More tests and redone error return slightly

Vladyslav Chygrinov · Vladyslav Chygrinov · commit afdcb4f8c45a · 2019-02-06T17:25:05.000+02:00
diff --git a/spec/PasswordPolicy.spec.js b/spec/PasswordPolicy.spec.js
@@ -909,6 +909,97 @@ describe('Password Policy: ', () => {
     });
   });
 
+  it('Should return error when password violates Password Policy and reset through ajax', done => {
+    const user = new Parse.User();
+    const emailAdapter = {
+      sendVerificationEmail: () => Promise.resolve(),
+      sendPasswordResetEmail: options => {
+        request({
+          url: options.link,
+          followRedirects: false,
+          simple: false,
+          resolveWithFullResponse: true,
+        })
+          .then(response => {
+            expect(response.status).toEqual(302);
+            const re = /http:\/\/localhost:8378\/1\/apps\/choose_password\?token=([a-zA-Z0-9]+)\&id=test\&username=user1/;
+            const match = response.text.match(re);
+            if (!match) {
+              fail('should have a token');
+              done();
+              return;
+            }
+            const token = match[1];
+
+            request({
+              method: 'POST',
+              url: 'http://localhost:8378/1/apps/test/request_password_reset',
+              body: `new_password=xuser12&token=${token}&username=user1`,
+              headers: {
+                'Content-Type': 'application/x-www-form-urlencoded',
+                'X-Requested-With': 'XMLHttpRequest',
+              },
+              followRedirects: false,
+            })
+              .catch(error => {
+                expect(error.status).not.toBe(302);
+                expect(error.text).toEqual(
+                  '{"code":-1,"error":"Password does not meet the Password Policy requirements."}'
+                );
+
+                Parse.User.logIn('user1', 'r@nd0m')
+                  .then(function() {
+                    done();
+                  })
+                  .catch(err => {
+                    jfail(err);
+                    fail('should login with old password');
+                    done();
+                  });
+              })
+              .catch(error => {
+                jfail(error);
+                fail('Failed to POST request password reset');
+                done();
+              });
+          })
+          .catch(error => {
+            jfail(error);
+            fail('Failed to get the reset link');
+            done();
+          });
+      },
+      sendMail: () => {},
+    };
+    reconfigureServer({
+      appName: 'passwordPolicy',
+      verifyUserEmails: false,
+      emailAdapter: emailAdapter,
+      passwordPolicy: {
+        doNotAllowUsername: true,
+      },
+      publicServerURL: 'http://localhost:8378/1',
+    }).then(() => {
+      user.setUsername('user1');
+      user.setPassword('r@nd0m');
+      user.set('email', 'user1@parse.com');
+      user
+        .signUp()
+        .then(() => {
+          Parse.User.requestPasswordReset('user1@parse.com').catch(err => {
+            jfail(err);
+            fail('Reset password request should not fail');
+            done();
+          });
+        })
+        .catch(error => {
+          jfail(error);
+          fail('signUp should not fail');
+          done();
+        });
+    });
+  });
+
   it('should reset password even if the new password contains user name while the policy allows', done => {
     const user = new Parse.User();
     const emailAdapter = {
diff --git a/spec/ValidationAndPasswordsReset.spec.js b/spec/ValidationAndPasswordsReset.spec.js
@@ -992,6 +992,31 @@ describe('Custom Pages, Email Verification, Password Reset', () => {
     });
   });
 
+  it('should return ajax failure error on ajax request with wrong data provided', done => {
+    reconfigureServer({
+      publicServerURL: 'http://localhost:8378/1',
+    })
+      .then(() => {
+        return request({
+          method: 'POST',
+          url: 'http://localhost:8378/1/apps/test/request_password_reset',
+          body: `new_password=user1&token=12345&username=Johnny`,
+          headers: {
+            'Content-Type': 'application/x-www-form-urlencoded',
+            'X-Requested-With': 'XMLHttpRequest',
+          },
+          followRedirects: false,
+        });
+      })
+      .catch(error => {
+        expect(error.status).not.toBe(302);
+        expect(error.text).toEqual(
+          '{"code":-1,"error":"Failed to reset password (Username/email or token is invalid)"}'
+        );
+        done();
+      });
+  });
+
   it('deletes password reset token on email address change', done => {
     reconfigureServer({
       appName: 'coolapp',
diff --git a/src/Routers/PublicAPIRouter.js b/src/Routers/PublicAPIRouter.js
@@ -207,7 +207,15 @@ export class PublicAPIRouter extends PromiseRouter {
             });
           }
 
-          throw new Parse.Error(Parse.Error.OTHER_CAUSE, result.err);
+          if (
+            result.err ===
+            'Password does not meet the Password Policy requirements.'
+          )
+            throw new Parse.Error(Parse.Error.OTHER_CAUSE, `${result.err}`);
+          throw new Parse.Error(
+            Parse.Error.OTHER_CAUSE,
+            'Invalid token or username'
+          );
         }
 
         return Promise.resolve({
