Skip to content

fix: resolve customAccessToken warning error that causes app to crash #3934

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 29, 2018
Merged

fix: resolve customAccessToken warning error that causes app to crash #3934

merged 1 commit into from
Jun 29, 2018

Conversation

bajtos
Copy link
Member

@bajtos bajtos commented Jun 29, 2018

In the present implementation verifyUserRelations(Model) assumes that
Model.relations.accessTokens is always set, and as a result may
crash when trying to access polymorphic property of that relation.

It seems the intention is to check whether the the following conditions are met:

  1. a model has a hasMany accessTokens relation
  2. that relation is polymorphic

This commit fixes the problem by accounting for the case where the
accessTokens relation was not correctly set up.

This pull request supersedes #3921, which was opened against a wrong branch (3.x-latest).

/cc @ryanxwelch

@bajtos bajtos self-assigned this Jun 29, 2018
@bajtos bajtos mentioned this pull request Jun 29, 2018
Closed
@bajtos bajtos force-pushed the fix/crash-in-verifyUserRelations branch from c688f57 to 3c75260 Compare June 29, 2018 14:13
@ryanxwelch @bajtos
Fix crash in verifyUserRelations
9d77ba2 
In the present implementation `verifyUserRelations(Model)` assumes that
`Model.relations.accessTokens` is always set, and as a result may
crash when trying to access `polymorphic` property of that relation.

It seems the intention is to check whether the the following conditions
are met:
 1. a model has a hasMany accessTokens relation
 2. that relation is polymorphic

This commit fixes the problem by accounting for the case where the
accessTokens relation was not correctly set up.
@bajtos bajtos force-pushed the fix/crash-in-verifyUserRelations branch from 3c75260 to 9d77ba2 Compare June 29, 2018 14:14
@bajtos bajtos merged commit cd1b319 into master Jun 29, 2018
@bajtos bajtos deleted the fix/crash-in-verifyUserRelations branch June 29, 2018 15:18
@bajtos
Copy link
Member Author

bajtos commented Jun 29, 2018

Landed. Thank you @ryanxwelch for the contribution!

@mcitdev
Copy link
Contributor

mcitdev commented Jul 2, 2018
edited
Loading

Hi @bajtos, I think that the current fix works because of the merge of the settings of the child and the parent, more about merge settings in http://apidocs.loopback.io/loopback-datasource-juggler/#modelbuilder .

IMHO, the old version of the function was more accurate, because, what is certain is that the polymorphic relation comes from the child model (the polymorphic relation will be configured in the child model), so it makes more sense to test the relations of the child.

I think what should be used in this fix is ​​:

function verifyUserRelations(Model) {
    const hasManyTokens = Model.relations && Model.relations.accessTokens;

    // display a temp warning message for users using multiple users config
    if (hasManyTokens && hasManyTokens.polymorphic) { //  <---- the only change that should be done
      console.warn(
        'The app configuration follows the multiple user models setup ' +
          'as described in http://ibm.biz/setup-loopback-auth',
        'The built-in role resolver $owner is not currently compatible ' +
          'with this configuration and should not be used in production.');
    }

I think that is the only thing that should be changed in the old verifyUserRelations function to fix the issue.

@bajtos
Copy link
Member Author

bajtos commented Jul 2, 2018

@mcitdev thank you for investigating this problem further. Could you please open a pull request making the change you are suggesting?

@mcitdev mcitdev mentioned this pull request Jul 3, 2018
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@clark0x clark0x Awaiting requested review from clark0x

@ebarault ebarault Awaiting requested review from ebarault ebarault is a code owner

@fabien fabien Awaiting requested review from fabien fabien is a code owner

@zbarbuto zbarbuto Awaiting requested review from zbarbuto zbarbuto is a code owner

1 more reviewer

@virkt25 virkt25 virkt25 approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees

@bajtos bajtos

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@bajtos @mcitdev @virkt25 @ryanxwelch