Skip to content

Commit a7da8ee

Browse files
author
Raymond Feng
committed
Set disableInclude for User->AccessToken relation
See #386
1 parent 5158df8 commit a7da8ee

File tree

9 files changed

+209
-4
lines changed

9 files changed

+209
-4
lines changed

common/models/user.json

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -90,7 +90,10 @@
9090
"accessTokens": {
9191
"type": "hasMany",
9292
"model": "AccessToken",
93-
"foreignKey": "userId"
93+
"foreignKey": "userId",
94+
"options": {
95+
"disableInclude": true
96+
}
9497
}
9598
}
9699
}

test/fixtures/access-control/app.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
{
22
"port": 3000,
3-
"host": "0.0.0.0"
3+
"host": "0.0.0.0",
4+
"legacyExplorer": false
45
}

test/fixtures/simple-app/app.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
{
22
"port": 3000,
3-
"host": "127.0.0.1"
3+
"host": "127.0.0.1",
4+
"legacyExplorer": false
45
}

test/fixtures/simple-integration-app/app.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,5 +10,6 @@
1010
"urlencoded": {
1111
"limit": "8kb"
1212
}
13-
}
13+
},
14+
"legacyExplorer": false
1415
}
Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
var loopback = require('../../../');
2+
var boot = require('loopback-boot');
3+
var path = require('path');
4+
var app = module.exports = loopback();
5+
app.enableAuth();
6+
boot(app, __dirname);
7+
app.use(loopback.favicon());
8+
app.use(loopback.cookieParser({secret: app.get('cookieSecret')}));
9+
app.use(loopback.token({model: app.models.myAccessToken}));
10+
var apiPath = '/api';
11+
app.use(apiPath, loopback.rest());
12+
app.use(loopback.static(path.join(__dirname, 'public')));
13+
app.use(loopback.urlNotFound());
14+
app.use(loopback.errorHandler());
Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
{
2+
"port": 3000,
3+
"host": "0.0.0.0",
4+
"cookieSecret": "2d13a01d-44fb-455c-80cb-db9cb3cd3cd0",
5+
"remoting": {
6+
"json": {
7+
"limit": "1kb",
8+
"strict": false
9+
},
10+
"urlencoded": {
11+
"limit": "8kb"
12+
}
13+
},
14+
"legacyExplorer": false
15+
}
Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
{
2+
"db": {
3+
"defaultForType": "db",
4+
"connector": "memory"
5+
},
6+
"mail": {
7+
"defaultForType": "mail",
8+
"connector": "mail"
9+
}
10+
}
Lines changed: 71 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,71 @@
1+
{
2+
"email": {
3+
"dataSource": "mail",
4+
"public": false,
5+
"options": {
6+
"base": "Email"
7+
}
8+
},
9+
"myUser": {
10+
"dataSource": "db",
11+
"public": true,
12+
"options": {
13+
"base": "User",
14+
"relations": {
15+
"accessTokens": {
16+
"model": "myAccessToken",
17+
"type": "hasMany",
18+
"foreignKey": "userId",
19+
"options": {
20+
"disableInclude": true
21+
}
22+
},
23+
"blogs": {
24+
"model": "blog",
25+
"type": "hasMany",
26+
"foreignKey": "userId"
27+
}
28+
},
29+
"acls": [
30+
{
31+
"permission": "ALLOW",
32+
"principalType": "ROLE",
33+
"principalId": "$owner"
34+
}
35+
]
36+
}
37+
},
38+
"myAccessToken": {
39+
"dataSource": "db",
40+
"public": true,
41+
"options": {
42+
"base": "AccessToken",
43+
"relations": {
44+
"user": {
45+
"model": "myUser",
46+
"type": "belongsTo",
47+
"foreignKey": "userId"
48+
}
49+
}
50+
}
51+
},
52+
"blog": {
53+
"base": "PersistedModel",
54+
"dataSource": "db",
55+
"public": true,
56+
"properties": {
57+
"title": {
58+
"type": "string"
59+
},
60+
"content": {
61+
"type": "string"
62+
}
63+
},
64+
"relations": {
65+
"user": {
66+
"type": "belongsTo",
67+
"model": "myUser"
68+
}
69+
}
70+
}
71+
}

test/user.integration.js

Lines changed: 89 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,89 @@
1+
/*jshint -W030 */
2+
3+
var loopback = require('../');
4+
var lt = require('loopback-testing');
5+
var path = require('path');
6+
var SIMPLE_APP = path.join(__dirname, 'fixtures', 'user-integration-app');
7+
var app = require(path.join(SIMPLE_APP, 'app.js'));
8+
var expect = require('chai').expect;
9+
10+
describe('users - integration', function() {
11+
12+
lt.beforeEach.withApp(app);
13+
14+
before(function(done) {
15+
app.models.myUser.destroyAll(function(err) {
16+
if (err) return done(err);
17+
app.models.blog.destroyAll(done);
18+
});
19+
});
20+
21+
after(function(done) {
22+
app.models.blog.destroyAll(done);
23+
});
24+
25+
var userId;
26+
var accessToken;
27+
28+
it('should create a new user', function(done) {
29+
var url = '/api/myUsers';
30+
31+
this.post(url)
32+
.send({username: 'x', email: '[email protected]', password: 'x'})
33+
.expect(200, function(err, res) {
34+
if (err) {
35+
return done(err);
36+
}
37+
expect(res.body.id).to.exist;
38+
userId = res.body.id;
39+
done();
40+
});
41+
});
42+
43+
it('should log into the user', function(done) {
44+
var url = '/api/myUsers/login';
45+
46+
this.post(url)
47+
.send({username: 'x', email: '[email protected]', password: 'x'})
48+
.expect(200, function(err, res) {
49+
if (err) {
50+
return done(err);
51+
}
52+
expect(res.body.id).to.exist;
53+
accessToken = res.body.id;
54+
done();
55+
});
56+
});
57+
58+
it('should create blog for a given user', function(done) {
59+
var url = '/api/myUsers/' + userId + '/blogs?access_token=' + accessToken;
60+
this.post(url)
61+
.send({title: 'T1', content: 'C1'})
62+
.expect(200, function(err, res) {
63+
if (err) {
64+
console.error(err);
65+
return done(err);
66+
}
67+
expect(res.body.title).to.be.eql('T1');
68+
expect(res.body.content).to.be.eql('C1');
69+
expect(res.body.userId).to.be.eql(userId);
70+
done();
71+
});
72+
});
73+
74+
it('should prevent access tokens from being included', function(done) {
75+
var url = '/api/blogs?filter={"include":{"user":"accessTokens"}}';
76+
this.get(url)
77+
.expect(200, function(err, res) {
78+
if (err) {
79+
return done(err);
80+
}
81+
expect(res.body).to.have.property('length', 1);
82+
var blog = res.body[0];
83+
expect(blog.user).to.have.property('username', 'x');
84+
expect(blog.user).to.not.have.property('accessTokens');
85+
done();
86+
});
87+
});
88+
89+
});

0 commit comments

Comments
 (0)