diff --git a/README.md b/README.md index b7eab1dacc..e5a2561370 100644 --- a/README.md +++ b/README.md @@ -216,6 +216,7 @@ The client keys used with Parse are no longer necessary with Parse Server. If yo * `revokeSessionOnPasswordReset` - When a user changes their password, either through the reset password email or while logged in, all sessions are revoked if this is true. Set to false if you don't want to revoke sessions. * `accountLockout` - Lock account when a malicious user is attempting to determine an account password by trial and error. * `passwordPolicy` - Optional password policy rules to enforce. +* `customPages` - A hash with urls to override email verification links, password reset links and specify frame url for masking user-facing pages. Available keys: `parseFrameURL`, `invalidLink`, `choosePassword`, `passwordResetSuccess`, `verifyEmailSuccess`. ##### Logging diff --git a/spec/UserController.spec.js b/spec/UserController.spec.js new file mode 100644 index 0000000000..498f70b655 --- /dev/null +++ b/spec/UserController.spec.js @@ -0,0 +1,59 @@ +var UserController = require('../src/Controllers/UserController').UserController; +var emailAdapter = require('./MockEmailAdapter') +var AppCache = require('../src/cache').AppCache; + +describe('UserController', () => { + var user = { + _email_verify_token: 'testToken', + username: 'testUser', + email: 'test@example.com' + } + + describe('sendVerificationEmail', () => { + describe('parseFrameURL not provided', () => { + it('uses publicServerURL', (done) => { + + AppCache.put(defaultConfiguration.appId, Object.assign({}, defaultConfiguration, { + publicServerURL: 'http://www.example.com', + customPages: { + parseFrameURL: undefined + } + })) + + emailAdapter.sendVerificationEmail = (options) => { + expect(options.link).toEqual('http://www.example.com/apps/test/verify_email?token=testToken&username=testUser') + done() + } + + var userController = new UserController(emailAdapter, 'test', { + verifyUserEmails: true + }) + + userController.sendVerificationEmail(user) + }) + }) + + describe('parseFrameURL provided', () => { + it('uses parseFrameURL and includes the destination in the link parameter', (done) => { + + AppCache.put(defaultConfiguration.appId, Object.assign({}, defaultConfiguration, { + publicServerURL: 'http://www.example.com', + customPages: { + parseFrameURL: 'http://someother.example.com/handle-parse-iframe' + } + })) + + emailAdapter.sendVerificationEmail = (options) => { + expect(options.link).toEqual('http://someother.example.com/handle-parse-iframe?link=%2Fapps%2Ftest%2Fverify_email&token=testToken&username=testUser') + done() + } + + var userController = new UserController(emailAdapter, 'test', { + verifyUserEmails: true + }) + + userController.sendVerificationEmail(user) + }) + }) + }) +}); diff --git a/spec/ValidationAndPasswordsReset.spec.js b/spec/ValidationAndPasswordsReset.spec.js index f32813fb7b..cb4de0e686 100644 --- a/spec/ValidationAndPasswordsReset.spec.js +++ b/spec/ValidationAndPasswordsReset.spec.js @@ -12,7 +12,8 @@ describe("Custom Pages, Email Verification, Password Reset", () => { invalidLink: "myInvalidLink", verifyEmailSuccess: "myVerifyEmailSuccess", choosePassword: "myChoosePassword", - passwordResetSuccess: "myPasswordResetSuccess" + passwordResetSuccess: "myPasswordResetSuccess", + parseFrameURL: "http://example.com/handle-parse-iframe" }, publicServerURL: "https://my.public.server.com/1" }) @@ -22,6 +23,7 @@ describe("Custom Pages, Email Verification, Password Reset", () => { expect(config.verifyEmailSuccessURL).toEqual("myVerifyEmailSuccess"); expect(config.choosePasswordURL).toEqual("myChoosePassword"); expect(config.passwordResetSuccessURL).toEqual("myPasswordResetSuccess"); + expect(config.parseFrameURL).toEqual("http://example.com/handle-parse-iframe"); expect(config.verifyEmailURL).toEqual("https://my.public.server.com/1/apps/test/verify_email"); expect(config.requestResetPasswordURL).toEqual("https://my.public.server.com/1/apps/test/request_password_reset"); done(); diff --git a/src/Config.js b/src/Config.js index ed0b51248b..453c9f38d4 100644 --- a/src/Config.js +++ b/src/Config.js @@ -240,6 +240,10 @@ export class Config { return this.customPages.passwordResetSuccess || `${this.publicServerURL}/apps/password_reset_success.html`; } + get parseFrameURL() { + return this.customPages.parseFrameURL; + } + get verifyEmailURL() { return `${this.publicServerURL}/apps/${this.applicationId}/verify_email`; } diff --git a/src/Controllers/UserController.js b/src/Controllers/UserController.js index 48b4c7f00b..b6ca02a55c 100644 --- a/src/Controllers/UserController.js +++ b/src/Controllers/UserController.js @@ -119,7 +119,8 @@ export class UserController extends AdaptableController { // We may need to fetch the user in case of update email this.getUserIfNeeded(user).then((user) => { const username = encodeURIComponent(user.username); - const link = `${this.config.verifyEmailURL}?token=${token}&username=${username}`; + + const link = buildEmailLink(this.config.verifyEmailURL, username, token, this.config); const options = { appName: this.config.appName, link: link, @@ -153,8 +154,8 @@ export class UserController extends AdaptableController { .then(user => { const token = encodeURIComponent(user._perishable_token); const username = encodeURIComponent(user.username); - const link = `${this.config.requestResetPasswordURL}?token=${token}&username=${username}` + const link = buildEmailLink(this.config.requestResetPasswordURL, username, token, this.config); const options = { appName: this.config.appName, link: link, @@ -215,4 +216,16 @@ function updateUserPassword(userId, password, config) { }); } +function buildEmailLink(destination, username, token, config) { + const usernameAndToken = `token=${token}&username=${username}` + + if (config.parseFrameURL) { + const destinationWithoutHost = destination.replace(config.publicServerURL, ''); + + return `${config.parseFrameURL}?link=${encodeURIComponent(destinationWithoutHost)}&${usernameAndToken}`; + } else { + return `${destination}?${usernameAndToken}`; + } +} + export default UserController;