verdnatura-mirror
/
loopback
mirror of https://github.com/strongloop/loopback.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3160 from strongloop/fix/token-invalidation-on-save 

Preserve sessions on User.save() making no changes
This commit is contained in:
Miroslav Bajtoš 2017-01-31 14:38:48 +01:00 committed by GitHub
parent c7e0a15a44 8f80aecc1f
commit dcb2f159ec
2 changed files with 16 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
common/models/user.js
View File

@ -863,10 +863,10 @@ module.exports = function(User) {
next(); next();
}); });
// Delete old sessions once email is updated User.observe('before save', function prepareForTokenInvalidation(ctx, next) {
User.observe('before save', function beforeEmailUpdate(ctx, next) {
if (ctx.isNewInstance) return next(); if (ctx.isNewInstance) return next();
if (!ctx.where && !ctx.instance) return next(); if (!ctx.where && !ctx.instance) return next();
var pkName = ctx.Model.definition.idName() || 'id'; var pkName = ctx.Model.definition.idName() || 'id';
var where = ctx.where; var where = ctx.where;
if (!where) { if (!where) {
@ -874,23 +874,13 @@ module.exports = function(User) {
where[pkName] = ctx.instance[pkName]; where[pkName] = ctx.instance[pkName];
} }
var isPartialUpdateChangingPassword = ctx.data && 'password' in ctx.data;
// Full replace of User instance => assume password change.
// HashPassword returns a different value for each invocation,
// therefore we cannot tell whether ctx.instance.password is the same
// or not.
var isFullReplaceChangingPassword = !!ctx.instance;
ctx.hookState.isPasswordChange = isPartialUpdateChangingPassword ||
isFullReplaceChangingPassword;
ctx.Model.find({where: where}, function(err, userInstances) { ctx.Model.find({where: where}, function(err, userInstances) {
if (err) return next(err); if (err) return next(err);
ctx.hookState.originalUserData = userInstances.map(function(u) { ctx.hookState.originalUserData = userInstances.map(function(u) {
var user = {}; var user = {};
user[pkName] = u[pkName]; user[pkName] = u[pkName];
user['email'] = u['email']; user.email = u.email;
user.password = u.password;
return user; return user;
}); });
var emailChanged; var emailChanged;
@ -912,18 +902,19 @@ module.exports = function(User) {
}); });
}); });
User.observe('after save', function afterEmailUpdate(ctx, next) { User.observe('after save', function invalidateOtherTokens(ctx, next) {
if (!ctx.instance && !ctx.data) return next(); if (!ctx.instance && !ctx.data) return next();
if (!ctx.hookState.originalUserData) return next(); if (!ctx.hookState.originalUserData) return next();
var pkName = ctx.Model.definition.idName() || 'id'; var pkName = ctx.Model.definition.idName() || 'id';
var newEmail = (ctx.instance || ctx.data).email; var newEmail = (ctx.instance || ctx.data).email;
var isPasswordChange = ctx.hookState.isPasswordChange; var newPassword = (ctx.instance || ctx.data).password;
if (!newEmail && !isPasswordChange) return next(); if (!newEmail && !newPassword) return next();
var userIdsToExpire = ctx.hookState.originalUserData.filter(function(u) { var userIdsToExpire = ctx.hookState.originalUserData.filter(function(u) {
return (newEmail && u.email !== newEmail) || isPasswordChange; return (newEmail && u.email !== newEmail) ||
(newPassword && u.password !== newPassword);
}).map(function(u) { }).map(function(u) {
return u[pkName]; return u[pkName];
}); });

7
test/user.test.js
View File

@ -2107,6 +2107,13 @@ describe('User', function() {
}); });
}); });
it('keeps sessions AS IS when calling save() with no changes', function(done) {
user.save(function(err) {
if (err) return done(err);
assertPreservedTokens(done);
});
});
it('keeps sessions AS IS if firstName is added using `updateOrCreate`', function(done) { it('keeps sessions AS IS if firstName is added using `updateOrCreate`', function(done) {
User.updateOrCreate({ User.updateOrCreate({
pk: user.pk, pk: user.pk,