Merge branch 'master' into session-token

# Conflicts:
#	src/users.js

src/Routers/InstallationsRouter.js

@@ -51,12 +51,12 @@ export class InstallationsRouter extends ClassesRouter {
   }
 
   getExpressRouter() {
-    var router = new PromiseRouter();
-    router.route('GET','/installations', (req) => { return this.handleFind(req); });
-    router.route('GET','/installations/:objectId', (req) => { return this.handleGet(req); });
-    router.route('POST','/installations', (req) => { return this.handleCreate(req); });
-    router.route('PUT','/installations/:objectId', (req) => { return this.handleUpdate(req); });
-    router.route('DELETE','/installations/:objectId', (req) => { return this.handleDelete(req); });
+    let router = new PromiseRouter();
+    router.route('GET','/installations', req => { return this.handleFind(req); });
+    router.route('GET','/installations/:objectId', req => { return this.handleGet(req); });
+    router.route('POST','/installations', req => { return this.handleCreate(req); });
+    router.route('PUT','/installations/:objectId', req => { return this.handleUpdate(req); });
+    router.route('DELETE','/installations/:objectId', req => { return this.handleDelete(req); });
     return router;
   }
 }

src/Routers/RolesRouter.js

@@ -0,0 +1,43 @@
+
+import ClassesRouter from './ClassesRouter';
+import PromiseRouter from '../PromiseRouter';
+import rest from '../rest';
+
+export class RolesRouter extends ClassesRouter {
+  handleFind(req) {
+    req.params.className = '_Role';
+    return super.handleFind(req);
+  }
+
+  handleGet(req) {
+    req.params.className = '_Role';
+    return super.handleGet(req);
+  }
+
+  handleCreate(req) {
+    req.params.className = '_Role';
+    return super.handleCreate(req);
+  }
+
+  handleUpdate(req) {
+    req.params.className = '_Role';
+    return super.handleUpdate(req);
+  }
+
+  handleDelete(req) {
+    req.params.className = '_Role';
+    return super.handleDelete(req);
+  }
+
+  getExpressRouter() {
+    let router = new PromiseRouter();
+    router.route('GET','/roles', req => { return this.handleFind(req); });
+    router.route('GET','/roles/:objectId', req => { return this.handleGet(req); });
+    router.route('POST','/roles', req => { return this.handleCreate(req); });
+    router.route('PUT','/roles/:objectId', req => { return this.handleUpdate(req); });
+    router.route('DELETE','/roles/:objectId', req => { return this.handleDelete(req); });
+    return router;
+  }
+}
+
+export default RolesRouter;

src/Routers/SessionsRouter.js

@@ -0,0 +1,63 @@
+
+import ClassesRouter from './ClassesRouter';
+import PromiseRouter from '../PromiseRouter';
+import rest from '../rest';
+import Auth from '../Auth';
+
+export class SessionsRouter extends ClassesRouter {
+  handleFind(req) {
+    req.params.className = '_Session';
+    return super.handleFind(req);
+  }
+
+  handleGet(req) {
+    req.params.className = '_Session';
+    return super.handleGet(req);
+  }
+
+  handleCreate(req) {
+    req.params.className = '_Session';
+    return super.handleCreate(req);
+  }
+
+  handleUpdate(req) {
+    req.params.className = '_Session';
+    return super.handleUpdate(req);
+  }
+
+  handleDelete(req) {
+    req.params.className = '_Session';
+    return super.handleDelete(req);
+  }
+
+  handleMe(req) {
+    // TODO: Verify correct behavior
+    if (!req.info || !req.info.sessionToken) {
+      throw new Parse.Error(Parse.Error.INVALID_SESSION_TOKEN,
+        'Session token required.');
+    }
+    return rest.find(req.config, Auth.master(req.config), '_Session', { _session_token: req.info.sessionToken })
+      .then((response) => {
+        if (!response.results || response.results.length == 0) {
+          throw new Parse.Error(Parse.Error.INVALID_SESSION_TOKEN,
+            'Session token not found.');
+        }
+        return {
+          response: response.results[0]
+        };
+      });
+  }
+
+  getExpressRouter() {
+    let router = new PromiseRouter();
+    router.route('GET','/sessions/me', req => { return this.handleMe(req); });
+    router.route('GET', '/sessions', req => { return this.handleFind(req); });
+    router.route('GET', '/sessions/:objectId', req => { return this.handleGet(req); });
+    router.route('POST', '/sessions', req => { return this.handleCreate(req); });
+    router.route('PUT', '/sessions/:objectId', req => { return this.handleUpdate(req); });
+    router.route('DELETE', '/sessions/:objectId', req => { return this.handleDelete(req); });
+    return router;
+  }
+}
+
+export default SessionsRouter;

