From d4c74e74c4f22ee9d051866af03d20ab17d378a3 Mon Sep 17 00:00:00 2001 From: kirrg001 Date: Tue, 18 Jul 2017 16:15:29 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20=20fix=20unknown=20user=20id=20o?= =?UTF-8?q?n=20deactivated=20event?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit no issue - if you delete an active user, Ghost logs an error message (Ghost does not crash!) - but the event logic is not triggered, that means we don't delete the users tokens - token deletion happens on: suspend a user and delete a user --- core/server/models/base/listeners.js | 7 +++- core/test/functional/routes/api/users_spec.js | 32 +++++++++++++++++-- 2 files changed, 36 insertions(+), 3 deletions(-) diff --git a/core/server/models/base/listeners.js b/core/server/models/base/listeners.js index c32f58100f..57dc9110d3 100644 --- a/core/server/models/base/listeners.js +++ b/core/server/models/base/listeners.js @@ -20,9 +20,14 @@ events.on('token.added', function (tokenModel) { /** * WHEN user get's suspended (status=inactive), we delete his tokens to ensure * he can't login anymore + * + * NOTE: + * - this event get's triggered either on user update (suspended) or if an **active** user get's deleted. + * - if an active user get's deleted, we have to access the previous attributes, because this is how bookshelf works + * if you delete a user. */ events.on('user.deactivated', function (userModel) { - var options = {id: userModel.id}; + var options = {id: userModel.id || userModel.previousAttributes().id}; models.Accesstoken.destroyByUser(options) .then(function () { diff --git a/core/test/functional/routes/api/users_spec.js b/core/test/functional/routes/api/users_spec.js index afa6c6f7aa..6c762720c2 100644 --- a/core/test/functional/routes/api/users_spec.js +++ b/core/test/functional/routes/api/users_spec.js @@ -12,7 +12,7 @@ describe('User API', function () { authorAccessToken = '', editor, author, ghostServer, inactiveUser; - before(function (done) { + beforeEach(function (done) { // starting ghost automatically populates the db // TODO: prevent db init, and manage bringing up the DB with fixtures ourselves ghost().then(function (_ghostServer) { @@ -63,7 +63,7 @@ describe('User API', function () { }).catch(done); }); - after(function () { + afterEach(function () { return testUtils.clearData() .then(function () { return ghostServer.stop(); @@ -433,6 +433,34 @@ describe('User API', function () { }); }); }); + + describe('Destroy', function () { + it('[success] Destroy active user', function (done) { + request.delete(testUtils.API.getApiQuery('users/' + editor.id)) + .set('Authorization', 'Bearer ' + ownerAccessToken) + .expect(204) + .end(function (err) { + if (err) { + return done(err); + } + + done(); + }); + }); + + it('[failure] Destroy unknown user id', function (done) { + request.delete(testUtils.API.getApiQuery('users/' + ObjectId.generate())) + .set('Authorization', 'Bearer ' + ownerAccessToken) + .expect(403) + .end(function (err) { + if (err) { + return done(err); + } + + done(); + }); + }); + }); }); describe('As Editor', function () {