Skip to content

Skip authData validation if it hasn't changed. #3783

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
May 7, 2017
Merged

Skip authData validation if it hasn't changed. #3783

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b378a39
Adds test for the new feature
flovilmart May 7, 2017
aabc829
Re-validate authData only if mutated
flovilmart May 7, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 34 additions & 0 deletions spec/ParseUser.spec.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1696,6 +1696,40 @@ describe('Parse.User testing', () => {
});
});

it('should allow login with old authData token', (done) => {
const provider = {
authData: {
id: '12345',
access_token: 'token'
},
restoreAuthentication: function() {
return true;
},
deauthenticate: function() {
provider.authData = {};
},
authenticate: function(options) {
options.success(this, provider.authData);
},
getAuthType: function() {
return "shortLivedAuth";
}
}
defaultConfiguration.auth.shortLivedAuth.setValidAccessToken('token');
Parse.User._registerAuthenticationProvider(provider);
Parse.User._logInWith("shortLivedAuth", {}).then(() => {
// Simulate a remotely expired token (like a short lived one)
// In this case, we want success as it was valid once.
// If the client needs an updated one, do lock the user out
defaultConfiguration.auth.shortLivedAuth.setValidAccessToken('otherToken');
return Parse.User._logInWith("shortLivedAuth", {});
}).then(() => {
done();
}, (err) => {
done.fail(err);
});
});

it('should properly error when password is missing', (done) => {
var provider = getMockFacebookProvider();
Parse.User._registerAuthenticationProvider(provider);
Expand Down
22 changes: 21 additions & 1 deletion spec/helper.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -106,7 +106,8 @@ var defaultConfiguration = {
facebook: mockFacebook(),
myoauth: {
module: path.resolve(__dirname, "myoauth") // relative path as it's run from src
}
},
shortLivedAuth: mockShortLivedAuth()
}
};

Expand Down Expand Up @@ -369,6 +370,25 @@ function mockFacebook() {
return mockFacebookAuthenticator('8675309', 'jenny');
}

function mockShortLivedAuth() {
const auth = {};
let accessToken;
auth.setValidAccessToken = function(validAccessToken) {
accessToken = validAccessToken;
}
auth.validateAuthData = function(authData) {
if (authData.access_token == accessToken) {
return Promise.resolve();
} else {
return Promise.reject('Invalid access token');
}
};
auth.validateAppId = function() {
return Promise.resolve();
};
return auth;
}


// This is polluting, but, it makes it way easier to directly port old tests.
global.Parse = Parse;
Expand Down
18 changes: 9 additions & 9 deletions src/RestWrite.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -277,9 +277,7 @@ RestWrite.prototype.findUsersWithAuthData = function(authData) {

RestWrite.prototype.handleAuthData = function(authData) {
let results;
return this.handleAuthDataValidation(authData).then(() => {
return this.findUsersWithAuthData(authData);
}).then((r) => {
return this.findUsersWithAuthData(authData).then((r) => {
results = r;
if (results.length > 1) {
// More than 1 user with the passed id's
Expand Down Expand Up @@ -307,26 +305,28 @@ RestWrite.prototype.handleAuthData = function(authData) {
mutatedAuthData[provider] = providerData;
}
});

this.response = {
response: userResult,
location: this.location()
};

// If we didn't change the auth data, just keep going
if (Object.keys(mutatedAuthData).length === 0) {
return;
}
// We have authData that is updated on login
// that can happen when token are refreshed,
// We should update the token and let the user in
if (Object.keys(mutatedAuthData).length > 0) {
// We should only check the mutated keys
return this.handleAuthDataValidation(mutatedAuthData).then(() => {
// Assign the new authData in the response
Object.keys(mutatedAuthData).forEach((provider) => {
this.response.response.authData[provider] = mutatedAuthData[provider];
});
// Run the DB update directly, as 'master'
// Just update the authData part
return this.config.database.update(this.className, {objectId: this.data.objectId}, {authData: mutatedAuthData}, {});
}
return;

});
} else if (this.query && this.query.objectId) {
// Trying to update auth data but users
// are different
Expand All @@ -336,7 +336,7 @@ RestWrite.prototype.handleAuthData = function(authData) {
}
}
}
return;
return this.handleAuthDataValidation(authData);
});
}

Expand Down