Bug 1010623 - sign out when password was reset on web. r=jedp

2024-09-13 09:24:08 -07:00 · 2014-05-15 16:52:52 -07:00 · 2014-05-15 16:52:52 -07:00 · 8c969c2c46
commit 8c969c2c46
parent e6c814edbb
3 changed files with 68 additions and 0 deletions
--- a/services/fxaccounts/FxAccounts.jsm
+++ b/services/fxaccounts/FxAccounts.jsm
@ -25,6 +25,7 @@ XPCOMUtils.defineLazyModuleGetter(this, "jwcrypto",

 // All properties exposed by the public FxAccounts API.
 let publicProperties = [
+  "accountStatus",
  "getAccountsClient",
  "getAccountsSignInURI",
  "getAccountsSignUpURI",
@ -511,6 +512,15 @@ FxAccountsInternal.prototype = {
    this.currentAccountState = new AccountState(this);
  },

+  accountStatus: function accountStatus() {
+    return this.currentAccountState.getUserAccountData().then(data => {
+      if (!data) {
+        return false;
+      }
+      return this.fxAccountsClient.accountStatus(data.uid);
+    });
+  },
+
  signOut: function signOut(localOnly) {
    let currentState = this.currentAccountState;
    let sessionToken;
--- a/services/fxaccounts/FxAccountsClient.jsm
+++ b/services/fxaccounts/FxAccountsClient.jsm
@ -288,6 +288,24 @@ this.FxAccountsClient.prototype = {
    );
  },

+  /**
+   * Given the uid of an existing account (not an arbitrary email), ask
+   * the server if it still exists via /account/status.
+   *
+   * Used for differentiating between password change and account deletion.
+   */
+  accountStatus: function(uid) {
+    return this._request("/account/status?uid="+uid, "GET").then(
+      (result) => {
+        return result.exists;
+      },
+      (error) => {
+        log.error("accountStatus failed with: " + error);
+        return Promise.reject(error);
+      }
+    );
+  },
+
  /**
   * The FxA auth server expects requests to certain endpoints to be authorized using Hawk.
   * Hawk credentials are derived using shared secrets, which depend on the context
--- a/services/fxaccounts/tests/xpcshell/test_accounts.js
+++ b/services/fxaccounts/tests/xpcshell/test_accounts.js
@ -41,6 +41,7 @@ function run_test() {
 function MockFxAccountsClient() {
  this._email = "nobody@example.com";
  this._verified = false;
+  this._deletedOnServer = false; // for testing accountStatus

  // mock calls up to the auth server to determine whether the
  // user account has been verified
@ -57,6 +58,12 @@ function MockFxAccountsClient() {
    return deferred.promise;
  };

+  this.accountStatus = function(uid) {
+    let deferred = Promise.defer();
+    deferred.resolve(!!uid && (!this._deletedOnServer));
+    return deferred.promise;
+  };
+
  this.accountKeys = function (keyFetchToken) {
    let deferred = Promise.defer();

@ -505,6 +512,39 @@ add_task(function test_resend_email_not_signed_in() {
  do_throw("Should not be able to resend email when nobody is signed in");
 });

+add_test(function test_accountStatus() {
+  let fxa = new MockFxAccounts();
+  let alice = getTestUser("alice");
+
+  // If we have no user, we have no account server-side
+  fxa.accountStatus().then(
+    (result) => {
+      do_check_false(result);
+    }
+  ).then(
+    () => {
+      fxa.setSignedInUser(alice).then(
+        () => {
+          fxa.accountStatus().then(
+            (result) => {
+               // FxAccounts.accountStatus() should match Client.accountStatus()
+               do_check_true(result);
+               fxa.internal.fxAccountsClient._deletedOnServer = true;
+               fxa.accountStatus().then(
+                 (result) => {
+                   do_check_false(result);
+                   fxa.internal.fxAccountsClient._deletedOnServer = false;
+                   run_next_test();
+                 }
+               );
+            }
+          )
+        }
+      );
+    }
+  );
+});
+
 add_test(function test_resend_email() {
  let fxa = new MockFxAccounts();
  let alice = getTestUser("alice");