tabshift/payloadcms
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

fix(db-postgres): update password error (#3575)

Browse Source
This commit is contained in:
Dan Ribbens
2023-10-11 10:19:00 -04:00
committed by GitHub
parent aabc0650f8
commit c09e9d96cf
2 changed files with 42 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
packages/payload/src/collections/operations/updateByID.ts
View File

@@ -243,8 +243,8 @@ async function updateByID<TSlug extends keyof GeneratedTypes['collections']>(
const { hash, salt } = await generatePasswordSaltHash({ password }) const { hash, salt } = await generatePasswordSaltHash({ password })
dataToUpdate.salt = salt dataToUpdate.salt = salt
dataToUpdate.hash = hash dataToUpdate.hash = hash
delete dataToUpdate.password
delete data.password delete data.password
delete result.password
} }
// ///////////////////////////////////// // /////////////////////////////////////

69
test/auth/int.spec.ts
View File

@@ -42,11 +42,11 @@ describe('Auth', () => {
// language=graphQL // language=graphQL
const query = `mutation { const query = `mutation {
loginUser(email: "${devUser.email}", password: "${devUser.password}") { loginUser(email: "${devUser.email}", password: "${devUser.password}") {
token token
user { user {
id id
email email
} }
} }
}` }`
const response = await client.request(query) const response = await client.request(query)
@@ -62,7 +62,7 @@ describe('Auth', () => {
it('should have fields saved to JWT', async () => { it('should have fields saved to JWT', async () => {
const decoded = jwtDecode<User>(token) const decoded = jwtDecode<User>(token)
const { email: jwtEmail, collection, roles, iat, exp } = decoded const { collection, email: jwtEmail, exp, iat, roles } = decoded
expect(jwtEmail).toBeDefined() expect(jwtEmail).toBeDefined()
expect(collection).toEqual('users') expect(collection).toEqual('users')
@@ -132,6 +132,19 @@ describe('Auth', () => {
loggedInUser = data.user loggedInUser = data.user
}) })
it('should allow a user to change password without returning password', async () => {
const result = await payload.update({
id: loggedInUser.id,
collection: slug,
data: {
password: 'test',
},
})
expect(result.id).toStrictEqual(loggedInUser.id)
expect(result.password).toBeUndefined()
})
it('should return a logged in user from /me', async () => { it('should return a logged in user from /me', async () => {
const response = await fetch(`${apiUrl}/${slug}/me`, { const response = await fetch(`${apiUrl}/${slug}/me`, {
headers: { headers: {
@@ -149,16 +162,16 @@ describe('Auth', () => {
it('should have fields saved to JWT', async () => { it('should have fields saved to JWT', async () => {
const decoded = jwtDecode<User>(token) const decoded = jwtDecode<User>(token)
const { const {
email: jwtEmail,
collection, collection,
email: jwtEmail,
exp,
iat,
roles, roles,
[saveToJWTKey]: customJWTPropertyKey, [saveToJWTKey]: customJWTPropertyKey,
'x-lifted-from-group': liftedFromGroup,
'x-tab-field': unnamedTabSaveToJWTString,
tabLiftedSaveToJWT, tabLiftedSaveToJWT,
unnamedTabSaveToJWTFalse, unnamedTabSaveToJWTFalse,
iat, 'x-lifted-from-group': liftedFromGroup,
exp, 'x-tab-field': unnamedTabSaveToJWTString,
} = decoded } = decoded
const group = decoded['x-group'] as Record<string, unknown> const group = decoded['x-group'] as Record<string, unknown>
@@ -190,9 +203,9 @@ describe('Auth', () => {
const user = await payload.create({ const user = await payload.create({
collection: slug, collection: slug,
data: { data: {
apiKey,
email: 'dev@example.com', email: 'dev@example.com',
password: 'test', password: 'test',
apiKey,
}, },
}) })
@@ -212,10 +225,10 @@ describe('Auth', () => {
it('should refresh a token and reset its expiration', async () => { it('should refresh a token and reset its expiration', async () => {
const response = await fetch(`${apiUrl}/${slug}/refresh-token`, { const response = await fetch(`${apiUrl}/${slug}/refresh-token`, {
method: 'post',
headers: { headers: {
Authorization: `JWT ${token}`, Authorization: `JWT ${token}`,
}, },
method: 'post',
}) })
const data = await response.json() const data = await response.json()
@@ -228,18 +241,18 @@ describe('Auth', () => {
expect(loggedInUser?.custom).toBe('Hello, world!') expect(loggedInUser?.custom).toBe('Hello, world!')
await payload.update({ await payload.update({
collection: slug,
id: loggedInUser?.id || '', id: loggedInUser?.id || '',
collection: slug,
data: { data: {
