verdnatura-mirror
/
loopback
mirror of https://github.com/strongloop/loopback.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix(AccessContext): Tighten userid/appid checks 

An application may have a use for a falsy ID.
This commit is contained in:
Samuel Reed 2017-11-15 12:49:13 -06:00
parent 0bac0a933f
commit b362776e73
No known key found for this signature in database
GPG Key ID: 011E698EE329F38B
2 changed files with 53 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
lib/access-context.js
View File

@ -80,17 +80,16 @@ function AccessContext(context) {
var principalType = context.principalType || Principal.USER; var principalType = context.principalType || Principal.USER;
var principalId = context.principalId || undefined; var principalId = context.principalId || undefined;
var principalName = context.principalName || undefined; var principalName = context.principalName || undefined;
if (principalId != null) {
if (principalId) {
this.addPrincipal(principalType, principalId, principalName); this.addPrincipal(principalType, principalId, principalName);
} }
var token = this.accessToken || {}; var token = this.accessToken || {};
if (token.userId) { if (token.userId != null) {
this.addPrincipal(Principal.USER, token.userId); this.addPrincipal(Principal.USER, token.userId);
} }
if (token.appId) { if (token.appId != null) {
this.addPrincipal(Principal.APPLICATION, token.appId); this.addPrincipal(Principal.APPLICATION, token.appId);
} }
this.remotingContext = context.remotingContext; this.remotingContext = context.remotingContext;
@ -193,7 +192,7 @@ AccessContext.prototype.getAppId = function() {
* @returns {boolean} * @returns {boolean}
*/ */
AccessContext.prototype.isAuthenticated = function() { AccessContext.prototype.isAuthenticated = function() {
return !!(this.getUserId() || this.getAppId()); return this.getUserId() != null || this.getAppId() != null;
}; };
/** /**

49
test/role.test.js
View File

@ -364,6 +364,55 @@ describe('role model', function() {
}); });
}); });
it('should be properly authenticated with 0 userId', function(done) {
var userData = {name: 'Raymond', email: 'x@y.com', password: 'foobar', id: 0};
User.create(userData, function(err, user) {
if (err) return done(err);
Role.create({name: 'userRole'}, function(err, role) {
if (err) return done(err);
role.principals.create({principalType: RoleMapping.USER, principalId: user.id},
function(err, p) {
if (err) return done(err);
async.series([
function(next) {
Role.isInRole(
'userRole',
{principalType: RoleMapping.USER, principalId: user.id},
function(err, inRole) {
if (err) return next(err);
assert(!!inRole);
next();
});
},
function(next) {
Role.isInRole(
'userRole',
{principalType: RoleMapping.APP, principalId: user.id},
function(err, inRole) {
if (err) return next(err);
assert(!inRole);
next();
});
},
function(next) {
Role.getRoles(
{principalType: RoleMapping.USER, principalId: user.id},
function(err, roles) {
if (err) return next(err);
expect(roles).to.eql([
Role.AUTHENTICATED,
Role.EVERYONE,
role.id,
]);
next();
});
},
], done);
});
});
});
});
// this test should be split to address one resolver at a time // this test should be split to address one resolver at a time
it('supports built-in role resolvers', function(done) { it('supports built-in role resolvers', function(done) {
Role.registerResolver('returnPromise', function(role, context) { Role.registerResolver('returnPromise', function(role, context) {