From 37e57f69431606b06579f2d6d007cf5fd7962303 Mon Sep 17 00:00:00 2001 From: mcitdev Date: Sat, 16 Jun 2018 15:32:23 +0000 Subject: [PATCH] Fix crash in User model's "before delete" hook Update User's "before delete" hook to take into account the case when the related AccessToken model was not configured in the application (attached to a datasource). --- common/models/user.js | 3 +++ test/user.test.js | 17 +++++++++++++++++ 2 files changed, 20 insertions(+) diff --git a/common/models/user.js b/common/models/user.js index 58411b42..eb2b9247 100644 --- a/common/models/user.js +++ b/common/models/user.js @@ -346,6 +346,9 @@ module.exports = function(User) { }; User.observe('before delete', function(ctx, next) { + // Do nothing when the access control was disabled for this user model. + if (!ctx.Model.relations.accessTokens) return next(); + var AccessToken = ctx.Model.relations.accessTokens.modelTo; var pkName = ctx.Model.definition.idName() || 'id'; ctx.Model.find({where: ctx.where, fields: [pkName]}, function(err, list) { diff --git a/test/user.test.js b/test/user.test.js index fb77175c..de7841bc 100644 --- a/test/user.test.js +++ b/test/user.test.js @@ -299,6 +299,23 @@ describe('User', function() { }); }); + it('skips token invalidation when the relation is not configured', () => { + const app = loopback({localRegistry: true, loadBuiltinModels: true}); + app.dataSource('db', {connector: 'memory'}); + + const PrivateUser = app.registry.createModel({ + name: 'PrivateUser', + base: 'User', + // Speed up the password hashing algorithm for tests + saltWorkFactor: 4, + }); + app.model(PrivateUser, {dataSource: 'db'}); + + return PrivateUser.create({email: 'private@example.com', password: 'pass'}) + .then(u => PrivateUser.deleteById(u.id)); + // the test passed when the operation did not crash + }); + it('invalidates the user\'s accessToken when the user is deleted all', function(done) { var userIds = []; var users;