Merge pull request #2814 from strongloop/backport/partial-update

Validate non-email property partial update
2016-10-03 18:02:47 -04:00 · 2016-10-03 18:02:47 -04:00 · 715bc1ece6
parent 46f0c061c0 bdeaf654fa
commit 715bc1ece6
2 changed files with 39 additions and 0 deletions
--- a/common/models/user.js
+++ b/common/models/user.js
@ -681,7 +681,9 @@ module.exports = function(User) {
    UserModel.observe('after save', function afterEmailUpdate(ctx, next) {
      if (!ctx.Model.relations.accessTokens) return next();
      var AccessToken = ctx.Model.relations.accessTokens.modelTo;
+      if (!ctx.instance && !ctx.data) return next();
      var newEmail = (ctx.instance || ctx.data).email;
+      if (!newEmail) return next();
      if (!ctx.hookState.originalUserData) return next();
      var idsToExpire = ctx.hookState.originalUserData.filter(function(u) {
        return u.email !== newEmail;
--- a/test/user.test.js
+++ b/test/user.test.js
@ -1972,6 +1972,43 @@ describe('User', function() {
        ], done);
      });

+      it('keeps sessions AS IS if non-email property is changed using updateAll', function(done) {
+        var userPartial;
+        async.series([
+          function createPartialUser(next) {
+            User.create(
+              { email: 'partial@example.com', password: 'pass1', age: 25 },
+              function(err, partialInstance) {
+                if (err) return next(err);
+                userPartial = partialInstance;
+                next();
+              });
+          },
+          function loginPartiallUser(next) {
+            User.login({ email: 'partial@example.com', password: 'pass1' }, function(err, ats) {
+              if (err) return next(err);
+              next();
+            });
+          },
+          function updatePartialUser(next) {
+            User.updateAll(
+              { id: userPartial.id },
+              { age: userPartial.age + 1 },
+              function(err, info) {
+                if (err) return next(err);
+                next();
+              });
+          },
+          function verifyTokensOfPartialUser(next) {
+            AccessToken.find({ where: { userId: userPartial.id }}, function(err, tokens1) {
+              if (err) return next(err);
+              expect(tokens1.length).to.equal(1);
+              next();
+            });
+          },
+        ], done);
+      });
+
      function assertPreservedToken(done) {
        AccessToken.find({ where: { userId: user.id }}, function(err, tokens) {
          if (err) return done(err);