From 41b92d4647396be47b9395720577575842c326e1 Mon Sep 17 00:00:00 2001
From: Tim Alby <timothee.alby@gmail.com>
Date: Thu, 13 Sep 2018 17:31:35 +0100
Subject: [PATCH] prevent calls to UserGetter.getUser with null query

---
 services/web/app/coffee/Features/User/UserGetter.coffee   | 1 +
 services/web/test/unit/coffee/User/UserGetterTests.coffee | 5 +++++
 2 files changed, 6 insertions(+)

diff --git a/services/web/app/coffee/Features/User/UserGetter.coffee b/services/web/app/coffee/Features/User/UserGetter.coffee
index f3aa4ad4d6..202e1beed5 100644
--- a/services/web/app/coffee/Features/User/UserGetter.coffee
+++ b/services/web/app/coffee/Features/User/UserGetter.coffee
@@ -8,6 +8,7 @@ Errors = require("../Errors/Errors")
 
 module.exports = UserGetter =
 	getUser: (query, projection, callback = (error, user) ->) ->
+		return callback(new Error("no query provided")) unless query?
 		if query?.email?
 			return callback(new Error("Don't use getUser to find user by email"), null)
 		if arguments.length == 2
diff --git a/services/web/test/unit/coffee/User/UserGetterTests.coffee b/services/web/test/unit/coffee/User/UserGetterTests.coffee
index 79d9032283..c00dc0053a 100644
--- a/services/web/test/unit/coffee/User/UserGetterTests.coffee
+++ b/services/web/test/unit/coffee/User/UserGetterTests.coffee
@@ -48,6 +48,11 @@ describe "UserGetter", ->
 				error.should.exist
 				done()
 
+		it "should not allow null query", (done)->
+			@UserGetter.getUser null, {}, (error, user) =>
+				error.should.exist
+				done()
+
 	describe "getUserFullEmails", ->
 		it "should get user", (done)->
 			@UserGetter.getUser = sinon.stub().callsArgWith(2, null, @fakeUser)