fix(Users): Makes sure verifying emails triggers hooks and liveQuery (#3851)

* Use RestWrite when verifying emails so hooks are called (as master)

* Fixes tests for postgres

* nit

* Makes rest.update support a full where instead of objectId

* Use rest.update to guaranteed proper beforeSave and liveQuery calls

src/Adapters/Storage/Postgres/PostgresStorageAdapter.js

@@ -58,7 +58,8 @@ const toPostgresValue = value => {
 }
 
 const transformValue = value => {
-  if (value.__type === 'Pointer') {
+  if (typeof value === 'object' &&
+        value.__type === 'Pointer') {
     return value.objectId;
   }
   return value;

src/Controllers/UserController.js

@@ -59,18 +59,13 @@ export class UserController extends AdaptableController {
 
       updateFields._email_verify_token_expires_at = {__op: 'Delete'};
     }
-
+    const masterAuth = Auth.master(this.config);
     var checkIfAlreadyVerified = new RestQuery(this.config, Auth.master(this.config), '_User', {username: username, emailVerified: true});
     return checkIfAlreadyVerified.execute().then(result => {
       if (result.results.length) {
         return Promise.resolve(result.results.length[0]);
       }
-      return this.config.database.update('_User', query, updateFields).then((document) => {
-        if (!document) {
-          throw undefined
-        }
-        return Promise.resolve(document);
-      })
+      return rest.update(this.config, masterAuth, '_User', query, updateFields);
     });
   }
 
@@ -229,7 +224,7 @@ export class UserController extends AdaptableController {
 
 // Mark this private
 function updateUserPassword(userId, password, config) {
-  return rest.update(config, Auth.master(config), '_User', userId, {
+  return rest.update(config, Auth.master(config), '_User', { objectId: userId }, {
     password: password
   });
 }

src/RestWrite.js

@@ -360,7 +360,8 @@ RestWrite.prototype.transformUser = function() {
     throw new Parse.Error(Parse.Error.OPERATION_FORBIDDEN, error);
   }
 
-  if (this.query) {
+  // Do not cleanup session if objectId is not set
+  if (this.query && this.objectId()) {
     // If we're updating a _User object, we need to clear out the cache for that user. Find all their
     // session tokens, and remove them from the cache.
     promise = new RestQuery(this.config, Auth.master(this.config), '_Session', {

src/Routers/ClassesRouter.js

@@ -103,7 +103,8 @@ export class ClassesRouter extends PromiseRouter {
   }
 
   handleUpdate(req) {
-    return rest.update(req.config, req.auth, req.params.className, req.params.objectId, req.body, req.info.clientSDK);
+    const where = { objectId: req.params.objectId }
+    return rest.update(req.config, req.auth, req.params.className, where, req.body, req.info.clientSDK);
   }
 
   handleDelete(req) {

src/rest.js

@@ -113,14 +113,14 @@ function create(config, auth, className, restObject, clientSDK) {
 // Returns a promise that contains the fields of the update that the
 // REST API is supposed to return.
 // Usually, this is just updatedAt.
-function update(config, auth, className, objectId, restObject, clientSDK) {
+function update(config, auth, className, restWhere, restObject, clientSDK) {
   enforceRoleSecurity('update', className, auth);
 
   return Promise.resolve().then(() => {
     const hasTriggers = checkTriggers(className, config, ['beforeSave', 'afterSave']);
     const hasLiveQuery = checkLiveQuery(className, config);
     if (hasTriggers || hasLiveQuery) {
-      return find(config, Auth.master(config), className, {objectId: objectId});
+      return find(config, Auth.master(config), className, restWhere);
     }
     return Promise.resolve({});
   }).then((response) => {
@@ -129,7 +129,7 @@ function update(config, auth, className, objectId, restObject, clientSDK) {
       originalRestObject = response.results[0];
     }
 
-    var write = new RestWrite(config, auth, className, {objectId: objectId}, restObject, originalRestObject, clientSDK);
+    var write = new RestWrite(config, auth, className, restWhere, restObject, originalRestObject, clientSDK);
     return write.execute();
   });
 }