From 94f267884ff8dbb9bee5ec1fcbd42f08e77da596 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miroslav=20Bajto=C5=A1?= <mbajtos@cz.ibm.com>
Date: Fri, 24 Mar 2017 14:57:41 +0100
Subject: [PATCH] Forward options in prepareForTokenInvalidation

---
 common/models/user.js |  2 +-
 test/user.test.js     | 35 +++++++++++++++++++++++++++++++++--
 2 files changed, 34 insertions(+), 3 deletions(-)

diff --git a/common/models/user.js b/common/models/user.js
index 1ea71476..4892fc0a 100644
--- a/common/models/user.js
+++ b/common/models/user.js
@@ -980,7 +980,7 @@ module.exports = function(User) {
       where[pkName] = ctx.instance[pkName];
     }
 
-    ctx.Model.find({where: where}, function(err, userInstances) {
+    ctx.Model.find({where: where}, ctx.options, function(err, userInstances) {
       if (err) return next(err);
       ctx.hookState.originalUserData = userInstances.map(function(u) {
         var user = {};
diff --git a/test/user.test.js b/test/user.test.js
index 48b51d7e..1004a348 100644
--- a/test/user.test.js
+++ b/test/user.test.js
@@ -11,6 +11,7 @@ var loopback = require('../');
 var User, AccessToken;
 var async = require('async');
 var url = require('url');
+var extend = require('util')._extend;
 
 describe('User', function() {
   this.timeout(10000);
@@ -1380,8 +1381,7 @@ describe('User', function() {
           {hook: 'access', testFlag: true},
 
           // "before save" hook prepareForTokenInvalidation
-          // FIXME(bajtos) the hook should be forwarding the options too!
-          {hook: 'access'},
+          {hook: 'access', testFlag: true},
 
           // updateAttributes
           {hook: 'before save', testFlag: true},
@@ -2527,6 +2527,37 @@ describe('User', function() {
       });
     });
 
+    it('forwards the "options" argument', function(done) {
+      var options = {testFlag: true};
+      var observedOptions = [];
+
+      saveObservedOptionsForHook('access', User);
+      saveObservedOptionsForHook('before delete', AccessToken);
+
+      user.updateAttribute('password', 'newPass', options, function(err, updated) {
+        if (err) return done(err);
+
+        expect(observedOptions).to.eql([
+          // prepareForTokenInvalidation - load current instance data
+          {hook: 'access', testFlag: true},
+
+          // validate uniqueness of User.email
+          {hook: 'access', testFlag: true},
+
+          // _invalidateAccessTokensOfUsers - deleteAll
+          {hook: 'before delete', testFlag: true},
+        ]);
+        done();
+      });
+
+      function saveObservedOptionsForHook(name, model) {
+        model.observe(name, function(ctx, next) {
+          observedOptions.push(extend({hook: name}, ctx.options));
+          next();
+        });
+      }
+    });
+
     it('preserves other user sessions if their password is  untouched', function(done) {
       var user1, user2, user1Token;
       async.series([