Fixes sessionTokens being overridden in 'find' (#4332)
* remove session token replacement code * adds cases for _User/_Session with sessionToken and with/without masterKey
This commit is contained in:
Benjamin Wilson Friedman
committed by
Florent Vilmart
Florent Vilmart
parent
2b9397a5a9
commit
219ad7224a
126
spec/ParseSession.spec.js
Normal file
126
spec/ParseSession.spec.js
Normal file
@@ -0,0 +1,126 @@
|
|||||||
|
//
|
||||||
|
// Tests behavior of Parse Sessions
|
||||||
|
//
|
||||||
|
|
||||||
|
"use strict";
|
||||||
|
|
||||||
|
function setupTestUsers() {
|
||||||
|
const user1 = new Parse.User();
|
||||||
|
const user2 = new Parse.User();
|
||||||
|
const user3 = new Parse.User();
|
||||||
|
|
||||||
|
user1.set("username", "testuser_1");
|
||||||
|
user2.set("username", "testuser_2");
|
||||||
|
user3.set("username", "testuser_3");
|
||||||
|
|
||||||
|
user1.set("password", "password");
|
||||||
|
user2.set("password", "password");
|
||||||
|
user3.set("password", "password");
|
||||||
|
|
||||||
|
return user1.signUp().then(() => {
|
||||||
|
return user2.signUp();
|
||||||
|
}).then(() => {
|
||||||
|
return user3.signUp();
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
describe('Parse.Session', () => {
|
||||||
|
|
||||||
|
// multiple sessions with masterKey + sessionToken
|
||||||
|
it('should retain original sessionTokens with masterKey & sessionToken set', (done) => {
|
||||||
|
setupTestUsers().then((user) => {
|
||||||
|
const query = new Parse.Query(Parse.Session);
|
||||||
|
return query.find({
|
||||||
|
useMasterKey: true,
|
||||||
|
sessionToken: user.get('sessionToken')
|
||||||
|
});
|
||||||
|
}).then((results) => {
|
||||||
|
const foundKeys = [];
|
||||||
|
expect(results.length).toBe(3);
|
||||||
|
for(const key in results) {
|
||||||
|
const sessionToken = results[key].get('sessionToken');
|
||||||
|
if(foundKeys[sessionToken]) {
|
||||||
|
fail('Duplicate session token present in response');
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
foundKeys[sessionToken] = 1;
|
||||||
|
}
|
||||||
|
done();
|
||||||
|
}).catch((err) => {
|
||||||
|
fail(err);
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
|
// single session returned, with just one sessionToken
|
||||||
|
it('should retain original sessionTokens with just sessionToken set', (done) => {
|
||||||
|
let knownSessionToken;
|
||||||
|
setupTestUsers().then((user) => {
|
||||||
|
knownSessionToken = user.get('sessionToken');
|
||||||
|
const query = new Parse.Query(Parse.Session);
|
||||||
|
return query.find({
|
||||||
|
sessionToken: knownSessionToken
|
||||||
|
});
|
||||||
|
}).then((results) => {
|
||||||
|
expect(results.length).toBe(1);
|
||||||
|
const sessionToken = results[0].get('sessionToken');
|
||||||
|
expect(sessionToken).toBe(knownSessionToken);
|
||||||
|
done();
|
||||||
|
}).catch((err) => {
|
||||||
|
fail(err);
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
|
// multiple users with masterKey + sessionToken
|
||||||
|
it('token on users should retain original sessionTokens with masterKey & sessionToken set', (done) => {
|
||||||
|
setupTestUsers().then((user) => {
|
||||||
|
const query = new Parse.Query(Parse.User);
|
||||||
|
return query.find({
|
||||||
|
useMasterKey: true,
|
||||||
|
sessionToken: user.get('sessionToken')
|
||||||
|
});
|
||||||
|
}).then((results) => {
|
||||||
|
const foundKeys = [];
|
||||||
|
expect(results.length).toBe(3);
|
||||||
|
for(const key in results) {
|
||||||
|
const sessionToken = results[key].get('sessionToken');
|
||||||
|
if(foundKeys[sessionToken] && sessionToken !== undefined) {
|
||||||
|
fail('Duplicate session token present in response');
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
foundKeys[sessionToken] = 1;
|
||||||
|
}
|
||||||
|
done();
|
||||||
|
}).catch((err) => {
|
||||||
|
fail(err);
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
|
// multiple users with just sessionToken
|
||||||
|
it('token on users should retain original sessionTokens with just sessionToken set', (done) => {
|
||||||
|
let knownSessionToken;
|
||||||
|
setupTestUsers().then((user) => {
|
||||||
|
knownSessionToken = user.get('sessionToken');
|
||||||
|
const query = new Parse.Query(Parse.User);
|
||||||
|
return query.find({
|
||||||
|
sessionToken: knownSessionToken
|
||||||
|
});
|
||||||
|
}).then((results) => {
|
||||||
|
const foundKeys = [];
|
||||||
|
expect(results.length).toBe(3);
|
||||||
|
for(const key in results) {
|
||||||
|
const sessionToken = results[key].get('sessionToken');
|
||||||
|
if(foundKeys[sessionToken] && sessionToken !== undefined) {
|
||||||
|
fail('Duplicate session token present in response');
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
foundKeys[sessionToken] = 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
done();
|
||||||
|
}).catch((err) => {
|
||||||
|
fail(err);
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
|
});
|
||||||
@@ -27,13 +27,6 @@ export class ClassesRouter extends PromiseRouter {
|
|||||||
}
|
}
|
||||||
return rest.find(req.config, req.auth, this.className(req), body.where, options, req.info.clientSDK)
|
return rest.find(req.config, req.auth, this.className(req), body.where, options, req.info.clientSDK)
|
||||||
.then((response) => {
|
.then((response) => {
|
||||||
if (response && response.results) {
|
|
||||||
for (const result of response.results) {
|
|
||||||
if (result.sessionToken) {
|
|
||||||
result.sessionToken = req.info.sessionToken || result.sessionToken;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return { response: response };
|
return { response: response };
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user