5718
90%
master: 90%

Ran 20 Apr 2017 08:23AM UTC

Jobs 3

Files 35

Run time 7min

Badge

Embed ▾

pending completion

Build # 5718

Build Type

push

travis-ci

Committed by

bajtos

Commit Message

Implement more secure password flow

Improve the flow for setting/changing/resetting User password to make
it more secure.

 1. Modify `User.resetPassword` to create a token scoped to allow
    invocation of a single remote method: `User.setPassword`.

 2. Scope the method `User.setPassword` so that regular tokens created
    by `User.login` are not allowed to execute it.

 3. Changing the password via `User.prototype.patchAttributes`
    (and similar DAO methods) is no longer allowed. Applications
    must call `User.changePassword` and ask the user to provide
    the current (old) password.

For backwards compatibility, this new mode (flow) is enabled only
when User model setting `legacyPasswordFlow` is set to `false`.

Run Details

1753 of 2204 branches covered (79.54%)

33 of 33 new or added lines in 1 file covered. (100.0%)

3208 of 3579 relevant lines covered (89.63%)

6308.41 hits per line

New Missed Lines in Diff

Lines	Coverage	∆	File
1	100.0		common/models/user.js

Uncovered Existing Lines

Lines	Coverage	∆	File
22	100.0		common/models/user.js

Jobs

ID	Job ID	Ran	Coverage
1	5718.1	20 Apr 2017 08:31AM UTC	89.63	Travis Job 5718.1
2	5718.2	20 Apr 2017 08:24AM UTC	89.63	Travis Job 5718.2
3	5718.3	20 Apr 2017 08:23AM UTC	89.63	Travis Job 5718.3

Source Files on build 5718

Detailed source file information is not available for this build.

strongloop / loopback / 5718
90%
master: 90%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

New Missed Lines in Diff

Uncovered Existing Lines

Jobs

Source Files on build 5718

strongloop / loopback / 5718 90% master: 90%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

New Missed Lines in Diff

Uncovered Existing Lines

Jobs

Source Files on build 5718

strongloop / loopback / 5718
90%
master: 90%

README BADGES
x