fix(AccessContext): Tighten userid/appid checks

An application may have a use for a falsy ID.
2017-11-15 12:49:13 -06:00 · 2017-11-15 12:49:13 -06:00 · b362776e73
parent 0bac0a933f
commit b362776e73
2 changed files with 53 additions and 5 deletions
--- a/lib/access-context.js
+++ b/lib/access-context.js
@ -80,17 +80,16 @@ function AccessContext(context) {
  var principalType = context.principalType || Principal.USER;
  var principalId = context.principalId || undefined;
  var principalName = context.principalName || undefined;
-
-  if (principalId) {
+  if (principalId != null) {
    this.addPrincipal(principalType, principalId, principalName);
  }

  var token = this.accessToken || {};

-  if (token.userId) {
+  if (token.userId != null) {
    this.addPrincipal(Principal.USER, token.userId);
  }
-  if (token.appId) {
+  if (token.appId != null) {
    this.addPrincipal(Principal.APPLICATION, token.appId);
  }
  this.remotingContext = context.remotingContext;
@ -193,7 +192,7 @@ AccessContext.prototype.getAppId = function() {
 * @returns {boolean}
 */
 AccessContext.prototype.isAuthenticated = function() {
-  return !!(this.getUserId() || this.getAppId());
+  return this.getUserId() != null || this.getAppId() != null;
 };

 /**
--- a/test/role.test.js
+++ b/test/role.test.js
@ -364,6 +364,55 @@ describe('role model', function() {
    });
  });

+  it('should be properly authenticated with 0 userId', function(done) {
+    var userData = {name: 'Raymond', email: 'x@y.com', password: 'foobar', id: 0};
+    User.create(userData, function(err, user) {
+      if (err) return done(err);
+      Role.create({name: 'userRole'}, function(err, role) {
+        if (err) return done(err);
+        role.principals.create({principalType: RoleMapping.USER, principalId: user.id},
+        function(err, p) {
+          if (err) return done(err);
+          async.series([
+            function(next) {
+              Role.isInRole(
+                'userRole',
+                {principalType: RoleMapping.USER, principalId: user.id},
+                function(err, inRole) {
+                  if (err) return next(err);
+                  assert(!!inRole);
+                  next();
+                });
+            },
+            function(next) {
+              Role.isInRole(
+                'userRole',
+                {principalType: RoleMapping.APP, principalId: user.id},
+                function(err, inRole) {
+                  if (err) return next(err);
+                  assert(!inRole);
+                  next();
+                });
+            },
+            function(next) {
+              Role.getRoles(
+                {principalType: RoleMapping.USER, principalId: user.id},
+                function(err, roles) {
+                  if (err) return next(err);
+                  expect(roles).to.eql([
+                    Role.AUTHENTICATED,
+                    Role.EVERYONE,
+                    role.id,
+                  ]);
+                  next();
+                });
+            },
+          ], done);
+        });
+      });
+    });
+  });
+
  // this test should be split to address one resolver at a time
  it('supports built-in role resolvers', function(done) {
    Role.registerResolver('returnPromise', function(role, context) {