custom: 'Goodbye, world!', custom: 'Goodbye, world!',
}, },
}) })
const response = await fetch(`${apiUrl}/${slug}/refresh-token`, { const response = await fetch(`${apiUrl}/${slug}/refresh-token`, {
method: 'post',
headers: { headers: {
Authorization: `JWT ${token}`, Authorization: `JWT ${token}`,
}, },
method: 'post',
}) })
const data = await response.json() const data = await response.json()
@@ -303,7 +316,7 @@ describe('Auth', () => {
}, },
}) })
const { _verified, _verificationToken } = userResult.docs[0] const { _verificationToken, _verified } = userResult.docs[0]
expect(_verified).toBe(false) expect(_verified).toBe(false)
expect(_verificationToken).toBeDefined() expect(_verificationToken).toBeDefined()
@@ -331,7 +344,7 @@ describe('Auth', () => {
}, },
}) })
const { _verified: afterVerified, _verificationToken: afterToken } = const { _verificationToken: afterToken, _verified: afterVerified } =
afterVerifyResult.docs[0] afterVerifyResult.docs[0]
expect(afterVerified).toBe(true) expect(afterVerified).toBe(true)
expect(afterToken).toBeNull() expect(afterToken).toBeNull()
@@ -374,8 +387,8 @@ describe('Auth', () => {
password, password,
}), }),
headers: { headers: {
'Content-Type': 'application/json',
Authorization: `JWT ${token}`, Authorization: `JWT ${token}`,
'Content-Type': 'application/json',
}, },
method: 'post', method: 'post',
}) })
@@ -396,7 +409,7 @@ describe('Auth', () => {
}, },
}) })
const { loginAttempts, lockUntil } = userResult.docs[0] const { lockUntil, loginAttempts } = userResult.docs[0]
expect(loginAttempts).toBe(2) expect(loginAttempts).toBe(2)
expect(lockUntil).toBeDefined() expect(lockUntil).toBeDefined()
@@ -409,14 +422,14 @@ describe('Auth', () => {
await payload.update({ await payload.update({
collection: slug, collection: slug,
data: {
lockUntil: Date.now() - 605 * 1000,
},
where: { where: {
email: { email: {
equals: userEmail, equals: userEmail,
}, },
}, },
data: {
lockUntil: Date.now() - 605 * 1000,
},
}) })
// login // login
@@ -443,7 +456,7 @@ describe('Auth', () => {
}, },
}) })
const { loginAttempts, lockUntil } = userResult.docs[0] const { lockUntil, loginAttempts } = userResult.docs[0]
expect(loginAttempts).toBe(0) expect(loginAttempts).toBe(0)
expect(lockUntil).toBeNull() expect(lockUntil).toBeNull()
@@ -454,13 +467,13 @@ describe('Auth', () => {
it('should allow forgot-password by email', async () => { it('should allow forgot-password by email', async () => {
// TODO: Spy on payload sendEmail function // TODO: Spy on payload sendEmail function
const response = await fetch(`${apiUrl}/${slug}/forgot-password`, { const response = await fetch(`${apiUrl}/${slug}/forgot-password`, {
method: 'post',
body: JSON.stringify({ body: JSON.stringify({
email, email,
}), }),
headers: { headers: {
'Content-Type': 'application/json', 'Content-Type': 'application/json',
}, },
method: 'post',
}) })
// expect(mailSpy).toHaveBeenCalled(); // expect(mailSpy).toHaveBeenCalled();
@@ -495,10 +508,10 @@ describe('Auth', () => {
const user = await payload.create({ const user = await payload.create({
collection: slug, collection: slug,
data: { data: {
adminOnlyField: 'admin secret',
email: 'insecure@me.com', email: 'insecure@me.com',
password: 'test', password: 'test',
roles: ['admin'], roles: ['admin'],
adminOnlyField: 'admin secret',
}, },
}) })
@@ -520,8 +533,8 @@ describe('Auth', () => {
expect(adminMe.user.adminOnlyField).toEqual('admin secret') expect(adminMe.user.adminOnlyField).toEqual('admin secret')
await payload.update({ await payload.update({
collection: slug,
id: user?.id || '', id: user?.id || '',
collection: slug,
data: { data: {
roles: ['editor'], roles: ['editor'],
}, },
@@ -546,8 +559,8 @@ describe('Auth', () => {
const success = await fetch(`${apiUrl}/api-keys/${user2.id}`, { const success = await fetch(`${apiUrl}/api-keys/${user2.id}`, {
headers: { headers: {
'Content-Type': 'application/json',
Authorization: `api-keys API-Key ${user2.apiKey}`, Authorization: `api-keys API-Key ${user2.apiKey}`,
'Content-Type': 'application/json',
}, },
}).then((res) => res.json()) }).then((res) => res.json())
@@ -555,8 +568,8 @@ describe('Auth', () => {
const fail = await fetch(`${apiUrl}/api-keys/${user1.id}`, { const fail = await fetch(`${apiUrl}/api-keys/${user1.id}`, {
headers: { headers: {
'Content-Type': 'application/json',
Authorization: `api-keys API-Key ${user2.apiKey}`, Authorization: `api-keys API-Key ${user2.apiKey}`,
'Content-Type': 'application/json',
}, },
}) })