From 969c6911d8ea530611ba3845782a67cdd5fee428 Mon Sep 17 00:00:00 2001 From: Liran Tal Date: Sun, 12 Jan 2014 23:27:17 +0200 Subject: [PATCH 1/2] instead of relying on previously hard-coded passport strategies we can assume that any user entry which have no provider set is a local strategy and apply our validations only on those empty provider members of the user model object --- app/models/user.js | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/app/models/user.js b/app/models/user.js index ca11b81128..4b26b491ad 100755 --- a/app/models/user.js +++ b/app/models/user.js @@ -5,9 +5,7 @@ */ var mongoose = require('mongoose'), Schema = mongoose.Schema, - crypto = require('crypto'), - authTypes = ['github', 'twitter', 'facebook', 'google']; - + crypto = require('crypto'); /** * User Schema @@ -49,25 +47,25 @@ var validatePresenceOf = function(value) { // the below 4 validations only apply if you are signing up traditionally UserSchema.path('name').validate(function(name) { // if you are authenticating by any of the oauth strategies, don't validate - if (authTypes.indexOf(this.provider) !== -1) return true; + if (!this.provider) return true; return name.length; }, 'Name cannot be blank'); UserSchema.path('email').validate(function(email) { // if you are authenticating by any of the oauth strategies, don't validate - if (authTypes.indexOf(this.provider) !== -1) return true; + if (!this.provider) return true; return email.length; }, 'Email cannot be blank'); UserSchema.path('username').validate(function(username) { // if you are authenticating by any of the oauth strategies, don't validate - if (authTypes.indexOf(this.provider) !== -1) return true; + if (!this.provider) return true; return username.length; }, 'Username cannot be blank'); UserSchema.path('hashed_password').validate(function(hashed_password) { // if you are authenticating by any of the oauth strategies, don't validate - if (authTypes.indexOf(this.provider) !== -1) return true; + if (!this.provider) return true; return hashed_password.length; }, 'Password cannot be blank'); @@ -78,7 +76,7 @@ UserSchema.path('hashed_password').validate(function(hashed_password) { UserSchema.pre('save', function(next) { if (!this.isNew) return next(); - if (!validatePresenceOf(this.password) && authTypes.indexOf(this.provider) === -1) + if (!validatePresenceOf(this.password) && !this.provider) next(new Error('Invalid password')); else next(); From 3963892615e378b87eaedbde6aae82ccdff2c6a3 Mon Sep 17 00:00:00 2001 From: Liran Tal Date: Sun, 12 Jan 2014 23:30:30 +0200 Subject: [PATCH 2/2] small bug fix where Mongoose validation functions must always return booleans --- app/models/user.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/app/models/user.js b/app/models/user.js index 4b26b491ad..d3bfcbc6e3 100755 --- a/app/models/user.js +++ b/app/models/user.js @@ -48,25 +48,25 @@ var validatePresenceOf = function(value) { UserSchema.path('name').validate(function(name) { // if you are authenticating by any of the oauth strategies, don't validate if (!this.provider) return true; - return name.length; + return (typeof name === 'string' && name.length > 0); }, 'Name cannot be blank'); UserSchema.path('email').validate(function(email) { // if you are authenticating by any of the oauth strategies, don't validate if (!this.provider) return true; - return email.length; + return (typeof email === 'string' && email.length > 0); }, 'Email cannot be blank'); UserSchema.path('username').validate(function(username) { // if you are authenticating by any of the oauth strategies, don't validate if (!this.provider) return true; - return username.length; + return (typeof username === 'string' && username.length > 0); }, 'Username cannot be blank'); UserSchema.path('hashed_password').validate(function(hashed_password) { // if you are authenticating by any of the oauth strategies, don't validate if (!this.provider) return true; - return hashed_password.length; + return (typeof hashed_password === 'string' && hashed_password.length > 0); }, 'Password cannot be blank');