verdnatura-mirror
/
loopback
mirror of https://github.com/strongloop/loopback.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4111 from strongloop/fix-crash-when-replacing-unknown-user 

Fix crash when modifying an unknown user
This commit is contained in:
Miroslav Bajtoš 2019-01-11 16:45:50 +01:00 committed by GitHub
parent e513019ed5 d4e8116023
commit 2992cfbbdf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 46 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
common/models/user.js
View File

@ -897,7 +897,14 @@ module.exports = function(User) {
}); });
var emailChanged; var emailChanged;
if (ctx.instance) { if (ctx.instance) {
emailChanged = ctx.instance.email !== ctx.hookState.originalUserData[0].email; // Check if map does not return an empty array
// Fix server crashes when try to PUT a non existent id
if (ctx.hookState.originalUserData.length > 0) {
emailChanged = ctx.instance.email !== ctx.hookState.originalUserData[0].email;
} else {
emailChanged = true;
}
if (emailChanged && ctx.Model.settings.emailVerificationRequired) { if (emailChanged && ctx.Model.settings.emailVerificationRequired) {
ctx.instance.emailVerified = false; ctx.instance.emailVerified = false;
} }

38
test/user.integration.js
View File

@ -69,6 +69,44 @@ describe('users - integration', function() {
}); });
}); });
it('returns error when replacing user that does not exist', function() {
var self = this;
var credentials = {email: 'temp@example.com', password: 'pass'};
var User = app.models.User;
var user;
// verify that logoutSessionsOnSensitiveChanges is enabled,
// otherwise this test always passes
expect(app.get('logoutSessionsOnSensitiveChanges')).to.equal(true);
var hookEnabled = true;
User.beforeRemote('replaceOrCreate', function(ctx, unused, next) {
// don't affect subsequent tests!
if (!hookEnabled) return;
hookEnabled = false;
// Delete the user *AFTER* the PUT request was authorized
// but *BEFORE* replaceOrCreate is invoked
User.deleteById(user.id, next);
});
return User.create(credentials)
.then(function(u) {
user = u;
return User.login(credentials);
})
.then(function(token) {
return self.post('/api/users/replaceOrCreate')
.set('Authorization', token.id)
.send({
id: user.id,
email: 'x@x.com',
password: 'x',
})
.expect(200);
});
});
it('should create post for a given user', function(done) { it('should create post for a given user', function(done) {
var url = '/api/users/' + userId + '/posts?access_token=' + accessToken; var url = '/api/users/' + userId + '/posts?access_token=' + accessToken;
this.post(url) this.post(url)