Clears session on password change

flovilmart · flovilmart · commit ea07eb506d8f · 2016-02-15T10:15:47.000-05:00
- Fixes error type when passing an invalid session token
diff --git a/spec/ParseUser.spec.js b/spec/ParseUser.spec.js
@@ -1606,7 +1606,9 @@ describe('Parse.User testing', () => {
     }).then(function(newUser) {
       fail('Session should have been invalidated');
       done();
-    }, function() {
+    }, function(err) {
+      expect(err.code).toBe(209);
+      expect(err.message).toBe('invalid session token');
       done();
     });
   });
diff --git a/src/RestWrite.js b/src/RestWrite.js
@@ -306,7 +306,7 @@ RestWrite.prototype.transformUser = function() {
     if (!this.data.password) {
       return;
     }
-    if (this.query) {
+    if (this.query && !this.auth.isMaster ) {
       this.storage['clearSessions'] = true;
     }
     return passwordCrypto.hash(this.data.password).then((hashedPassword) => {
diff --git a/src/Routers/UsersRouter.js b/src/Routers/UsersRouter.js
@@ -41,8 +41,7 @@ export class UsersRouter extends ClassesRouter {
 
   handleMe(req) {
     if (!req.info || !req.info.sessionToken) {
-      throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND,
-        'Object not found.');
+      throw new Parse.Error(Parse.Error.INVALID_SESSION_TOKEN, 'invalid session token');
     }
     return rest.find(req.config, Auth.master(req.config), '_Session',
       { _session_token: req.info.sessionToken },
@@ -51,8 +50,7 @@ export class UsersRouter extends ClassesRouter {
         if (!response.results ||
           response.results.length == 0 ||
           !response.results[0].user) {
-          throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND,
-            'Object not found.');
+          throw new Parse.Error(Parse.Error.INVALID_SESSION_TOKEN, 'invalid session token');
         } else {
           let user = response.results[0].user;
           return { response: user };
@@ -145,10 +143,10 @@ export class UsersRouter extends ClassesRouter {
     let router = new PromiseRouter();
     router.route('GET', '/users', req => { return this.handleFind(req); });
     router.route('POST', '/users', req => { return this.handleCreate(req); });
+    router.route('GET', '/users/me', req => { return this.handleMe(req); });
     router.route('GET', '/users/:objectId', req => { return this.handleGet(req); });
     router.route('PUT', '/users/:objectId', req => { return this.handleUpdate(req); });
     router.route('DELETE', '/users/:objectId', req => { return this.handleDelete(req); });
-    router.route('GET', '/users/me', req => { return this.handleMe(req); });
     router.route('GET', '/login', req => { return this.handleLogIn(req); });
     router.route('POST', '/logout', req => { return this.handleLogOut(req); });
     router.route('POST', '/requestPasswordReset', () => {

Original file line number	Diff line number	Diff line change
`@@ -306,7 +306,7 @@ RestWrite.prototype.transformUser = function() {`
`306`	`306`	`if (!this.data.password) {`
`307`	`307`	`return;`
`308`	`308`	`}`
`309`		`- if (this.query) {`
	`309`	`+ if (this.query && !this.auth.isMaster ) {`
`310`	`310`	`this.storage['clearSessions'] = true;`
`311`	`311`	`}`
`312`	`312`	`return passwordCrypto.hash(this.data.password).then((hashedPassword) => {`