Fix crash in User model's "before delete" hook

Update User's "before delete" hook to take into account the case when
the related AccessToken model was not configured in the application
(attached to a datasource).
This commit is contained in:
mcitdev 2018-06-16 15:32:23 +00:00 committed by Miroslav Bajtoš
parent 9c554fd4f0
commit 37e57f6943
No known key found for this signature in database
GPG Key ID: 6F2304BA9361C7E3
2 changed files with 20 additions and 0 deletions

View File

@ -346,6 +346,9 @@ module.exports = function(User) {
}; };
User.observe('before delete', function(ctx, next) { User.observe('before delete', function(ctx, next) {
// Do nothing when the access control was disabled for this user model.
if (!ctx.Model.relations.accessTokens) return next();
var AccessToken = ctx.Model.relations.accessTokens.modelTo; var AccessToken = ctx.Model.relations.accessTokens.modelTo;
var pkName = ctx.Model.definition.idName() || 'id'; var pkName = ctx.Model.definition.idName() || 'id';
ctx.Model.find({where: ctx.where, fields: [pkName]}, function(err, list) { ctx.Model.find({where: ctx.where, fields: [pkName]}, function(err, list) {

View File

@ -299,6 +299,23 @@ describe('User', function() {
}); });
}); });
it('skips token invalidation when the relation is not configured', () => {
const app = loopback({localRegistry: true, loadBuiltinModels: true});
app.dataSource('db', {connector: 'memory'});
const PrivateUser = app.registry.createModel({
name: 'PrivateUser',
base: 'User',
// Speed up the password hashing algorithm for tests
saltWorkFactor: 4,
});
app.model(PrivateUser, {dataSource: 'db'});
return PrivateUser.create({email: 'private@example.com', password: 'pass'})
.then(u => PrivateUser.deleteById(u.id));
// the test passed when the operation did not crash
});
it('invalidates the user\'s accessToken when the user is deleted all', function(done) { it('invalidates the user\'s accessToken when the user is deleted all', function(done) {
var userIds = []; var userIds = [];
var users; var users;