From 266e9f5a9aa811482d195c8bfa85b084fd54513d Mon Sep 17 00:00:00 2001
From: Heath Morrison <heath@itruns.co>
Date: Tue, 18 Oct 2016 22:02:14 +0200
Subject: [PATCH] Continue _coerce after logical operators

---
 lib/dao.js               |  3 ++-
 test/loopback-dl.test.js | 24 ++++++++++++++++++++++++
 2 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/lib/dao.js b/lib/dao.js
index 57c9ba7e..61303dc0 100644
--- a/lib/dao.js
+++ b/lib/dao.js
@@ -1559,7 +1559,8 @@ DataAccessObject._coerce = function(where) {
         err.statusCode = 400;
         throw err;
       }
-      return where;
+
+      continue;
     }
     var DataType = props[p] && props[p].type;
     if (!DataType) {
diff --git a/test/loopback-dl.test.js b/test/loopback-dl.test.js
index ff8d9839..dbbc2557 100644
--- a/test/loopback-dl.test.js
+++ b/test/loopback-dl.test.js
@@ -1421,6 +1421,16 @@ describe('DataAccessObject', function() {
     assert.deepEqual(where, {or: [{age: 10}, {vip: true}]});
   });
 
+  it('continues to coerce properties after a logical operator', function() {
+    var clause = {and: [{age: '10'}], vip: 'true'};
+
+    // Key order is predictable but not guaranteed. We prefer false negatives (failure) to false positives.
+    assert(Object.keys(clause)[0] === 'and', 'Unexpected key order.');
+
+    where = model._coerce(clause);
+    assert.deepEqual(where, {and: [{age: 10}], vip: true});
+  });
+
   it('should throw if the where property is not an object', function() {
     try {
       // The where clause has to be an object
@@ -1473,6 +1483,20 @@ describe('DataAccessObject', function() {
     assert(error, 'An error should have been thrown');
   });
 
+  it('throws an error when malformed logical operators follow valid logical clauses', function() {
+    var invalid = {and: [{x: 1}], or: 'bogus'};
+
+    // Key order is predictable but not guaranteed. We prefer false negatives (failure) to false positives.
+    assert(Object.keys(invalid)[0] !== 'or', 'Unexpected key order.');
+
+    try {
+      model._coerce(invalid);
+    } catch (err) {
+      error = err;
+    }
+    assert(error, 'An error should have been thrown');
+  });
+
   it('should throw if filter property is not an object', function() {
     var filter = null;
     try {