src/Routers/UsersRouter.js

@@ -0,0 +1,163 @@
+// These methods handle the User-related routes.
+
+import hat from 'hat';
+import deepcopy from 'deepcopy';
+
+import ClassesRouter from './ClassesRouter';
+import PromiseRouter from '../PromiseRouter';
+import rest from '../rest';
+import Auth from '../Auth';
+import passwordCrypto from '../password';
+import RestWrite from '../RestWrite';
+
+const rack = hat.rack();
+
+export class UsersRouter extends ClassesRouter {
+  handleFind(req) {
+    req.params.className = '_User';
+    return super.handleFind(req);
+  }
+
+  handleGet(req) {
+    req.params.className = '_User';
+    return super.handleGet(req);
+  }
+
+  handleCreate(req) {
+    let data = deepcopy(req.body);
+    data.installationId = req.info.installationId;
+    req.body = data;
+    req.params.className = '_User';
+    return super.handleCreate(req);
+  }
+
+  handleUpdate(req) {
+    req.params.className = '_User';
+    return super.handleUpdate(req);
+  }
+
+  handleDelete(req) {
+    req.params.className = '_User';
+    return super.handleDelete(req);
+  }
+
+  handleMe(req) {
+    if (!req.info || !req.info.sessionToken) {
+      throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND,
+        'Object not found.');
+    }
+    return rest.find(req.config, Auth.master(req.config), '_Session',
+      { _session_token: req.info.sessionToken },
+      { include: 'user' })
+      .then((response) => {
+        if (!response.results ||
+          response.results.length == 0 ||
+          !response.results[0].user) {
+          throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND,
+            'Object not found.');
+        } else {
+          let user = response.results[0].user;
+          return { response: user };
+        }
+      });
+  }
+
+  handleLogIn(req) {
+    // Use query parameters instead if provided in url
+    if (!req.body.username && req.query.username) {
+      req.body = req.query;
+    }
+
+    // TODO: use the right error codes / descriptions.
+    if (!req.body.username) {
+      throw new Parse.Error(Parse.Error.USERNAME_MISSING, 'username is required.');
+    }
+    if (!req.body.password) {
+      throw new Parse.Error(Parse.Error.PASSWORD_MISSING, 'password is required.');
+    }
+
+    let user;
+    return req.database.find('_User', { username: req.body.username })
+      .then((results) => {
+        if (!results.length) {
+          throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Invalid username/password.');
+        }
+        user = results[0];
+        return passwordCrypto.compare(req.body.password, user.password);
+      }).then((correct) => {
+        if (!correct) {
+          throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Invalid username/password.');
+        }
+
+        let token = 'r:' + rack();
+        user.sessionToken = token;
+        delete user.password;
+
+        req.config.filesController.expandFilesInObject(req.config, user);
+
+        let expiresAt = new Date();
+        expiresAt.setFullYear(expiresAt.getFullYear() + 1);
+
+        let sessionData = {
+          sessionToken: token,
+          user: {
+            __type: 'Pointer',
+            className: '_User',
+            objectId: user.objectId
+          },
+          createdWith: {
+            'action': 'login',
+            'authProvider': 'password'
+          },
+          restricted: false,
+          expiresAt: Parse._encode(expiresAt)
+        };
+
+        if (req.info.installationId) {
+          sessionData.installationId = req.info.installationId
+        }
+
+        let create = new RestWrite(req.config, Auth.master(req.config), '_Session', null, sessionData);
+        return create.execute();
+      }).then(() => {
+        return { response: user };
+      });
+  }
+
+  handleLogOut(req) {
+    let success = {response: {}};
+    if (req.info && req.info.sessionToken) {
+      return rest.find(req.config, Auth.master(req.config), '_Session',
+        { _session_token: req.info.sessionToken }
+      ).then((records) => {
+        if (records.results && records.results.length) {
+          return rest.del(req.config, Auth.master(req.config), '_Session',
+            records.results[0].objectId
+          ).then(() => {
+            return Promise.resolve(success);
+          });
+        }
+        return Promise.resolve(success);
+      });
+    }
+    return Promise.resolve(success);
+  }
+
+  getExpressRouter() {
+    let router = new PromiseRouter();
+    router.route('GET', '/users', req => { return this.handleFind(req); });
+    router.route('POST', '/users', req => { return this.handleCreate(req); });
+    router.route('GET', '/users/:objectId', req => { return this.handleGet(req); });
+    router.route('PUT', '/users/:objectId', req => { return this.handleUpdate(req); });
+    router.route('DELETE', '/users/:objectId', req => { return this.handleDelete(req); });
+    router.route('GET', '/users/me', req => { return this.handleMe(req); });
+    router.route('GET', '/login', req => { return this.handleLogIn(req); });
+    router.route('POST', '/logout', req => { return this.handleLogOut(req); });
+    router.route('POST', '/requestPasswordReset', () => {
+      throw new Parse.Error(Parse.Error.COMMAND_UNAVAILABLE, 'This path is not implemented yet.');
+    });
+    return router;
+  }
+}
+
+export default UsersRouter;