From 0cc2b5b8db280154466e3bce6850a5dfde963d94 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miroslav=20Bajto=C5=A1?= <mbajtos@cz.ibm.com>
Date: Tue, 31 Jan 2017 15:53:41 +0100
Subject: [PATCH] Fix detection of logoutSessionsOnSensitiveChanges

Modify the code detecting whether logoutSessionsOnSensitiveChanges
is enabled to correctly handle the case when the model is not attached
to any application, as is the case with loopback-component-passport
tests.
---
 common/models/user.js | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/common/models/user.js b/common/models/user.js
index 03056188..4929fb84 100644
--- a/common/models/user.js
+++ b/common/models/user.js
@@ -867,7 +867,9 @@ module.exports = function(User) {
   });
 
   User.observe('before save', function prepareForTokenInvalidation(ctx, next) {
-    if (!ctx.Model.app.get('logoutSessionsOnSensitiveChanges')) return next();
+    var invalidationEnabled = ctx.Model.app &&
+      ctx.Model.app.get('logoutSessionsOnSensitiveChanges');
+    if (!invalidationEnabled) return next();
 
     if (ctx.isNewInstance) return next();
     if (!ctx.where && !ctx.instance) return next();
@@ -909,7 +911,9 @@ module.exports = function(User) {
   });
 
   User.observe('after save', function invalidateOtherTokens(ctx, next) {
-    if (!ctx.Model.app.get('logoutSessionsOnSensitiveChanges')) return next();
+    var invalidationEnabled = ctx.Model.app &&
+      ctx.Model.app.get('logoutSessionsOnSensitiveChanges');
+    if (!invalidationEnabled) return next();
 
     if (!ctx.instance && !ctx.data) return next();
     if (!ctx.hookState.originalUserData) return next();