verdnatura-mirror
/
loopback
mirror of https://github.com/strongloop/loopback.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3693 from STRML/fix/falsy-principalid-2x 

fix(AccessContext): Tighten falsy userid/appid check
This commit is contained in:
Miroslav Bajtoš 2017-12-05 16:20:34 +01:00 committed by GitHub
parent 6e0e60c2a2 787f393c7c
commit e22b960d4e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 52 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/access-context.js
View File

@ -61,16 +61,16 @@ function AccessContext(context) {
var principalType = context.principalType || Principal.USER; var principalType = context.principalType || Principal.USER;
var principalId = context.principalId || undefined; var principalId = context.principalId || undefined;
var principalName = context.principalName || undefined; var principalName = context.principalName || undefined;
if (principalId) { if (principalId != null) {
this.addPrincipal(principalType, principalId, principalName); this.addPrincipal(principalType, principalId, principalName);
} }
var token = this.accessToken || {}; var token = this.accessToken || {};
if (token.userId) { if (token.userId != null) {
this.addPrincipal(Principal.USER, token.userId); this.addPrincipal(Principal.USER, token.userId);
} }
if (token.appId) { if (token.appId != null) {
this.addPrincipal(Principal.APPLICATION, token.appId); this.addPrincipal(Principal.APPLICATION, token.appId);
} }
this.remotingContext = context.remotingContext; this.remotingContext = context.remotingContext;
@ -151,7 +151,7 @@ AccessContext.prototype.getAppId = function() {
* @returns {boolean} * @returns {boolean}
*/ */
AccessContext.prototype.isAuthenticated = function() { AccessContext.prototype.isAuthenticated = function() {
return !!(this.getUserId() || this.getAppId()); return this.getUserId() != null || this.getAppId() != null;
}; };
/*! /*!

48
test/role.test.js
View File

@ -303,6 +303,54 @@ describe('role model', function() {
}); });
}); });
it('should be properly authenticated with 0 userId', function(done) {
User.create({ name: 'Raymond', email: 'x@y.com', password: 'foobar', id: 0 }, function(err, user) {
if (err) return done(err);
Role.create({ name: 'userRole' }, function(err, role) {
if (err) return done(err);
role.principals.create({ principalType: RoleMapping.USER, principalId: user.id },
function(err, p) {
if (err) return done(err);
async.series([
function(next) {
Role.isInRole(
'userRole',
{ principalType: RoleMapping.USER, principalId: user.id },
function(err, inRole) {
if (err) return next(err);
assert(!!inRole);
next();
});
},
function(next) {
Role.isInRole(
'userRole',
{ principalType: RoleMapping.APP, principalId: user.id },
function(err, inRole) {
if (err) return next(err);
assert(!inRole);
next();
});
},
function(next) {
Role.getRoles(
{ principalType: RoleMapping.USER, principalId: user.id },
function(err, roles) {
if (err) return next(err);
expect(roles).to.eql([
Role.AUTHENTICATED,
Role.EVERYONE,
role.id,
]);
next();
});
},
], done);
});
});
});
});
it('should support owner role resolver', function(done) { it('should support owner role resolver', function(done) {
Role.registerResolver('returnPromise', function(role, context) { Role.registerResolver('returnPromise', function(role, context) {
return new Promise(function(resolve) { return new Promise(function(resolve) {