1
90%
master: 90%

Ran 20 Apr 2017 08:30AM UTC

Files 35

Run time 2s

Badge

Embed ▾

Committed 20 Apr 2017 08:22AM UTC coverage: 89.634%. Remained the same

Job # 5720.1

Build Type

push

travis-ci

Committed by

bajtos

Commit Message

Implement more secure password flow

Improve the flow for setting/changing/resetting User password to make
it more secure.

 1. Modify `User.resetPassword` to create a token scoped to allow
    invocation of a single remote method: `User.setPassword`.

 2. Scope the method `User.setPassword` so that regular tokens created
    by `User.login` are not allowed to execute it.

For backwards compatibility, this new mode (flow) is enabled only
when User model setting `restrictResetPasswordTokenScope` is set to
`true`.

 3. Changing the password via `User.prototype.patchAttributes`
    (and similar DAO methods) is no longer allowed. Applications
    must call `User.changePassword` and ask the user to provide
    the current (old) password.

For backwards compatibility, this new mode (flow) is enabled only
when User model setting `rejectPasswordChangesViaPatchOrReplace` is set
to `true`.

Run Details

1753 of 2204 branches covered (79.54%)

3208 of 3579 relevant lines covered (89.63%)

2101.73 hits per line

strongloop / loopback / 5720 / 1
90%
master: 90%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 5720.1

strongloop / loopback / 5720 / 1 90% master: 90%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 5720.1

strongloop / loopback / 5720 / 1
90%
master: 90%

README BADGES
x