fix(AccessContext): Tighten userid/appid checks

An application may have a use for a falsy ID.
2017-11-15 12:49:13 -06:00 · 2017-11-15 12:49:13 -06:00 · 787f393c7c
parent 6e0e60c2a2
commit 787f393c7c
2 changed files with 52 additions and 4 deletions
--- a/lib/access-context.js
+++ b/lib/access-context.js
@ -61,16 +61,16 @@ function AccessContext(context) {
  var principalType = context.principalType || Principal.USER;
  var principalId = context.principalId || undefined;
  var principalName = context.principalName || undefined;
-  if (principalId) {
+  if (principalId != null) {
    this.addPrincipal(principalType, principalId, principalName);
  }

  var token = this.accessToken || {};

-  if (token.userId) {
+  if (token.userId != null) {
    this.addPrincipal(Principal.USER, token.userId);
  }
-  if (token.appId) {
+  if (token.appId != null) {
    this.addPrincipal(Principal.APPLICATION, token.appId);
  }
  this.remotingContext = context.remotingContext;
@ -151,7 +151,7 @@ AccessContext.prototype.getAppId = function() {
 * @returns {boolean}
 */
 AccessContext.prototype.isAuthenticated = function() {
-  return !!(this.getUserId() || this.getAppId());
+  return this.getUserId() != null || this.getAppId() != null;
 };

 /*!
--- a/test/role.test.js
+++ b/test/role.test.js
@ -303,6 +303,54 @@ describe('role model', function() {
    });
  });

+  it('should be properly authenticated with 0 userId', function(done) {
+    User.create({ name: 'Raymond', email: 'x@y.com', password: 'foobar', id: 0 }, function(err, user) {
+      if (err) return done(err);
+      Role.create({ name: 'userRole' }, function(err, role) {
+        if (err) return done(err);
+        role.principals.create({ principalType: RoleMapping.USER, principalId: user.id },
+        function(err, p) {
+          if (err) return done(err);
+          async.series([
+            function(next) {
+              Role.isInRole(
+                'userRole',
+                { principalType: RoleMapping.USER, principalId: user.id },
+                function(err, inRole) {
+                  if (err) return next(err);
+                  assert(!!inRole);
+                  next();
+                });
+            },
+            function(next) {
+              Role.isInRole(
+                'userRole',
+                { principalType: RoleMapping.APP, principalId: user.id },
+                function(err, inRole) {
+                  if (err) return next(err);
+                  assert(!inRole);
+                  next();
+                });
+            },
+            function(next) {
+              Role.getRoles(
+                { principalType: RoleMapping.USER, principalId: user.id },
+                function(err, roles) {
+                  if (err) return next(err);
+                  expect(roles).to.eql([
+                    Role.AUTHENTICATED,
+                    Role.EVERYONE,
+                    role.id,
+                  ]);
+                  next();
+                });
+            },
+          ], done);
+        });
+      });
+    });
+  });
+
  it('should support owner role resolver', function(done) {
    Role.registerResolver('returnPromise', function(role, context) {
      return new Promise(function(resolve) {