search

senecajs / seneca-auth

A Seneca user authentication plugin for Hapi and Express
http://senecajs.org
MIT License
33 stars 29 forks source link

POST /auth/change_password with different password repeat is accepted #101

Open indr opened 8 years ago

indr commented 8 years ago

seneca-user options

{
  autopass: false,
  mustrepeat: true
}

Requests

$ curl -H 'Content-Type: application/json' -v http://localhost:3000/auth/login -d '{"email":"u1@example.com","password":"pu1"}'
*   Trying ::1...
* Connected to localhost (::1) port 3000 (#0)
> POST /auth/login HTTP/1.1
> Host: localhost:3000
> User-Agent: curl/7.47.1
> Accept: */*
> Content-Type: application/json
> Content-Length: 43
> 
* upload completely sent off: 43 out of 43 bytes
< HTTP/1.1 200 OK
< X-Powered-By: Express
< Set-Cookie: seneca-login=cd55571e-832e-4053-b4fc-8aabafbb7ec2; path=/; httponly
< Content-Type: application/json
< Cache-Control: private, max-age=0, no-cache, no-store
< Content-Length: 338
< Date: Wed, 03 Aug 2016 01:35:28 GMT
< Connection: keep-alive
< 
* Connection #0 to host localhost left intact
{"user":{"nick":"nu1","email":"u1@example.com","name":"u1","when":"2016-08-03T01:28:01.458Z","id":"3cdmdw"},"login":{"nick":"nu1","user":"3cdmdw","when":"2016-08-03T01:35:28.184Z","active":true,"why":"password","email":"u1@example.com","token":"cd55571e-832e-4053-b4fc-8aabafbb7ec2","id":"cd55571e-832e-4053-b4fc-8aabafbb7ec2"},"ok":true}
$ curl -H 'Content-Type: application/json' \
> -H 'Cookie: seneca-login=cd55571e-832e-4053-b4fc-8aabafbb7ec2' \
> -v http://localhost:3000/auth/change_password \
> -d '{"password":"AAA","repeat":"BBB"}'
*   Trying ::1...
* Connected to localhost (::1) port 3000 (#0)
> POST /auth/change_password HTTP/1.1
> Host: localhost:3000
> User-Agent: curl/7.47.1
> Accept: */*
> Content-Type: application/json
> Cookie: seneca-login=cd55571e-832e-4053-b4fc-8aabafbb7ec2
> Content-Length: 33
> 
* upload completely sent off: 33 out of 33 bytes
< HTTP/1.1 200 OK
< X-Powered-By: Express
< Content-Type: application/json
< Cache-Control: private, max-age=0, no-cache, no-store
< Content-Length: 317
< Date: Wed, 03 Aug 2016 01:36:57 GMT
< Connection: keep-alive
< 
* Connection #0 to host localhost left intact
{"ok":true,"user":{"nick":"nu1","email":"u1@example.com","name":"u1","active":true,"when":"2016-08-03T01:28:01.458Z","salt":"\tK\u0015W-TW23=\u0005<\u0001W\u0010h","pass":"839b60f6e0c985e2d6b9f206bf6b4b26b8ab99c7d1e2e5c503ce44a8f37e26d9290ddfa9454b414dd4cc899ac1bf1b18303a556151537b3468161738ffeb5038","id":"3cdmdw"}}