Skip to content

Commit

Permalink
fix(putUser): ensure reserved words are enforced in metadata
Browse files Browse the repository at this point in the history
BREAKING CHANGE: In both signUp and putUser, '_id', '_rev', 'name',
'type', 'roles', 'password', 'password_scheme', 'iterations',
'derived_key', 'salt' are now all reserved words, and 'metadata' is
not a reserved word anymore.
  • Loading branch information
ptitjes committed Nov 17, 2017
1 parent 67b68a9 commit b1ea26a
Show file tree
Hide file tree
Showing 2 changed files with 84 additions and 7 deletions.
20 changes: 15 additions & 5 deletions src/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -22,13 +22,23 @@ function wrapError(callback) {
}

function putUser(db, user, opts, callback) {
var reservedWords = ['name', 'password', 'roles', 'type', 'salt', 'metadata'];
var reservedWords = [
'_id',
'_rev',
'name',
'type',
'roles',
'password',
'password_scheme',
'iterations',
'derived_key',
'salt'
];

if (opts.metadata) {
for (var key in opts.metadata) {
if (opts.hasOwnProperty(key)) {
if (reservedWords.indexOf(key) !== -1 || key.startsWith('_')) {
return callback(new AuthError('cannot use reserved word in metadata: "' + key + '"'));
}
if (opts.metadata.hasOwnProperty(key) && reservedWords.indexOf(key) !== -1) {
return callback(new AuthError('cannot use reserved word in metadata: "' + key + '"'));
}
}
user = assign(user, opts.metadata);
Expand Down
71 changes: 69 additions & 2 deletions test/test.js
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,8 @@ testCases.forEach(function (testCase) {
describe('authentication-' + testCase, function () {

var dbName = testCase === 'normal' ?
'http://localhost:5984/testdb' :
'http://localhost:5984/testdb/'; // trailing slash
'http://localhost:5984/testdb' :
'http://localhost:5984/testdb/'; // trailing slash

var db;

Expand Down Expand Up @@ -141,6 +141,73 @@ testCases.forEach(function (testCase) {
});
});

var reservedWords = [
'_id',
'_rev',
'name',
'type',
'roles',
'password',
'password_scheme',
'iterations',
'derived_key',
'salt'
];

reservedWords.forEach(function (key) {
it('Test changing metadata using reserved word "' + key + '"', function () {
return db.signup('robin', 'dickgrayson').then(function (res) {
res.ok.should.equal(true);
return db.login('robin', 'dickgrayson');
}).then(function () {
return db.getUser('robin').then(function (user) {
var metadata = {};
metadata[key] = 'test';
return db.putUser('robin', {metadata: metadata}).then(function (res) {
res.ok.should.not.equal(true);
}).catch(function (err) {
should.exist(err);
err.status.should.equal(400);
err.name.should.equal('authentication_error');
err.message.should.equal('cannot use reserved word in metadata: "' + key + '"');
err.error.should.equal(true);

if (key === 'password') {
return db.login('robin', 'dickgrayson').then(function (res) {
res.ok.should.equal(true);
}).catch(function (err) {
should.not.exist(err);
});
} else {
return db.getUser('robin').then(function (changedUser) {
changedUser[key].should.deep.equal(user[key]);
}).catch(function (err) {
should.not.exist(err);
});
}
});
});
});
});
});

it('Test changing metadata using non-reserved word "metadata"', function () {
var metadata = {test: 'test'};
return db.signup('robin', 'dickgrayson').then(function (res) {
res.ok.should.equal(true);
return db.login('robin', 'dickgrayson');
}).then(function () {
return db.putUser('robin', {metadata: {metadata: metadata}});
}).then(function (res) {
res.ok.should.equal(true);
return db.getUser('robin');
}).then(function (changedUser) {
changedUser.metadata.should.deep.equal(metadata);
}).catch(function (err) {
should.not.exist(err);
});
});

it('Test wrong user for getUser', function () {
return db.signup('robin', 'dickgrayson').then(function (res) {
return db.signup('aquaman', 'sleeps_with_fishes');
Expand Down

0 comments on commit b1ea26a

Please sign in to comment.