(#4091) check if options.where is an acceptable POJO

Sushant
Commit 5dd5e303 authored Mar 02, 2016 by Sushant
Showing with 28 additions and 13 deletions
lib/model.js
test/unit/model/destroy.test.js
test/unit/model/update.test.js
--- a/lib/model.js
+++ b/lib/model.js
@@ -2285,6 +2285,10 @@ Model.prototype.destroy = function(options) {
    throw new Error('Missing where or truncate attribute in the options parameter of model.destroy.');
  }
+  if (!options.truncate && !_.isPlainObject(options.where) && !_.isArray(options.where) && options.where._isSequelizeMethod !== true) {
+    throw new Error('Expected plain object, array or sequelize method in the options.where parameter of model.destroy.');
+  }
  options = Utils._.extend({
    hooks: true,
    individualHooks: false,
@@ -2445,6 +2449,10 @@ Model.prototype.update = function(values, options) {
    throw new Error('Missing where attribute in the options parameter passed to update.');
  }
+  if (!_.isPlainObject(options.where) && !_.isArray(options.where) && options.where._isSequelizeMethod !== true) {
+    throw new Error('Expected plain object, array or sequelize method in the options.where parameter of model.update.');
+  }
  options = Utils._.extend({
    validate: true,
    hooks: true,

--- a/test/unit/model/destroy.test.js
+++ b/test/unit/model/destroy.test.js
@@ -19,37 +19,40 @@ describe(Support.getTestDialectTeaser('Model'), function() {
    });
    before(function () {
-      this.stubUpdate = sinon.stub(current.getQueryInterface(), 'bulkDelete', function () {
+      this.stubDelete = sinon.stub(current.getQueryInterface(), 'bulkDelete', function () {
        return Promise.resolve([]);
      });
    });
    beforeEach(function () {
-      this.options = {where: {secretValue: '1'}}
+      this.deloptions = {where: {secretValue: '1'}};
-      this.cloneOptions = _.clone(this.options);
+      this.cloneOptions = _.clone(this.deloptions);
-      this.stubUpdate.reset();
+      this.stubDelete.reset();
    });
    afterEach(function () {
-      delete this.options;
+      delete this.deloptions;
      delete this.cloneOptions;
    });
    after(function () {
-      this.stubUpdate.restore();
+      this.stubDelete.restore();
    });
    it('properly clones options', function() {
      var self = this;
-      return User.destroy(self.options).bind(this).then(function(e) {
+      return User.destroy(self.deloptions).bind(this).then(function(e) {
-        expect(self.options).to.be.deep.eql(self.cloneOptions);
+        expect(self.deloptions).to.be.deep.eql(self.cloneOptions);
      });
    });
    it('can detect complexe objects', function() {
-      var self = this;
+      var Where = function () { this.secretValue = '1'; };
-      var where = function () { this.secretValue = '1'; }
-      return expect(User.destroy({where:new where})).to.eventually.be.rejectedWith(Error);
+      expect(function () {
+        User.destroy({where: new Where()});
+      }).to.throw();
    });
  });
 });
--- a/test/unit/model/update.test.js
+++ b/test/unit/model/update.test.js
@@ -57,8 +57,12 @@ describe(Support.getTestDialectTeaser('Model'), function() {
    it('can detect complexe objects', function() {
      var self = this;
-      var where = function () { this.secretValue = '1'; }
+      var Where = function () { this.secretValue = '1'; };
-      return expect(User.update(self.updates, {where:new where})).to.eventually.be.rejectedWith(Error);
+      expect(function () {
+        User.update(self.updates, {where:new Where()});
+      }).to.throw();
    });
  });
 });