verdnatura-mirror
/
loopback
mirror of https://github.com/strongloop/loopback.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix crash when modifying an unknown user 

Signed-off-by: Matheus Horstmann <mch15@inf.ufpr.br>
Signed-off-by: Miroslav Bajtoš <mbajtoss@gmail.com>
This commit is contained in:
Matheus Horstmann 2019-01-08 11:51:21 -02:00 committed by Miroslav Bajtoš
parent 0bb8c23e2d
commit 2532b0b67e
No known key found for this signature in database
GPG Key ID: 6F2304BA9361C7E3
2 changed files with 41 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
common/models/user.js
View File

@ -1358,7 +1358,14 @@ module.exports = function(User) {
}); });
var emailChanged; var emailChanged;
if (ctx.instance) { if (ctx.instance) {
emailChanged = ctx.instance.email !== ctx.hookState.originalUserData[0].email; // Check if map does not return an empty array
// Fix server crashes when try to PUT a non existent id
if (ctx.hookState.originalUserData.length > 0) {
emailChanged = ctx.instance.email !== ctx.hookState.originalUserData[0].email;
} else {
emailChanged = true;
}
if (emailChanged && ctx.Model.settings.emailVerificationRequired) { if (emailChanged && ctx.Model.settings.emailVerificationRequired) {
ctx.instance.emailVerified = false; ctx.instance.emailVerified = false;
} }

33
test/user.integration.js
View File

@ -63,6 +63,39 @@ describe('users - integration', function() {
}); });
}); });
it('returns error when replacing user that does not exist', function() {
const credentials = {email: 'temp@example.com', password: 'pass'};
const User = app.models.User;
let user;
let hookEnabled = true;
User.beforeRemote('replaceOrCreate', (ctx, unused, next) => {
// don't affect subsequent tests!
if (!hookEnabled) return;
hookEnabled = false;
// Delete the user *AFTER* the PUT request was authorized
// but *BEFORE* replaceOrCreate is invoked
User.deleteById(user.id, next);
});
return User.create(credentials)
.then(u => {
user = u;
return User.login(credentials);
})
.then(token => {
return this.put('/api/users')
.set('Authorization', token.id)
.send({
id: user.id,
email: 'x@x.com',
password: 'x',
})
.expect(404);
});
});
it('should create post for a given user', function(done) { it('should create post for a given user', function(done) {
var url = '/api/users/' + userId + '/posts?access_token=' + accessToken; var url = '/api/users/' + userId + '/posts?access_token=' + accessToken;
this.post(url) this.post(url)