Check usernameOnly parameter in passwordMatches (#609)

lsohn · flovilmart · commit b3fcf2bbbaf8 · 2016-12-04T17:56:59.000-05:00
* Check usernameOnly parameter in passwordMatches

* Added test for 'authenticates valid user with valid username and usernameOnly and encrypted passwords'
diff --git a/Parse-Dashboard/Authentication.js b/Parse-Dashboard/Authentication.js
@@ -88,7 +88,7 @@ function authenticate(userToTest, usernameOnly) {
     this.validUsers.find(user => {
       let isAuthenticated = false;
       let usernameMatches = userToTest.name == user.user;
-      let passwordMatches = this.useEncryptedPasswords ? bcrypt.compareSync(userToTest.pass, user.pass) : userToTest.pass == user.pass;
+      let passwordMatches = this.useEncryptedPasswords && !usernameOnly ? bcrypt.compareSync(userToTest.pass, user.pass) : userToTest.pass == user.pass;
       if (usernameMatches && (usernameOnly || passwordMatches)) {
         isAuthenticated = true;
         matchingUsername = user.user;
diff --git a/src/lib/tests/Authentication.test.js b/src/lib/tests/Authentication.test.js
@@ -101,4 +101,10 @@ describe('Authentication', () => {
     expect(authentication.authenticate({name: 'parse.dashboard'}))
       .toEqual(createAuthenticationResult(false, null, null));
   });
+
+  it('authenticates valid user with valid username and usernameOnly and encrypted password', () => {
+    let authentication = new Authentication(encryptedUsers, true);
+    expect(authentication.authenticate({name: 'parse.dashboard'}, true))
+      .toEqual(createAuthenticationResult(true, 'parse.dashboard', null));
+  });
 });
