Merge pull request #155 from filipedeschamps/remove-password

feat(user): remove all `password` features
filipedeschamps · Jan 20, 2022 · 270fa31 · 270fa31 · vercel · Jan 20, 2022
2 parents dec181b + e4faba3
commit 270fa31
Show file tree

Hide file tree

Showing 4 changed files with 5 additions and 211 deletions.
diff --git a/infra/migrations/1632278997051_create-user-table.js b/infra/migrations/1632278997051_create-user-table.js
@@ -22,12 +22,6 @@ exports.up = (pgm) => {
       unique: true,
     },
 
-    // Why 72 in length? https://security.stackexchange.com/a/39851
-    password: {
-      type: 'varchar(72)',
-      notNull: true,
-    },
-
     // Why "with timezone"? https://stackoverflow.com/a/20713587
     created_at: {
       type: 'timestamp with time zone',

diff --git a/models/user.js b/models/user.js
@@ -46,11 +46,11 @@ export default function User() {
     }
 
     async function insertIntoDatabase(data) {
-      const { username, email, password } = data;
+      const { username, email } = data;
 
       const query = {
-        text: 'INSERT INTO users (username, email, password) VALUES($1, $2, $3) RETURNING *;',
-        values: [username, email, password],
+        text: 'INSERT INTO users (username, email) VALUES($1, $2) RETURNING *;',
+        values: [username, email],
       };
       const results = await database.query(query);
       return results.rows[0];
@@ -73,13 +73,6 @@ export default function User() {
         'string.base': `"email" deve ser do tipo String.`,
         'string.email': `"email" deve conter um email válido.`,
       }),
-      password: Joi.string().min(8).max(72).trim().required().messages({
-        'any.required': `"password" é um campo obrigatório.`,
-        'string.empty': `"password" não pode estar em branco.`,
-        'string.base': `"password" deve ser do tipo String.`,
-        'string.min': `"password" deve conter no mínimo {#limit} caracteres.`,
-        'string.max': `"password" deve conter no máximo {#limit} caracteres.`,
-      }),
     });
 
     const { error, value } = schema.validate(postedUserData, { stripUnknown: true });
@@ -110,11 +103,10 @@ export default function User() {
         text: `UPDATE users SET
                 username = $1,
                 email = $2,
-                password = $3,
                 updated_at = (now() at time zone 'utc')
-                WHERE username = $4
+                WHERE username = $3
                 RETURNING *;`,
-        values: [newUser.username, newUser.email, newUser.password, currentUser.username],
+        values: [newUser.username, newUser.email, currentUser.username],
       };
 
       const results = await database.query(query);
@@ -141,13 +133,6 @@ export default function User() {
         'string.base': `"email" deve ser do tipo String.`,
         'string.email': `"email" deve conter um email válido.`,
       }),
-      password: Joi.string().min(8).max(72).trim().messages({
-        'any.required': `"password" é um campo obrigatório.`,
-        'string.empty': `"password" não pode estar em branco.`,
-        'string.base': `"password" deve ser do tipo String.`,
-        'string.min': `"password" deve conter no mínimo {#limit} caracteres.`,
-        'string.max': `"password" deve conter no máximo {#limit} caracteres.`,
-      }),
     });
 
     const { error, value } = schema.validate(userData, { stripUnknown: true });

diff --git a/pages/api/v1/users/[username].test.js b/pages/api/v1/users/[username].test.js
@@ -38,7 +38,6 @@ describe('GET /api/v1/users/:username', () => {
         body: JSON.stringify({
           username: 'userNameToBeFound',
           email: '[email protected]',
-          password: 'validpassword',
         }),
       });
 
@@ -66,7 +65,6 @@ describe('GET /api/v1/users/:username', () => {
         body: JSON.stringify({
           username: 'userNameToBeFoundCAPS',
           email: '[email protected]',
-          password: 'validpassword',
         }),
       });
 
@@ -95,7 +93,6 @@ describe('PATCH /api/v1/users/:username', () => {
         },
         body: JSON.stringify({
           email: '[email protected]',
-          password: 'validpassword',
         }),
       });
 
@@ -122,7 +119,6 @@ describe('PATCH /api/v1/users/:username', () => {
         body: JSON.stringify({
           username: 'patchWithUnknownKey',
           email: '[email protected]',
-          password: 'validpassword',
         }),
       });
 
@@ -149,7 +145,6 @@ describe('PATCH /api/v1/users/:username', () => {
       expect(responseBody.email).toEqual('[email protected]');
       expect(Date.parse(responseBody.created_at)).not.toEqual(NaN);
       expect(Date.parse(responseBody.updated_at)).not.toEqual(NaN);
-      expect(responseBody).not.toHaveProperty('password');
       expect(responseBody).not.toHaveProperty('unknownKey');
     });
   });
@@ -164,7 +159,6 @@ describe('PATCH /api/v1/users/:username', () => {
         body: JSON.stringify({
           username: 'willpatchwithextraspace',
           email: '[email protected]',
-          password: 'validpassword',
         }),
       });
 
@@ -178,7 +172,6 @@ describe('PATCH /api/v1/users/:username', () => {
         body: JSON.stringify({
           username: 'extraSpaceInTheEnd ',
           email: ' [email protected]',
-          password: 'validpassword ',
         }),
       });
 
@@ -191,7 +184,6 @@ describe('PATCH /api/v1/users/:username', () => {
       expect(responseBody.email).toEqual('[email protected]');
       expect(Date.parse(responseBody.created_at)).not.toEqual(NaN);
       expect(Date.parse(responseBody.updated_at)).not.toEqual(NaN);
-      expect(responseBody).not.toHaveProperty('password');
     });
   });
 
