(body, user, cbk) {
 		user.roles = body.roles || [];
 
 		if (!user.password) {
-			user.password = cryptoMng.randomPassword(config.password.regexValidation);
+			user.password = cryptoMng.randomPassword(config.password.generatedRegex);
 		}
 
 		cryptoMng.encrypt(user.password, function (encrypted) {

diff --git a/src/middlewares/findUserInPath.js b/src/middlewares/findUserInPath.js
@@ -13,7 +13,7 @@ module.exports = function findUser(req, res, next) {
 			};
 			log.error(error);
 			res.send(400, error);
-			return next(err);
+			return next(false);
 		}
 		req.user = foundUser;
 		return next();

diff --git a/src/middlewares/userAppVersion.js b/src/middlewares/userAppVersion.js
@@ -6,11 +6,6 @@ const log = require('../logger/service');
 const userDao = require('../managers/dao');
 const config = require('../../config');
 
-const updatingUserError = {
-	err: 'proxy_error',
-	des: 'error updating user appVersion'
-};
-
 let _settings = {};
 
 function storeUserAppVersion(req, res, next) {
@@ -20,8 +15,7 @@ function storeUserAppVersion(req, res, next) {
 	userDao.updateField(req.user._id, 'appVersion', req.headers[_settings.version.header], function (err) {
 		if (err) {
 			log.error({ err });
-			res.send(500, updatingUserError);
-			return next(err);
+			return next(false);
 		}
 		return next();
 	});

diff --git a/src/public_service.js b/src/public_service.js
@@ -56,7 +56,7 @@ module.exports = function () {
 				user: req.user,
 				tokenInfo: req.tokenInfo
 			};
-			
+
 			if (logInfo.request.params && logInfo.request.params.password) {
 				delete(logInfo.request.params.password);
 			}
@@ -74,6 +74,9 @@ module.exports = function () {
 			server.opts(/.*/, function (req, res, next) {
 				res.header('Access-Control-Allow-Methods', req.header('Access-Control-Request-Methods'));
 				res.header('Access-Control-Allow-Headers', req.header('Access-Control-Request-Headers'));
+				if(req.header('Access-Control-Allow-Origin') === config.accessControlAllow.origins){
+					res.header('Access-Control-Allow-Origin', config.accessControlAllow.origins);
+				}
 				res.send(200);
 				return next();
 			});

diff --git a/src/routes_public/auth/loginFacebook_post.js b/src/routes_public/auth/loginFacebook_post.js
@@ -141,7 +141,7 @@ module.exports = function postAuthRegisterFacebook(req, res, next) {
 					accessToken: req.body.accessToken
 				};
 
-				fbUserProfile.password = cryptoMng.randomPassword(config.password.regexValidation);
+				fbUserProfile.password = cryptoMng.randomPassword(config.password.generatedRegex);
 
 				userMng.createUser(fbUserProfile, null, function (err, tokens) {
 					if (err) {

diff --git a/src/routes_public/auth/login_post.js b/src/routes_public/auth/login_post.js
@@ -16,7 +16,7 @@ module.exports = function (req, res, next) {
 		daoMng.getFromUsernamePassword(req.body.username, encryptedPwd, function (err, foundUser) {
 			if (err) {
 				res.send(409, {err: err.message});
-				return next(err);
+				return next(false);
 			}
 
 			daoMng.getAllUserFields(foundUser.username, function (err, result) {

diff --git a/tests-unit/auth/facebook_token.js b/tests-unit/auth/facebook_token.js
@@ -27,13 +27,13 @@ const OPTIONS = {
 const baseUser = {
 	id: 'a1b2c3d4e5f6',
 	email: 'test@a.com',
-	password: 'pass1'
+	password: 'P4ssw0rd'
 };
 
 const FB_PROFILE = {
 	name: 'Test User',
 	email: 'test@a.com',
-	id: 'fba1b2c3d4e5f6'
+	id: 'Fba1b2c3d4e5f6'
 };
 
 describe('/facebook_token', function () {

diff --git a/tests-unit/crypto.js b/tests-unit/crypto.js
@@ -30,7 +30,7 @@ describe('crypto', function () {
 		const crypto = require('../src/managers/crypto');
 		const cryptoMng = crypto(config.password);
 
-		const newRandomPassword = cryptoMng.randomPassword(config.password.regexValidation);
+		const newRandomPassword = cryptoMng.randomPassword(config.password.generatedRegex);
 		const testRe = new RegExp(config.password.regexValidation);
 
 		assert.ok(newRandomPassword.match(testRe), 'Random password does not match with config regexp');