github/overleaf
1
0
Fork 0
mirror of https://github.com/overleaf/overleaf.git synced 2024-11-21 20:47:08 -05:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #922 from sharelatex/ta-forbid-null-query

Browse source 
Prevent Calls to UserGetter.getUser with Null Query
This commit is contained in:
Timothée Alby 2018-09-18 12:24:19 +01:00 committed by GitHub
commit b6925647ef
2 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
services/web/app/coffee/Features/User/UserGetter.coffee
View file

@ -8,6 +8,7 @@ Errors = require("../Errors/Errors")
module.exports = UserGetter = module.exports = UserGetter =
getUser: (query, projection, callback = (error, user) ->) -> getUser: (query, projection, callback = (error, user) ->) ->
return callback(new Error("no query provided")) unless query?
if query?.email? if query?.email?
return callback(new Error("Don't use getUser to find user by email"), null) return callback(new Error("Don't use getUser to find user by email"), null)
if arguments.length == 2 if arguments.length == 2

5
services/web/test/unit/coffee/User/UserGetterTests.coffee
View file

@ -48,6 +48,11 @@ describe "UserGetter", ->
error.should.exist error.should.exist
done() done()
it "should not allow null query", (done)->
@UserGetter.getUser null, {}, (error, user) =>
error.should.exist
done()
describe "getUserFullEmails", -> describe "getUserFullEmails", ->
it "should get user", (done)-> it "should get user", (done)->
@UserGetter.getUser = sinon.stub().callsArgWith(2, null, @fakeUser) @UserGetter.getUser = sinon.stub().callsArgWith(2, null, @fakeUser)