Fix beforeLogin trigger when user has a file (parse-community#6001)

davimacedo · web-flow · commit 6abfac3cd1a9 · 2019-08-29T19:07:39.000-07:00
* Fix beforeLogin trigger when user has a file

* Add test case
diff --git a/spec/CloudCode.spec.js b/spec/CloudCode.spec.js
@@ -1546,9 +1546,7 @@ describe('Cloud Code', () => {
 
       request({
         method: 'POST',
-        url: `http://${Parse.applicationId}:${
-          Parse.masterKey
-        }@localhost:8378/1/jobs/myJob`,
+        url: `http://${Parse.applicationId}:${Parse.masterKey}@localhost:8378/1/jobs/myJob`,
       }).then(
         () => {},
         err => {
@@ -2383,6 +2381,31 @@ describe('beforeLogin hook', () => {
     done();
   });
 
+  it('should be able to block login if an error is thrown even if the user has a attached file', async done => {
+    let hit = 0;
+    Parse.Cloud.beforeLogin(req => {
+      hit++;
+      if (req.object.get('isBanned')) {
+        throw new Error('banned account');
+      }
+    });
+
+    const user = await Parse.User.signUp('tupac', 'shakur');
+    const base64 = 'V29ya2luZyBhdCBQYXJzZSBpcyBncmVhdCE=';
+    const file = new Parse.File('myfile.txt', { base64 });
+    await file.save();
+    await user.save({ isBanned: true, file });
+
+    try {
+      await Parse.User.logIn('tupac', 'shakur');
+      throw new Error('should not have been logged in.');
+    } catch (e) {
+      expect(e.message).toBe('banned account');
+    }
+    expect(hit).toBe(1);
+    done();
+  });
+
   it('should not run beforeLogin with incorrect credentials', async done => {
     let hit = 0;
     Parse.Cloud.beforeLogin(req => {
diff --git a/src/Routers/UsersRouter.js b/src/Routers/UsersRouter.js
@@ -241,6 +241,8 @@ export class UsersRouter extends ClassesRouter {
     // Remove hidden properties.
     UsersRouter.removeHiddenProperties(user);
 
+    req.config.filesController.expandFilesInObject(req.config, user);
+
     // Before login trigger; throws if failure
     await maybeRunTrigger(
       TriggerTypes.beforeLogin,
@@ -261,8 +263,6 @@ export class UsersRouter extends ClassesRouter {
 
     user.sessionToken = sessionData.sessionToken;
 
-    req.config.filesController.expandFilesInObject(req.config, user);
-
     await createSession();
     return { response: user };
   }
