Fix crash in User model's "before delete" hook

Update User's "before delete" hook to take into account the case when the related AccessToken model was not configured in the application (attached to a datasource).
2018-06-16 15:32:23 +00:00 · 2018-06-16 15:32:23 +00:00 · 37e57f6943
parent 9c554fd4f0
commit 37e57f6943
2 changed files with 20 additions and 0 deletions
--- a/common/models/user.js
+++ b/common/models/user.js
@ -346,6 +346,9 @@ module.exports = function(User) {
  };

  User.observe('before delete', function(ctx, next) {
+    // Do nothing when the access control was disabled for this user model.
+    if (!ctx.Model.relations.accessTokens) return next();
+
    var AccessToken = ctx.Model.relations.accessTokens.modelTo;
    var pkName = ctx.Model.definition.idName() || 'id';
    ctx.Model.find({where: ctx.where, fields: [pkName]}, function(err, list) {
--- a/test/user.test.js
+++ b/test/user.test.js
@ -299,6 +299,23 @@ describe('User', function() {
      });
    });

+    it('skips token invalidation when the relation is not configured', () => {
+      const app = loopback({localRegistry: true, loadBuiltinModels: true});
+      app.dataSource('db', {connector: 'memory'});
+
+      const PrivateUser = app.registry.createModel({
+        name: 'PrivateUser',
+        base: 'User',
+        // Speed up the password hashing algorithm for tests
+        saltWorkFactor: 4,
+      });
+      app.model(PrivateUser, {dataSource: 'db'});
+
+      return PrivateUser.create({email: 'private@example.com', password: 'pass'})
+        .then(u => PrivateUser.deleteById(u.id));
+      // the test passed when the operation did not crash
+    });
+
    it('invalidates the user\'s accessToken when the user is deleted all', function(done) {
      var userIds = [];
      var users;