@@ -205,7 +197,6 @@ describe('PATCH /api/v1/users/:username', () => {
         body: JSON.stringify({
           username: 'CURRENTusername',
           email: '[email protected]',
-          password: 'validpassword',
         }),
       });
 
@@ -231,7 +222,6 @@ describe('PATCH /api/v1/users/:username', () => {
       expect(patchUserResponseBody.email).toEqual('[email protected]');
       expect(Date.parse(patchUserResponseBody.created_at)).not.toEqual(NaN);
       expect(Date.parse(patchUserResponseBody.updated_at)).not.toEqual(NaN);
-      expect(patchUserResponseBody).not.toHaveProperty('password');
     });
   });
 
@@ -245,7 +235,6 @@ describe('PATCH /api/v1/users/:username', () => {
         body: JSON.stringify({
           username: 'firstUserPatch',
           email: '[email protected]',
-          password: 'validpassword',
         }),
       });
 
@@ -257,7 +246,6 @@ describe('PATCH /api/v1/users/:username', () => {
         body: JSON.stringify({
           username: 'secondUserPatch',
           email: '[email protected]',
-          password: 'validpassword',
         }),
       });
 
@@ -294,7 +282,6 @@ describe('PATCH /api/v1/users/:username', () => {
         body: JSON.stringify({
           username: 'DIFFERENTuppercaseletters',
           email: '[email protected]',
-          password: 'validpassword',
         }),
       });
 
@@ -306,7 +293,6 @@ describe('PATCH /api/v1/users/:username', () => {
         body: JSON.stringify({
           username: 'randomuser23y2876487',
           email: '[email protected]',
-          password: 'validpassword',
         }),
       });
 
@@ -343,7 +329,6 @@ describe('PATCH /api/v1/users/:username', () => {
         body: JSON.stringify({
           username: 'emptyString',
           email: '[email protected]',
-          password: 'validpassword',
         }),
       });
 
@@ -380,7 +365,6 @@ describe('PATCH /api/v1/users/:username', () => {
         body: JSON.stringify({
           username: 'NumberUser',
           email: '[email protected]',
-          password: 'validpassword',
         }),
       });
 
@@ -417,7 +401,6 @@ describe('PATCH /api/v1/users/:username', () => {
         body: JSON.stringify({
           username: 'validuserwithnoalphanumeric',
           email: '[email protected]',
-          password: 'validpassword',
         }),
       });
 
@@ -454,7 +437,6 @@ describe('PATCH /api/v1/users/:username', () => {
         body: JSON.stringify({
           username: 'correctLengthUser',
           email: '[email protected]',
-          password: 'validpassword',
         }),
       });
 
@@ -491,7 +473,6 @@ describe('PATCH /api/v1/users/:username', () => {
         body: JSON.stringify({
           username: 'willbetoolong',
           email: '[email protected]',
-          password: 'validpassword',
         }),
       });
 
@@ -528,7 +509,6 @@ describe('PATCH /api/v1/users/:username', () => {
         body: JSON.stringify({
           username: 'currentusernameemail',
           email: '[email protected]',
-          password: 'validpassword',
         }),
       });
 
@@ -551,7 +531,6 @@ describe('PATCH /api/v1/users/:username', () => {
       expect(patchUserResponseBody.email).toEqual('[email protected]');
       expect(Date.parse(patchUserResponseBody.created_at)).not.toEqual(NaN);
       expect(Date.parse(patchUserResponseBody.updated_at)).not.toEqual(NaN);
-      expect(patchUserResponseBody).not.toHaveProperty('password');
     });
   });
 
@@ -565,7 +544,6 @@ describe('PATCH /api/v1/users/:username', () => {
         body: JSON.stringify({
           username: 'firstUserPatchEmail',
           email: '[email protected]',
-          password: 'validpassword',
         }),
       });
 
@@ -577,7 +555,6 @@ describe('PATCH /api/v1/users/:username', () => {
         body: JSON.stringify({
           username: 'secondUserPatchEmail',
           email: '[email protected]',
-          password: 'validpassword',
         }),
       });
 
@@ -614,7 +591,6 @@ describe('PATCH /api/v1/users/:username', () => {
         body: JSON.stringify({
           username: 'emailDIFFERENTuppercase1',
           email: '[email protected]',
-          password: 'validpassword',
         }),
       });
 
@@ -626,7 +602,6 @@ describe('PATCH /api/v1/users/:username', () => {
         body: JSON.stringify({
           username: 'emailDIFFERENTuppercase2',
           email: '[email protected]',
-          password: 'validpassword',
         }),
       });
 
@@ -666,7 +641,6 @@ describe('PATCH /api/v1/users/:username', () => {
         body: JSON.stringify({
           username: 'emptyStringEmail',
           email: '[email protected]',
-          password: 'validpassword',
         }),
       });
 
@@ -703,7 +677,6 @@ describe('PATCH /api/v1/users/:username', () => {
         body: JSON.stringify({
           username: 'NumberEmail',
           email: '[email protected]',
-          password: 'validpassword',
         }),
       });
 
@@ -740,7 +713,6 @@ describe('PATCH /api/v1/users/:username', () => {
         body: JSON.stringify({
           username: 'validuserwithnoalphanumeric',
           email: '[email protected]',
-          password: 'validpassword',
         }),
       });