mirror of
https://github.com/TryGhost/Ghost.git
synced 2025-01-06 22:40:14 -05:00
🐛 fix unknown user id on deactivated event
no issue - if you delete an active user, Ghost logs an error message (Ghost does not crash!) - but the event logic is not triggered, that means we don't delete the users tokens - token deletion happens on: suspend a user and delete a user
This commit is contained in:
parent
522bd02224
commit
d4c74e74c4
2 changed files with 36 additions and 3 deletions
|
@ -20,9 +20,14 @@ events.on('token.added', function (tokenModel) {
|
|||
/**
|
||||
* WHEN user get's suspended (status=inactive), we delete his tokens to ensure
|
||||
* he can't login anymore
|
||||
*
|
||||
* NOTE:
|
||||
* - this event get's triggered either on user update (suspended) or if an **active** user get's deleted.
|
||||
* - if an active user get's deleted, we have to access the previous attributes, because this is how bookshelf works
|
||||
* if you delete a user.
|
||||
*/
|
||||
events.on('user.deactivated', function (userModel) {
|
||||
var options = {id: userModel.id};
|
||||
var options = {id: userModel.id || userModel.previousAttributes().id};
|
||||
|
||||
models.Accesstoken.destroyByUser(options)
|
||||
.then(function () {
|
||||
|
|
|
@ -12,7 +12,7 @@ describe('User API', function () {
|
|||
authorAccessToken = '',
|
||||
editor, author, ghostServer, inactiveUser;
|
||||
|
||||
before(function (done) {
|
||||
beforeEach(function (done) {
|
||||
// starting ghost automatically populates the db
|
||||
// TODO: prevent db init, and manage bringing up the DB with fixtures ourselves
|
||||
ghost().then(function (_ghostServer) {
|
||||
|
@ -63,7 +63,7 @@ describe('User API', function () {
|
|||
}).catch(done);
|
||||
});
|
||||
|
||||
after(function () {
|
||||
afterEach(function () {
|
||||
return testUtils.clearData()
|
||||
.then(function () {
|
||||
return ghostServer.stop();
|
||||
|
@ -433,6 +433,34 @@ describe('User API', function () {
|
|||
});
|
||||
});
|
||||
});
|
||||
|
||||
describe('Destroy', function () {
|
||||
it('[success] Destroy active user', function (done) {
|
||||
request.delete(testUtils.API.getApiQuery('users/' + editor.id))
|
||||
.set('Authorization', 'Bearer ' + ownerAccessToken)
|
||||
.expect(204)
|
||||
.end(function (err) {
|
||||
if (err) {
|
||||
return done(err);
|
||||
}
|
||||
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('[failure] Destroy unknown user id', function (done) {
|
||||
request.delete(testUtils.API.getApiQuery('users/' + ObjectId.generate()))
|
||||
.set('Authorization', 'Bearer ' + ownerAccessToken)
|
||||
.expect(403)
|
||||
.end(function (err) {
|
||||
if (err) {
|
||||
return done(err);
|
||||
}
|
||||
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
describe('As Editor', function () {
|
||||
|
|
Loading…
Reference in a new issue