handling matching api.parse.com when calling upgradeToRevocableSession without a sessionToken (#2721)

2016-09-17 15:52:52 -04:00
parent 90e9994195
commit 109bc9a0ce
2 changed files with 25 additions and 0 deletions
--- a/spec/RevocableSessionsUpgrade.spec.js
+++ b/spec/RevocableSessionsUpgrade.spec.js
@@ -89,4 +89,24 @@ describe_only_db('mongo')('revocable sessions', () => {
      done();
    });
  });
+
+  it('should not crash without session token #2720', done => {
+    rp.post({
+      url: Parse.serverURL+'/upgradeToRevocableSession',
+      headers: {
+        'X-Parse-Application-Id': Parse.applicationId,
+        'X-Parse-Rest-API-Key': 'rest'
+      },
+      json: true
+    }).then((res) => {
+      fail('should not be able to upgrade a bad token');
+    }, (response) => {
+      expect(response.statusCode).toBe(404);
+      expect(response.error).not.toBeUndefined();
+      expect(response.error.code).toBe(Parse.Error.OBJECT_NOT_FOUND);
+      expect(response.error.error).toEqual('invalid session');
+    }).then(() => {
+      done();
+    });
+  });
 })