Validate non-email property partial update

loay · loay · commit bdeaf654fac1 · 2016-10-03T16:53:36.000-04:00
diff --git a/common/models/user.js b/common/models/user.js
@@ -681,7 +681,9 @@ module.exports = function(User) {
     UserModel.observe('after save', function afterEmailUpdate(ctx, next) {
       if (!ctx.Model.relations.accessTokens) return next();
       var AccessToken = ctx.Model.relations.accessTokens.modelTo;
+      if (!ctx.instance && !ctx.data) return next();
       var newEmail = (ctx.instance || ctx.data).email;
+      if (!newEmail) return next();
       if (!ctx.hookState.originalUserData) return next();
       var idsToExpire = ctx.hookState.originalUserData.filter(function(u) {
         return u.email !== newEmail;
diff --git a/test/user.test.js b/test/user.test.js
@@ -1972,6 +1972,43 @@ describe('User', function() {
         ], done);
       });
 
+      it('keeps sessions AS IS if non-email property is changed using updateAll', function(done) {
+        var userPartial;
+        async.series([
+          function createPartialUser(next) {
+            User.create(
+              { email: 'partial@example.com', password: 'pass1', age: 25 },
+              function(err, partialInstance) {
+                if (err) return next(err);
+                userPartial = partialInstance;
+                next();
+              });
+          },
+          function loginPartiallUser(next) {
+            User.login({ email: 'partial@example.com', password: 'pass1' }, function(err, ats) {
+              if (err) return next(err);
+              next();
+            });
+          },
+          function updatePartialUser(next) {
+            User.updateAll(
+              { id: userPartial.id },
+              { age: userPartial.age + 1 },
+              function(err, info) {
+                if (err) return next(err);
+                next();
+              });
+          },
+          function verifyTokensOfPartialUser(next) {
+            AccessToken.find({ where: { userId: userPartial.id }}, function(err, tokens1) {
+              if (err) return next(err);
+              expect(tokens1.length).to.equal(1);
+              next();
+            });
+          },
+        ], done);
+      });
+
       function assertPreservedToken(done) {
         AccessToken.find({ where: { userId: user.id }}, function(err, tokens) {
           if (err) return done(err);
