Merge pull request #3316 from strongloop/fix/options-in-token-invalidations-master

Forward options in prepareForTokenInvalidation
2017-03-28 16:17:39 +02:00 · 2017-03-28 16:17:39 +02:00 · 53182affef
parent f736da64f4 94f267884f
commit 53182affef
2 changed files with 34 additions and 3 deletions
--- a/common/models/user.js
+++ b/common/models/user.js
@ -980,7 +980,7 @@ module.exports = function(User) {
      where[pkName] = ctx.instance[pkName];
    }

-    ctx.Model.find({where: where}, function(err, userInstances) {
+    ctx.Model.find({where: where}, ctx.options, function(err, userInstances) {
      if (err) return next(err);
      ctx.hookState.originalUserData = userInstances.map(function(u) {
        var user = {};
--- a/test/user.test.js
+++ b/test/user.test.js
@ -11,6 +11,7 @@ var loopback = require('../');
 var User, AccessToken;
 var async = require('async');
 var url = require('url');
+var extend = require('util')._extend;

 describe('User', function() {
  this.timeout(10000);
@ -1380,8 +1381,7 @@ describe('User', function() {
          {hook: 'access', testFlag: true},

          // "before save" hook prepareForTokenInvalidation
-          // FIXME(bajtos) the hook should be forwarding the options too!
-          {hook: 'access'},
+          {hook: 'access', testFlag: true},

          // updateAttributes
          {hook: 'before save', testFlag: true},
@ -2527,6 +2527,37 @@ describe('User', function() {
      });
    });

+    it('forwards the "options" argument', function(done) {
+      var options = {testFlag: true};
+      var observedOptions = [];
+
+      saveObservedOptionsForHook('access', User);
+      saveObservedOptionsForHook('before delete', AccessToken);
+
+      user.updateAttribute('password', 'newPass', options, function(err, updated) {
+        if (err) return done(err);
+
+        expect(observedOptions).to.eql([
+          // prepareForTokenInvalidation - load current instance data
+          {hook: 'access', testFlag: true},
+
+          // validate uniqueness of User.email
+          {hook: 'access', testFlag: true},
+
+          // _invalidateAccessTokensOfUsers - deleteAll
+          {hook: 'before delete', testFlag: true},
+        ]);
+        done();
+      });
+
+      function saveObservedOptionsForHook(name, model) {
+        model.observe(name, function(ctx, next) {
+          observedOptions.push(extend({hook: name}, ctx.options));
+          next();
+        });
+      }
+    });
+
    it('preserves other user sessions if their password is  untouched', function(done) {
      var user1, user2, user1Token;
      async.series([