Merge pull request #3160 from strongloop/fix/token-invalidation-on-save
Preserve sessions on User.save() making no changes
This commit is contained in:
Miroslav Bajtoš
GitHub
commit
dcb2f159ec
|
|
@ -863,10 +863,10 @@ module.exports = function(User) {
|
|||
next();
|
||||
});
|
||||
|
||||
// Delete old sessions once email is updated
|
||||
User.observe('before save', function beforeEmailUpdate(ctx, next) {
|
||||
User.observe('before save', function prepareForTokenInvalidation(ctx, next) {
|
||||
if (ctx.isNewInstance) return next();
|
||||
if (!ctx.where && !ctx.instance) return next();
|
||||
|
||||
var pkName = ctx.Model.definition.idName() || 'id';
|
||||
var where = ctx.where;
|
||||
if (!where) {
|
||||
|
|
@ -874,23 +874,13 @@ module.exports = function(User) {
|
|||
where[pkName] = ctx.instance[pkName];
|
||||
}
|
||||
|
||||
var isPartialUpdateChangingPassword = ctx.data && 'password' in ctx.data;
|
||||
|
||||
// Full replace of User instance => assume password change.
|
||||
// HashPassword returns a different value for each invocation,
|
||||
// therefore we cannot tell whether ctx.instance.password is the same
|
||||
// or not.
|
||||
var isFullReplaceChangingPassword = !!ctx.instance;
|
||||
|
||||
ctx.hookState.isPasswordChange = isPartialUpdateChangingPassword ||
|
||||
isFullReplaceChangingPassword;
|
||||
|
||||
ctx.Model.find({where: where}, function(err, userInstances) {
|
||||
if (err) return next(err);
|
||||
ctx.hookState.originalUserData = userInstances.map(function(u) {
|
||||
var user = {};
|
||||
user[pkName] = u[pkName];
|
||||
user['email'] = u['email'];
|
||||
user.email = u.email;
|
||||
user.password = u.password;
|
||||
return user;
|
||||
});
|
||||
var emailChanged;
|
||||
|
|
@ -912,18 +902,19 @@ module.exports = function(User) {
|
|||
});
|
||||
});
|
||||
|
||||
User.observe('after save', function afterEmailUpdate(ctx, next) {
|
||||
User.observe('after save', function invalidateOtherTokens(ctx, next) {
|
||||
if (!ctx.instance && !ctx.data) return next();
|
||||
if (!ctx.hookState.originalUserData) return next();
|
||||
|
||||
var pkName = ctx.Model.definition.idName() || 'id';
|
||||
var newEmail = (ctx.instance || ctx.data).email;
|
||||
var isPasswordChange = ctx.hookState.isPasswordChange;
|
||||
var newPassword = (ctx.instance || ctx.data).password;
|
||||
|
||||
if (!newEmail && !isPasswordChange) return next();
|
||||
if (!newEmail && !newPassword) return next();
|
||||
|
||||
var userIdsToExpire = ctx.hookState.originalUserData.filter(function(u) {
|
||||
return (newEmail && u.email !== newEmail) || isPasswordChange;
|
||||
return (newEmail && u.email !== newEmail) ||
|
||||
(newPassword && u.password !== newPassword);
|
||||
}).map(function(u) {
|
||||
return u[pkName];
|
||||
});
|
||||
|
|
|
|||
|
|
@ -2107,6 +2107,13 @@ describe('User', function() {
|
|||
});
|
||||
});
|
||||
|
||||
it('keeps sessions AS IS when calling save() with no changes', function(done) {
|
||||
user.save(function(err) {
|
||||
if (err) return done(err);
|
||||
assertPreservedTokens(done);
|
||||
});
|
||||
});
|
||||
|
||||
it('keeps sessions AS IS if firstName is added using `updateOrCreate`', function(done) {
|
||||
User.updateOrCreate({
|
||||
pk: user.pk,
|
||||
|
|
|
|||
Loading…
Reference in New Issue