From 5bcab8fcbea546cd57ef728131f9e16cc57e675d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E0=A4=95=E0=A4=BE=E0=A4=B0=E0=A4=A4=E0=A5=8B=E0=A4=AB?= =?UTF-8?q?=E0=A5=8D=E0=A4=AB=E0=A5=87=E0=A4=B2=E0=A4=B8=E0=A5=8D=E0=A4=95?= =?UTF-8?q?=E0=A5=8D=E0=A4=B0=E0=A4=BF=E0=A4=AA=E0=A5=8D=E0=A4=9F=E2=84=A2?= Date: Thu, 30 Mar 2023 16:44:39 +0200 Subject: [PATCH] fix(core): Password reset should pass in the correct values to external hooks (#5842) --- .../cli/src/controllers/passwordReset.controller.ts | 6 ++++-- .../cli/test/integration/passwordReset.api.test.ts | 10 ++++++++++ 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/packages/cli/src/controllers/passwordReset.controller.ts b/packages/cli/src/controllers/passwordReset.controller.ts index 53e8401a4a..fd9856bd4a 100644 --- a/packages/cli/src/controllers/passwordReset.controller.ts +++ b/packages/cli/src/controllers/passwordReset.controller.ts @@ -255,8 +255,10 @@ export class PasswordResetController { throw new NotFoundError(''); } + const passwordHash = await hashPassword(validPassword); + await this.userRepository.update(userId, { - password: await hashPassword(validPassword), + password: passwordHash, resetPasswordToken: null, resetPasswordTokenExpiration: null, }); @@ -279,6 +281,6 @@ export class PasswordResetController { }); } - await this.externalHooks.run('user.password.update', [user.email, password]); + await this.externalHooks.run('user.password.update', [user.email, passwordHash]); } } diff --git a/packages/cli/test/integration/passwordReset.api.test.ts b/packages/cli/test/integration/passwordReset.api.test.ts index 4ecc12f5f8..60ccfa0ce5 100644 --- a/packages/cli/test/integration/passwordReset.api.test.ts +++ b/packages/cli/test/integration/passwordReset.api.test.ts @@ -15,6 +15,7 @@ import { } from './shared/random'; import * as testDb from './shared/testDb'; import { setCurrentAuthenticationMethod } from '@/sso/ssoHelpers'; +import { ExternalHooks } from '@/ExternalHooks'; jest.mock('@/UserManagement/email/NodeMailer'); @@ -22,6 +23,7 @@ let globalOwnerRole: Role; let globalMemberRole: Role; let owner: User; let authlessAgent: SuperAgentTest; +let externalHooks = utils.mockInstance(ExternalHooks); beforeAll(async () => { const app = await utils.initTestServer({ endpointGroups: ['passwordReset'] }); @@ -37,6 +39,7 @@ beforeEach(async () => { owner = await testDb.createUser({ globalRole: globalOwnerRole }); config.set('userManagement.isInstanceOwnerSetUp', true); + externalHooks.run.mockReset(); }); afterAll(async () => { @@ -221,6 +224,11 @@ describe('POST /change-password', () => { const comparisonResult = await compare(passwordToStore, storedPassword); expect(comparisonResult).toBe(true); expect(storedPassword).not.toBe(passwordToStore); + + expect(externalHooks.run).toHaveBeenCalledWith('user.password.update', [ + owner.email, + storedPassword, + ]); }); test('should fail with invalid inputs', async () => { @@ -276,5 +284,7 @@ describe('POST /change-password', () => { }); expect(response.statusCode).toBe(404); + + expect(externalHooks.run).not.toHaveBeenCalled(); }); });