Skip to content

Commit 5856ed0

Browse files
committed
Merge pull request #430 from flovilmart/clear-sessions
Fixes Parse.User.become / clears session on password change
2 parents 5145964 + be92b4a commit 5856ed0

File tree

3 files changed

+28
-7
lines changed

3 files changed

+28
-7
lines changed

spec/ParseUser.spec.js

Lines changed: 24 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1606,7 +1606,30 @@ describe('Parse.User testing', () => {
16061606
}).then(function(newUser) {
16071607
fail('Session should have been invalidated');
16081608
done();
1609-
}, function() {
1609+
}, function(err) {
1610+
expect(err.code).toBe(Parse.Error.INVALID_SESSION_TOKEN);
1611+
expect(err.message).toBe('invalid session token');
1612+
done();
1613+
});
1614+
});
1615+
1616+
it('test parse user become', (done) => {
1617+
var sessionToken = null;
1618+
Parse.Promise.as().then(function() {
1619+
return Parse.User.signUp("flessard", "folo",{'foo':1});
1620+
}).then(function(newUser) {
1621+
equal(Parse.User.current(), newUser);
1622+
sessionToken = newUser.getSessionToken();
1623+
ok(sessionToken);
1624+
newUser.set('foo',2);
1625+
return newUser.save();
1626+
}).then(function() {
1627+
return Parse.User.become(sessionToken);
1628+
}).then(function(newUser) {
1629+
equal(newUser.get('foo'), 2);
1630+
done();
1631+
}, function(e) {
1632+
fail('The session should still be valid');
16101633
done();
16111634
});
16121635
});

src/RestWrite.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -306,7 +306,7 @@ RestWrite.prototype.transformUser = function() {
306306
if (!this.data.password) {
307307
return;
308308
}
309-
if (this.query) {
309+
if (this.query && !this.auth.isMaster ) {
310310
this.storage['clearSessions'] = true;
311311
}
312312
return passwordCrypto.hash(this.data.password).then((hashedPassword) => {

src/Routers/UsersRouter.js

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -41,8 +41,7 @@ export class UsersRouter extends ClassesRouter {
4141

4242
handleMe(req) {
4343
if (!req.info || !req.info.sessionToken) {
44-
throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND,
45-
'Object not found.');
44+
throw new Parse.Error(Parse.Error.INVALID_SESSION_TOKEN, 'invalid session token');
4645
}
4746
return rest.find(req.config, Auth.master(req.config), '_Session',
4847
{ _session_token: req.info.sessionToken },
@@ -51,8 +50,7 @@ export class UsersRouter extends ClassesRouter {
5150
if (!response.results ||
5251
response.results.length == 0 ||
5352
!response.results[0].user) {
54-
throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND,
55-
'Object not found.');
53+
throw new Parse.Error(Parse.Error.INVALID_SESSION_TOKEN, 'invalid session token');
5654
} else {
5755
let user = response.results[0].user;
5856
return { response: user };
@@ -145,10 +143,10 @@ export class UsersRouter extends ClassesRouter {
145143
let router = new PromiseRouter();
146144
router.route('GET', '/users', req => { return this.handleFind(req); });
147145
router.route('POST', '/users', req => { return this.handleCreate(req); });
146+
router.route('GET', '/users/me', req => { return this.handleMe(req); });
148147
router.route('GET', '/users/:objectId', req => { return this.handleGet(req); });
149148
router.route('PUT', '/users/:objectId', req => { return this.handleUpdate(req); });
150149
router.route('DELETE', '/users/:objectId', req => { return this.handleDelete(req); });
151-
router.route('GET', '/users/me', req => { return this.handleMe(req); });
152150
router.route('GET', '/login', req => { return this.handleLogIn(req); });
153151
router.route('POST', '/logout', req => { return this.handleLogOut(req); });
154152
router.route('POST', '/requestPasswordReset', () => {

0 commit comments

Comments
 (0)