From 1005d3bef67acda280b0e69e8de053098034f55e Mon Sep 17 00:00:00 2001 From: John Fenley Date: Wed, 9 Oct 2013 16:51:24 -0600 Subject: [PATCH 1/6] Pass db connection object to connect-mongo. --- config/express.js | 6 +++--- server.js | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/config/express.js b/config/express.js index 0a2d2a291b..e650838001 100755 --- a/config/express.js +++ b/config/express.js @@ -7,7 +7,7 @@ var express = require('express'), helpers = require('view-helpers'), config = require('./config'); -module.exports = function(app, passport) { +module.exports = function(app, passport, db) { app.set('showStackError', true); //Should be placed before express.static @@ -46,7 +46,7 @@ module.exports = function(app, passport) { app.use(express.session({ secret: 'MEAN', store: new mongoStore({ - url: config.db, + db: db.connection.db, collection: 'sessions' }) })); @@ -87,4 +87,4 @@ module.exports = function(app, passport) { }); }); -}; \ No newline at end of file +}; diff --git a/server.js b/server.js index 10f7cff57a..ebc08a8906 100755 --- a/server.js +++ b/server.js @@ -44,7 +44,7 @@ require('./config/passport')(passport); var app = express(); //express settings -require('./config/express')(app, passport); +require('./config/express')(app, passport, db); //Bootstrap routes require('./config/routes')(app, passport, auth); @@ -58,4 +58,4 @@ console.log('Express app started on port ' + port); logger.init(app, passport, mongoose); //expose app -exports = module.exports = app; \ No newline at end of file +exports = module.exports = app; From 4825f449400329e31646eec3d6cb9cb5953c0b4a Mon Sep 17 00:00:00 2001 From: pontifier Date: Wed, 9 Oct 2013 17:43:56 -0600 Subject: [PATCH 2/6] Update express.js Pretty format html from jade templates. --- config/express.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/express.js b/config/express.js index e650838001..dc72f4c981 100755 --- a/config/express.js +++ b/config/express.js @@ -9,7 +9,7 @@ var express = require('express'), module.exports = function(app, passport, db) { app.set('showStackError', true); - + app.locals.pretty = true; //Should be placed before express.static app.use(express.compress({ filter: function(req, res) { From 5022bc258b76ed6a1a6aec9b11a913dbb5249a14 Mon Sep 17 00:00:00 2001 From: John Fenley Date: Fri, 11 Oct 2013 15:33:50 -0600 Subject: [PATCH 3/6] Use Scrypt for password hashes --- app/models/user.js | 20 ++++++-------------- package.json | 5 +++-- 2 files changed, 9 insertions(+), 16 deletions(-) diff --git a/app/models/user.js b/app/models/user.js index daf9b2ad89..ca122265e1 100755 --- a/app/models/user.js +++ b/app/models/user.js @@ -4,6 +4,7 @@ var mongoose = require('mongoose'), Schema = mongoose.Schema, crypto = require('crypto'), + scrypt = require('scrypt'), _ = require('underscore'), authTypes = ['github', 'twitter', 'facebook', 'google']; @@ -17,7 +18,6 @@ var UserSchema = new Schema({ username: String, provider: String, hashed_password: String, - salt: String, facebook: {}, twitter: {}, github: {}, @@ -29,7 +29,6 @@ var UserSchema = new Schema({ */ UserSchema.virtual('password').set(function(password) { this._password = password; - this.salt = this.makeSalt(); this.hashed_password = this.encryptPassword(password); }).get(function() { return this._password; @@ -92,18 +91,9 @@ UserSchema.methods = { * @api public */ authenticate: function(plainText) { - return this.encryptPassword(plainText) === this.hashed_password; + return scrypt.verifyHashSync(this.hashed_password, plainText); }, - /** - * Make salt - * - * @return {String} - * @api public - */ - makeSalt: function() { - return Math.round((new Date().valueOf() * Math.random())) + ''; - }, /** * Encrypt password @@ -114,8 +104,10 @@ UserSchema.methods = { */ encryptPassword: function(password) { if (!password) return ''; - return crypto.createHmac('sha1', this.salt).update(password).digest('hex'); + var maxtime = 0.1; + return scrypt.passwordHashSync(password, maxtime); + //return crypto.createHmac('sha1', this.salt).update(password).digest('hex'); } }; -mongoose.model('User', UserSchema); \ No newline at end of file +mongoose.model('User', UserSchema); diff --git a/package.json b/package.json index 5c61090903..b6346bf82f 100755 --- a/package.json +++ b/package.json @@ -36,7 +36,8 @@ "forever": "latest", "grunt": "latest", "grunt-cli": "latest", - "grunt-bower-task": "latest" + "grunt-bower-task": "latest", + "scrypt": "latest" }, "devDependencies": { "supertest": "latest", @@ -47,4 +48,4 @@ "grunt-concurrent": "latest", "grunt-mocha-test": "latest" } -} \ No newline at end of file +} From fe7173224fe6183ab520e06b502a71b36ca67757 Mon Sep 17 00:00:00 2001 From: John Fenley Date: Fri, 11 Oct 2013 16:45:40 -0600 Subject: [PATCH 4/6] Run tests using test environment --- gruntfile.js | 10 ++++++++-- package.json | 1 + 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/gruntfile.js b/gruntfile.js index d76c6161fd..d0ac828907 100644 --- a/gruntfile.js +++ b/gruntfile.js @@ -71,6 +71,11 @@ module.exports = function(grunt) { cleanBowerDir: true } } + }, + env: { + test: { + NODE_ENV: 'test' + } } }); @@ -81,6 +86,7 @@ module.exports = function(grunt) { grunt.loadNpmTasks('grunt-nodemon'); grunt.loadNpmTasks('grunt-concurrent'); grunt.loadNpmTasks('grunt-bower-task'); + grunt.loadNpmTasks('grunt-env'); //Making grunt default to force in order not to break the project. grunt.option('force', true); @@ -89,8 +95,8 @@ module.exports = function(grunt) { grunt.registerTask('default', ['jshint', 'concurrent']); //Test task. - grunt.registerTask('test', ['mochaTest']); + grunt.registerTask('test', ['env:test', 'mochaTest']); //Bower task. grunt.registerTask('install', ['bower']); -}; \ No newline at end of file +}; diff --git a/package.json b/package.json index b6346bf82f..f345fd8214 100755 --- a/package.json +++ b/package.json @@ -36,6 +36,7 @@ "forever": "latest", "grunt": "latest", "grunt-cli": "latest", + "grunt-env": "latest", "grunt-bower-task": "latest", "scrypt": "latest" }, From b6830ba3804cf2ba59a524b2d2ec3e05da8cbcee Mon Sep 17 00:00:00 2001 From: John Fenley Date: Fri, 11 Oct 2013 18:03:52 -0600 Subject: [PATCH 5/6] Better user model behavior and test teardown --- app/models/user.js | 2 +- test/article/model.js | 9 ++++++++- test/user/model.js | 27 +++++++++++++++++++++++---- 3 files changed, 32 insertions(+), 6 deletions(-) diff --git a/app/models/user.js b/app/models/user.js index ca122265e1..d726835960 100755 --- a/app/models/user.js +++ b/app/models/user.js @@ -15,7 +15,7 @@ var mongoose = require('mongoose'), var UserSchema = new Schema({ name: String, email: String, - username: String, + username: {type: String, unique: true}, provider: String, hashed_password: String, facebook: {}, diff --git a/test/article/model.js b/test/article/model.js index e31351abae..86b8d1d1a3 100644 --- a/test/article/model.js +++ b/test/article/model.js @@ -52,7 +52,14 @@ describe('', function() { }); afterEach(function(done) { + Article.remove({}); + User.remove({}); + done(); + }); + after(function(done){ + Article.remove().exec(); + User.remove().exec(); done(); }); }); -}); \ No newline at end of file +}); diff --git a/test/user/model.js b/test/user/model.js index 4919b7b543..d72c14eb48 100644 --- a/test/user/model.js +++ b/test/user/model.js @@ -19,15 +19,33 @@ describe('', function() { username: 'user', password: 'password' }); + user2 = new User({ + name: 'Full name', + email: 'test@test.com', + username: 'user', + password: 'password' + }); done(); }); describe('Method Save', function() { + it('should begin with no users', function(done){ + User.find({}, function(err,users){ + users.should.have.length(0); + done(); + }); + }); + it('should be able to save whithout problems', function(done) { - return user.save(function(err) { - should.not.exist(err); - done(); + user.save(done); + }); + + it('should fail to save an existing user again', function(done) { + user.save(); + return user2.save(function(err){ + should.exist(err); + done(); }); }); @@ -41,7 +59,8 @@ describe('', function() { }); after(function(done) { + User.remove().exec(); done(); }); }); -}); \ No newline at end of file +}); From 71365db8398cfc2c1d40aceef4cb25927109eb10 Mon Sep 17 00:00:00 2001 From: John Fenley Date: Sat, 12 Oct 2013 00:30:45 -0600 Subject: [PATCH 6/6] grunt watch runs test suite on any changes --- gruntfile.js | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/gruntfile.js b/gruntfile.js index d0ac828907..646acd3b12 100644 --- a/gruntfile.js +++ b/gruntfile.js @@ -27,7 +27,11 @@ module.exports = function(grunt) { options: { livereload: true } - } + }, + test: { + files: '*', + tasks: ['test'] + } }, jshint: { all: ['gruntfile.js', 'public/js/**/*.js', 'test/**/*.js', 'app/**/*.js']