check if organization specified during login matches the user organization

Frederic Lavigne · Frederic Lavigne · commit 21a1633f28f7 · 2017-06-16T09:32:39.000+02:00
#58
diff --git a/.csignore b/.csignore
@@ -1,2 +1,4 @@
 node_modules
 ui-react/node_modules
+design
+phone
diff --git a/config/passport.js b/config/passport.js
@@ -67,6 +67,13 @@ module.exports = function(passport, appEnv, readyCallback) {
 
         // user was found, now determine if password matches
         const user = result.docs[0];
+
+        // ensure that the right organization is specified if needed
+        if (user.organization !== req.body.organization) {
+          console.log('Invalid organization specified');
+          return done(null, null, 'Invalid organization');
+        }
+
         if (bcrypt.compareSync(password, user.password)) {
           console.log('Password matches');
           return done(null, user, null);
diff --git a/test/users.spec.js b/test/users.spec.js
@@ -7,13 +7,19 @@ describe('Users', () => {
   const username = `john-${new Date().getTime()}@acme.com`;
   const password = '123';
 
+  const orgUsername = `jim-${new Date().getTime()}@insurance.com`;
+  const orgPassword = '456';
+  const organization = `org-${new Date().getTime()}`;
+
   let app;
   let api;
+  let apiAnon;
 
   before((done) => {
     require('../server')((err, readyApp) => {
       app = readyApp;
       api = supertest.agent(app); // .agent() persists cookies between calls
+      apiAnon = supertest(app);
       done();
     });
   });
@@ -74,6 +80,17 @@ describe('Users', () => {
       });
   });
 
+  it('can not log in with an organization if it is not part of one', (done) => {
+    api.post('/api/users/login')
+      .send(`email=${username}`)
+      .send(`password=${password}`)
+      .send('organization=anOrg')
+      .expect(401)
+      .end((err) => {
+        done(err);
+      });
+  });
+
   it('can ensure if it is logged', (done) => {
     api.get('/api/users/isLoggedIn')
       .expect(200)
@@ -83,4 +100,37 @@ describe('Users', () => {
         done(err);
       });
   });
+
+
+  it('can register an organization account', (done) => {
+    apiAnon.post('/api/users/signup')
+      .send(`email=${orgUsername}`)
+      .send(`password=${orgPassword}`)
+      .send(`organization=${organization}`)
+      .expect(200)
+      .end((err) => {
+        done(err);
+      });
+  });
+
+  it('can login by specifying its organization', (done) => {
+    apiAnon.post('/api/users/login')
+      .send(`email=${orgUsername}`)
+      .send(`password=${orgPassword}`)
+      .send(`organization=${organization}`)
+      .expect(200)
+      .end((err) => {
+        done(err);
+      });
+  });
+
+  it('can not login without specifying its organization', (done) => {
+    apiAnon.post('/api/users/login')
+      .send(`email=${orgUsername}`)
+      .send(`password=${orgPassword}`)
+      .expect(401)
+      .end((err) => {
+        done(err);
+      });
+  });
 });
