fix: throw on undefined where parameters (#10048)

Sushant · GitHub
Commit 7fd6d730 authored Oct 20, 2018 by Sushant Committed by GitHub Oct 20, 2018
Showing with 19 additions and 24 deletions
lib/dialects/abstract/query-generator.js
test/integration/model.test.js
test/integration/model/create.test.js
test/integration/model/findAll.test.js
test/unit/sql/delete.test.js
test/unit/sql/where.test.js
--- a/lib/dialects/abstract/query-generator.js
+++ b/lib/dialects/abstract/query-generator.js
@@ -15,7 +15,6 @@ const Association = require('../../associations/base');
 const BelongsTo = require('../../associations/belongs-to');
 const BelongsToMany = require('../../associations/belongs-to-many');
 const HasMany = require('../../associations/has-many');
-const QueryTypes = require('../../query-types');
 const Op = require('../../operators');
 const sequelizeError = require('../../errors');
@@ -2080,16 +2079,11 @@ class QueryGenerator {
    return items.length && items.filter(item => item && item.length).join(binding) || '';
  }
-  whereItemQuery(key, value, options) {
+  whereItemQuery(key, value, options = {}) {
-    options = options || {};
    if (value === undefined) {
-      // protection from stuff like User.delete({where: {id: undefined}})
+      throw new Error(`WHERE parameter "${key}" has invalid "undefined" value`);
-      if ([QueryTypes.BULKDELETE, QueryTypes.BULKUPDATE].includes(options.type)) {
-        throw new Error(`WHERE parameter "${key}" of ${options.type} query has value of undefined`);
-      }
-      // for other query types, ignore all where parameters with undefined value
-      return;
    }
    if (typeof key === 'string' && key.includes('.') && options.model) {
      const keyParts = key.split('.');
      if (options.model.rawAttributes[keyParts[0]] && options.model.rawAttributes[keyParts[0]].type instanceof DataTypes.JSON) {

--- a/test/integration/model.test.js
+++ b/test/integration/model.test.js
@@ -935,7 +935,7 @@ describe(Support.getTestDialectTeaser('Model'), () => {
          throw new Error('Update should throw an error if where has a key with undefined value');
        }, err => {
          expect(err).to.be.an.instanceof(Error);
-          expect(err.message).to.equal('WHERE parameter "username" of BULKUPDATE query has value of undefined');
+          expect(err.message).to.equal('WHERE parameter "username" has invalid "undefined" value');
        });
      });
    });
@@ -1304,7 +1304,7 @@ describe(Support.getTestDialectTeaser('Model'), () => {
        throw new Error('Destroy should throw an error if where has a key with undefined value');
      }, err => {
        expect(err).to.be.an.instanceof(Error);
-        expect(err.message).to.equal('WHERE parameter "username" of BULKDELETE query has value of undefined');
+        expect(err.message).to.equal('WHERE parameter "username" has invalid "undefined" value');
      });
    });

--- a/test/integration/model/create.test.js
+++ b/test/integration/model/create.test.js
@@ -164,7 +164,7 @@ describe(Support.getTestDialectTeaser('Model'), () => {
        }));
    });
-    it('should work with undefined uuid primary key in where', function() {
+    it('should work with empty uuid primary key in where', function() {
      const User = this.sequelize.define('User', {
        id: {
          type: DataTypes.UUID,
@@ -179,9 +179,7 @@ describe(Support.getTestDialectTeaser('Model'), () => {
      return User.sync({force: true}).then(() => {
        return User.findOrCreate({
-          where: {
+          where: {},
-            id: undefined
-          },
          defaults: {
            name: Math.random().toString()
          }

--- a/test/integration/model/findAll.test.js
+++ b/test/integration/model/findAll.test.js
@@ -1444,9 +1444,12 @@ describe(Support.getTestDialectTeaser('Model'), () => {
        });
      });
-      it('should ignore undefined in where parameters', function() {
+      it('should throw for undefined where parameters', function() {
-        return this.User.findAll({where: {username: undefined}}).then(users => {
+        return this.User.findAll({where: {username: undefined}}).then(() => {
-          expect(users.length).to.equal(2);
+          throw new Error('findAll should throw an error if where has a key with undefined value');
+        }, err => {
+          expect(err).to.be.an.instanceof(Error);
+          expect(err.message).to.equal('WHERE parameter "username" has invalid "undefined" value');
        });
      });
    });

--- a/test/unit/sql/delete.test.js
+++ b/test/unit/sql/delete.test.js
@@ -203,7 +203,7 @@ suite(Support.getTestDialectTeaser('SQL'), () => {
          User
        );
        return expectsql(sqlOrError, {
-          default: new Error('WHERE parameter "name" of BULKDELETE query has value of undefined')
+          default: new Error('WHERE parameter "name" has invalid "undefined" value')
        });
      });
    });

--- a/test/unit/sql/where.test.js
+++ b/test/unit/sql/where.test.js
@@ -33,22 +33,22 @@ suite(Support.getTestDialectTeaser('SQL'), () => {
      default: ''
    });
    testsql({id: undefined}, {
-      default: ''
+      default: new Error('WHERE parameter "id" has invalid "undefined" value')
    });
    testsql({id: 1}, {
      default: 'WHERE [id] = 1'
    });
    testsql({id: 1, user: undefined}, {
-      default: 'WHERE [id] = 1'
+      default: new Error('WHERE parameter "user" has invalid "undefined" value')
    });
    testsql({id: 1, user: undefined}, {type: QueryTypes.SELECT}, {
-      default: 'WHERE [id] = 1'
+      default: new Error('WHERE parameter "user" has invalid "undefined" value')
    });
    testsql({id: 1, user: undefined}, {type: QueryTypes.BULKDELETE}, {
-      default: new Error('WHERE parameter "user" of BULKDELETE query has value of undefined')
+      default: new Error('WHERE parameter "user" has invalid "undefined" value')
    });
    testsql({id: 1, user: undefined}, {type: QueryTypes.BULKUPDATE}, {
-      default: new Error('WHERE parameter "user" of BULKUPDATE query has value of undefined')
+      default: new Error('WHERE parameter "user" has invalid "undefined" value')
    });
    testsql({id: 1}, {prefix: 'User'}, {
      default: 'WHERE [User].[id] = 1'