Adds session creation code in Auth.js (#4574)

2018-02-19 11:15:54 -05:00
parent b754d51e8e
commit 11c40dce97
5 changed files with 81 additions and 80 deletions
--- a/src/Routers/SessionsRouter.js
+++ b/src/Routers/SessionsRouter.js
@@ -3,8 +3,6 @@ import ClassesRouter from './ClassesRouter';
 import Parse         from 'parse/node';
 import rest          from '../rest';
 import Auth          from '../Auth';
-import RestWrite     from '../RestWrite';
-import { newToken }  from '../cryptoUtils';

 export class SessionsRouter extends ClassesRouter {

@@ -32,30 +30,24 @@ export class SessionsRouter extends ClassesRouter {

  handleUpdateToRevocableSession(req) {
    const config = req.config;
-    const masterAuth = Auth.master(config)
    const user = req.auth.user;
    // Issue #2720
    // Calling without a session token would result in a not found user
    if (!user) {
      throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'invalid session');
    }
-    const expiresAt = config.generateSessionExpiresAt();
-    const sessionData = {
-      sessionToken: 'r:' + newToken(),
-      user: {
-        __type: 'Pointer',
-        className: '_User',
-        objectId: user.id
-      },
+    const {
+      sessionData,
+      createSession
+    } = Auth.createSession(config, {
+      userId: user.id,
      createdWith: {
        'action': 'upgrade',
      },
-      restricted: false,
      installationId: req.auth.installationId,
-      expiresAt: Parse._encode(expiresAt)
-    };
-    const create = new RestWrite(config, masterAuth, '_Session', null, sessionData);
-    return create.execute().then(() => {
+    });
+
+    return createSession().then(() => {
      // delete the session token, use the db to skip beforeSave
      return config.database.update('_User', {
        objectId: user.id
--- a/src/Routers/UsersRouter.js
+++ b/src/Routers/UsersRouter.js
@@ -7,8 +7,6 @@ import ClassesRouter  from './ClassesRouter';
 import rest           from '../rest';
 import Auth           from '../Auth';
 import passwordCrypto from '../password';
-import RestWrite      from '../RestWrite';
-const cryptoUtils = require('../cryptoUtils');

 export class UsersRouter extends ClassesRouter {

@@ -142,8 +140,6 @@ export class UsersRouter extends ClassesRouter {
          }
        }

-        const token = 'r:' + cryptoUtils.newToken();
-        user.sessionToken = token;
        delete user.password;

        // Remove hidden properties.
@@ -161,31 +157,19 @@ export class UsersRouter extends ClassesRouter {
            delete user.authData;
          }
        }
+        const {
+          sessionData,
+          createSession
+        } = Auth.createSession(req.config, { userId: user.objectId, createdWith: {
+          'action': 'login',
+          'authProvider': 'password'
+        }, installationId: req.info.installationId });
+
+        user.sessionToken = sessionData.sessionToken;

        req.config.filesController.expandFilesInObject(req.config, user);

-        const expiresAt = req.config.generateSessionExpiresAt();
-        const sessionData = {
-          sessionToken: token,
-          user: {
-            __type: 'Pointer',
-            className: '_User',
-            objectId: user.objectId
-          },
-          createdWith: {
-            'action': 'login',
-            'authProvider': 'password'
-          },
-          restricted: false,
-          expiresAt: Parse._encode(expiresAt)
-        };
-
-        if (req.info.installationId) {
-          sessionData.installationId = req.info.installationId
-        }
-
-        const create = new RestWrite(req.config, Auth.master(req.config), '_Session', null, sessionData);
-        return create.execute();
+        return createSession();
      }).then(() => {
        return { response: user };
      });