Results invalid session when providing an invalid session token (#2154)

* Results invalid session when providing an invalid session token * Reverts unsafe loggers * Fixes failing tests - The tests were failin when run in sequence as we called done() before the JSSDK had a chance to register the session token, therefore having a proper logout call in afterEach
2016-06-26 23:20:02 -04:00
parent a861c4e506
commit 147b493e23
5 changed files with 69 additions and 23 deletions
--- a/src/Auth.js
+++ b/src/Auth.js
@@ -58,7 +58,7 @@ var getAuthForSessionToken = function({ config, sessionToken, installationId } =
    return query.execute().then((response) => {
      var results = response.results;
      if (results.length !== 1 || !results[0]['user']) {
-        return nobody(config);
+        throw new Parse.Error(Parse.Error.INVALID_SESSION_TOKEN, 'invalid session token');
      }

      var now = new Date(),
--- a/src/middlewares.js
+++ b/src/middlewares.js
@@ -130,6 +130,10 @@ function handleParseHeaders(req, res, next) {
    return invalidRequest(req, res);
  }

+  if (req.url == "/login") {
+    delete info.sessionToken;
+  }
+
  if (!info.sessionToken) {
    req.auth = new auth.Auth({ config: req.config, installationId: info.installationId, isMaster: false });
    next();
@@ -219,6 +223,7 @@ var allowMethodOverride = function(req, res, next) {
 };

 var handleParseErrors = function(err, req, res, next) {
+  // TODO: Add logging as those errors won't make it to the PromiseRouter
  if (err instanceof Parse.Error) {
    var httpStatus;