(#4091) check if options.where is an acceptable POJO

lib/model.js

@@ -2285,6 +2285,10 @@ Model.prototype.destroy = function(options) {
     throw new Error('Missing where or truncate attribute in the options parameter of model.destroy.');
   }
 
+  if (!options.truncate && !_.isPlainObject(options.where) && !_.isArray(options.where) && options.where._isSequelizeMethod !== true) {
+    throw new Error('Expected plain object, array or sequelize method in the options.where parameter of model.destroy.');
+  }
+
   options = Utils._.extend({
     hooks: true,
     individualHooks: false,
@@ -2445,6 +2449,10 @@ Model.prototype.update = function(values, options) {
     throw new Error('Missing where attribute in the options parameter passed to update.');
   }
 
+  if (!_.isPlainObject(options.where) && !_.isArray(options.where) && options.where._isSequelizeMethod !== true) {
+    throw new Error('Expected plain object, array or sequelize method in the options.where parameter of model.update.');
+  }
+
   options = Utils._.extend({
     validate: true,
     hooks: true,

test/unit/model/destroy.test.js

@@ -19,37 +19,40 @@ describe(Support.getTestDialectTeaser('Model'), function() {
     });
 
     before(function () {
-      this.stubUpdate = sinon.stub(current.getQueryInterface(), 'bulkDelete', function () {
+      this.stubDelete = sinon.stub(current.getQueryInterface(), 'bulkDelete', function () {
         return Promise.resolve([]);
       });
     });
 
     beforeEach(function () {
-      this.options = {where: {secretValue: '1'}}
-      this.cloneOptions = _.clone(this.options);
-      this.stubUpdate.reset();
+      this.deloptions = {where: {secretValue: '1'}};
+      this.cloneOptions = _.clone(this.deloptions);
+      this.stubDelete.reset();
     });
 
     afterEach(function () {
-      delete this.options;
+      delete this.deloptions;
       delete this.cloneOptions;
     });
 
     after(function () {
-      this.stubUpdate.restore();
+      this.stubDelete.restore();
     });
 
     it('properly clones options', function() {
       var self = this;
-      return User.destroy(self.options).bind(this).then(function(e) {
-        expect(self.options).to.be.deep.eql(self.cloneOptions);
+      return User.destroy(self.deloptions).bind(this).then(function(e) {
+        expect(self.deloptions).to.be.deep.eql(self.cloneOptions);
       });
     });
 
     it('can detect complexe objects', function() {
-      var self = this;
-      var where = function () { this.secretValue = '1'; }
-      return expect(User.destroy({where:new where})).to.eventually.be.rejectedWith(Error);
+      var Where = function () { this.secretValue = '1'; };
+
+      expect(function () {
+        User.destroy({where: new Where()});
+      }).to.throw();
+
     });
   });
 });

test/unit/model/update.test.js

@@ -57,8 +57,12 @@ describe(Support.getTestDialectTeaser('Model'), function() {
 
     it('can detect complexe objects', function() {
       var self = this;
-      var where = function () { this.secretValue = '1'; }
-      return expect(User.update(self.updates, {where:new where})).to.eventually.be.rejectedWith(Error);
+      var Where = function () { this.secretValue = '1'; };
+
+      expect(function () {
+        User.update(self.updates, {where:new Where()});
+      }).to.throw();
+
     });
   });
 });