fixed /login validation error

2026-05-20 06:12:55 +08:00 · 2012-03-28 12:41:33 -07:00
parent f68aebfb34
commit eec55657cf
4 changed files with 38 additions and 5 deletions
--- a/lib/validation.js
+++ b/lib/validation.js
@@ -44,6 +44,17 @@ module.exports = function (req, res, next) {
      sanitized[key] = req.body[key];
    })
    
+    // validate login separately
+    if(resource.type === 'UserCollection' && req.url.indexOf('/login') === req.url.lastIndexOf('/')) {
+      // explicitely sanitize login data
+      sanitized = {
+        email: req.body.email,
+        password: req.body.password
+      };
+
+      return next();
+    }
+    
    // replace input with sanitized data
    req.body = req.data = sanitized;
    
--- a/package.json
+++ b/package.json
@@ -6,7 +6,7 @@
    "url": "git://github.com/deployd/deployd.git"
  },
  "engines": {
-    "node": ">= 0.7.x"
+    "node": ">= 0.6.0"
  },
  "main":"index",
  "dependencies": {
--- a/test/support.js
+++ b/test/support.js
@@ -20,9 +20,9 @@ unauthed = require('../lib/client').use('http://localhost:3003')
 resources = client.use('/resources')
 keys = dpd.use('/keys');
 types = client.use('/types')
-users = client.use('/users')
 // use non-root for todos
 todos = unauthed.use('/todos')
+users = unauthed.use('/users')
 sessions = client.use('/sessions')
 dashboard = client.use('/__dashboard');
 UserCollection = require('../lib/types').UserCollection
@@ -54,7 +54,29 @@ data = {
    users: {
      type: 'UserCollection',
      path: UserCollection.defaultPath,
-      properties: UserCollection.properties
+      properties: {
+        email: {
+          description: 'the unique email of the user',
+          type: 'string',
+          pattern: "[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?",
+          required: true,
+          unique: true,
+          minLength: 5,
+          order: 0
+        },
+        password: {
+          description: "the user's password",
+          type: 'string',
+          required: true,
+          minLength: 5,
+          order: 1
+        },
+        age: {
+          type: 'number',
+          required: true,
+          order: 2
+        }
+      }
    },
    avatars: {
      type: 'Static',
@@ -65,7 +87,7 @@ data = {
      path: '/'
    }
  },
-  users: [{email: 'foo@bar.com', password: 'foobar'}],
+  users: [{email: 'foo@bar.com', password: 'foobar', age: 21}],
  todos: [{title: 'feed the dog', complete: false}, {title: 'wash the car', complete: false}, {title: 'finish some stuff', complete: false}]
 }

--- a/test/users.test.js
+++ b/test/users.test.js
@@ -25,7 +25,7 @@ describe('Users', function(){
  
  describe('POST /users/login', function(){
    it('should login if provided the correct credentials', function(done) {
-      users.use('/login').post(data.users[0], function (err, session, req, res) {
+      users.use('/login').post({email: data.users[0].email, password: data.users[0].password}, function (err, session, req, res) {
        expect(session._id).to.have.length(24);
        expect(session.user.password).to.not.exist;
        expect(res.headers['set-cookie'][0].indexOf(session._id) > -1).to.equal(true);