Merge pull request #254 from ParsePlatform/fosco.logout

Removed extra /logout handler

Author: gfosco

spec/ParseUser.spec.js

@@ -1592,5 +1592,27 @@ describe('Parse.User testing', () => {
     });
   });
 
+  it('ensure logout works', (done) => {
+    var user = null;
+    var sessionToken = null;
+
+    Parse.Promise.as().then(function() {
+      return Parse.User.signUp('log', 'out');
+    }).then((newUser) => {
+      user = newUser;
+      sessionToken = user.getSessionToken();
+      return Parse.User.logOut();
+    }).then(() => {
+      user.set('foo', 'bar');
+      return user.save(null, { sessionToken: sessionToken });
+    }).then(() => {
+      fail('Save should have failed.');
+      done();
+    }, (e) => {
+      expect(e.code).toEqual(Parse.Error.SESSION_MISSING);
+      done();
+    });
+  })
+
 });
 

src/RestWrite.js

@@ -637,7 +637,7 @@ RestWrite.prototype.runDatabaseOperation = function() {
       this.query &&
       !this.auth.couldUpdateUserId(this.query.objectId)) {
     throw new Parse.Error(Parse.Error.SESSION_MISSING,
-                          'cannot modify user ' + this.objectId);
+                          'cannot modify user ' + this.query.objectId);
   }
 
   // TODO: Add better detection for ACL, ensuring a user can't be locked from

src/sessions.js

@@ -41,29 +41,6 @@ function handleGet(req) {
   });
 }
 
-function handleLogout(req) {
-  // TODO: Verify correct behavior for logout without token
-  if (!req.info || !req.info.sessionToken) {
-    throw new Parse.Error(Parse.Error.SESSION_MISSING,
-                          'Session token required for logout.');
-  }
-  return rest.find(req.config, Auth.master(req.config), '_Session',
-                  { _session_token: req.info.sessionToken})
-  .then((response) => {
-    if (!response.results || response.results.length == 0) {
-      throw new Parse.Error(Parse.Error.INVALID_SESSION_TOKEN,
-                            'Session token not found.');
-    }
-    return rest.del(req.config, Auth.master(req.config), '_Session',
-                    response.results[0].objectId);
-  }).then(() => {
-    return {
-      status: 200,
-      response: {}
-    };
-  });
-}
-
 function handleFind(req) {
   var options = {};
   if (req.body.skip) {
@@ -111,12 +88,11 @@ function handleMe(req) {
   });
 }
 
-router.route('POST', '/logout', handleLogout);
 router.route('POST','/sessions', handleCreate);
 router.route('GET','/sessions/me', handleMe);
 router.route('GET','/sessions/:objectId', handleGet);
 router.route('PUT','/sessions/:objectId', handleUpdate);
 router.route('GET','/sessions', handleFind);
 router.route('DELETE','/sessions/:objectId', handleDelete);
 
-module.exports = router;
+module.exports = router;

src/users.js

@@ -169,14 +169,17 @@ function handleDelete(req) {
 function handleLogOut(req) {
   var success = {response: {}};
   if (req.info && req.info.sessionToken) {
-    rest.find(req.config, Auth.master(req.config), '_Session',
+    return rest.find(req.config, Auth.master(req.config), '_Session',
       {_session_token: req.info.sessionToken}
     ).then((records) => {
       if (records.results && records.results.length) {
-        rest.del(req.config, Auth.master(req.config), '_Session',
-          records.results[0].id
-        );
+        return rest.del(req.config, Auth.master(req.config), '_Session',
+          records.results[0].objectId
+        ).then(() => {
+          return Promise.resolve(success);
+        });
       }
+      return Promise.resolve(success);
     });
   }
   return Promise.resolve(success);