Skip to content

Commit

Permalink
Merge pull request strongloop#3720 from STRML/fix/falsy-id-3.x
Browse files Browse the repository at this point in the history
Fix handling of falsy model ids
  • Loading branch information
bajtos authored Dec 8, 2017
2 parents 1babfcd + 2bfd67c commit 3bf84ba
Show file tree
Hide file tree
Showing 4 changed files with 66 additions and 9 deletions.
9 changes: 4 additions & 5 deletions lib/access-context.js
Original file line number Diff line number Diff line change
Expand Up @@ -80,17 +80,16 @@ function AccessContext(context) {
var principalType = context.principalType || Principal.USER;
var principalId = context.principalId || undefined;
var principalName = context.principalName || undefined;

if (principalId) {
if (principalId != null) {
this.addPrincipal(principalType, principalId, principalName);
}

var token = this.accessToken || {};

if (token.userId) {
if (token.userId != null) {
this.addPrincipal(Principal.USER, token.userId);
}
if (token.appId) {
if (token.appId != null) {
this.addPrincipal(Principal.APPLICATION, token.appId);
}
this.remotingContext = context.remotingContext;
Expand Down Expand Up @@ -193,7 +192,7 @@ AccessContext.prototype.getAppId = function() {
* @returns {boolean}
*/
AccessContext.prototype.isAuthenticated = function() {
return !!(this.getUserId() || this.getAppId());
return this.getUserId() != null || this.getAppId() != null;
};

/**
Expand Down
4 changes: 2 additions & 2 deletions lib/model.js
Original file line number Diff line number Diff line change
Expand Up @@ -161,13 +161,13 @@ module.exports = function(registry) {
}
}

if (id && data) {
if (id != null && data) {
var model = new ModelCtor(data);
model.id = id;
fn(null, model);
} else if (data) {
fn(null, new ModelCtor(data));
} else if (id) {
} else if (id != null) {
var filter = {};
ModelCtor.findById(id, filter, options, function(err, model) {
if (err) {
Expand Down
4 changes: 2 additions & 2 deletions lib/persisted-model.js
Original file line number Diff line number Diff line change
Expand Up @@ -1710,7 +1710,7 @@ module.exports = function(registry) {
ctx.instance, ctx.currentInstance, ctx.where, ctx.data);
}

if (id) {
if (id != null) {
ctx.Model.rectifyChange(id, reportErrorAndNext);
} else {
ctx.Model.rectifyAllChanges(reportErrorAndNext);
Expand All @@ -1734,7 +1734,7 @@ module.exports = function(registry) {
debug('context instance:%j where:%j', ctx.instance, ctx.where);
}

if (id) {
if (id != null) {
ctx.Model.rectifyChange(id, reportErrorAndNext);
} else {
ctx.Model.rectifyAllChanges(reportErrorAndNext);
Expand Down
58 changes: 58 additions & 0 deletions test/role.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -364,6 +364,64 @@ describe('role model', function() {
});
});

it.only('should be properly authenticated with 0 userId', function(done) {
var userData = {name: 'Raymond', email: 'x@y.com', password: 'foobar', id: 0};
var TestUser = app.registry.createModel({
name: 'TestUser',
base: 'User',
// forceId is set to false so we can create a user with a known ID,
// in this case 0 - which used to fail the falsy checks.
forceId: false,
});
app.model(TestUser, {dataSource: 'db'});

TestUser.create(userData, function(err, user) {
if (err) return done(err);
Role.create({name: 'userRole'}, function(err, role) {
if (err) return done(err);
role.principals.create({principalType: RoleMapping.USER, principalId: user.id},
function(err, p) {
if (err) return done(err);
async.series([
function(next) {
Role.isInRole(
'userRole',
{principalType: RoleMapping.USER, principalId: user.id},
function(err, inRole) {
if (err) return next(err);
assert(!!inRole);
next();
});
},
function(next) {
Role.isInRole(
'userRole',
{principalType: RoleMapping.APP, principalId: user.id},
function(err, inRole) {
if (err) return next(err);
assert(!inRole);
next();
});
},
function(next) {
Role.getRoles(
{principalType: RoleMapping.USER, principalId: user.id},
function(err, roles) {
if (err) return next(err);
expect(roles).to.eql([
Role.AUTHENTICATED,
Role.EVERYONE,
role.id,
]);
next();
});
},
], done);
});
});
});
});

// this test should be split to address one resolver at a time
it('supports built-in role resolvers', function(done) {
Role.registerResolver('returnPromise', function(role, context) {
Expand Down

0 comments on commit 3bf84ba

Please sign in to comment.