Skip authData validation if it hasn't changed. (#3783)

* Adds test for the new feature * Re-validate authData only if mutated - In case of short-lived tokens (like facebook) this will allow clients to be lax with asking users to re-login
2017-05-07 12:55:30 -04:00
parent 4f903952bf
commit 45a9d50110
3 changed files with 64 additions and 10 deletions
--- a/spec/ParseUser.spec.js
+++ b/spec/ParseUser.spec.js
@@ -1696,6 +1696,40 @@ describe('Parse.User testing', () => {
    });
  });

+  it('should allow login with old authData token', (done) => {
+    const provider = {
+      authData: {
+        id: '12345',
+        access_token: 'token'
+      },
+      restoreAuthentication: function() {
+        return true;
+      },
+      deauthenticate: function() {
+        provider.authData = {};
+      },
+      authenticate: function(options) {
+        options.success(this, provider.authData);
+      },
+      getAuthType: function() {
+        return "shortLivedAuth";
+      }
+    }
+    defaultConfiguration.auth.shortLivedAuth.setValidAccessToken('token');
+    Parse.User._registerAuthenticationProvider(provider);
+    Parse.User._logInWith("shortLivedAuth", {}).then(() => {
+      // Simulate a remotely expired token (like a short lived one)
+      // In this case, we want success as it was valid once.
+      // If the client needs an updated one, do lock the user out
+      defaultConfiguration.auth.shortLivedAuth.setValidAccessToken('otherToken');
+      return Parse.User._logInWith("shortLivedAuth", {});
+    }).then(() => {
+      done();
+    }, (err) => {
+      done.fail(err);
+    });
+  });
+
  it('should properly error when password is missing', (done) => {
    var provider = getMockFacebookProvider();
    Parse.User._registerAuthenticationProvider(provider);
--- a/spec/helper.js
+++ b/spec/helper.js
@@ -106,7 +106,8 @@ var defaultConfiguration = {
    facebook: mockFacebook(),
    myoauth: {
      module: path.resolve(__dirname, "myoauth") // relative path as it's run from src
-    }
+    },
+    shortLivedAuth: mockShortLivedAuth()
  }
 };

@@ -369,6 +370,25 @@ function mockFacebook() {
  return mockFacebookAuthenticator('8675309', 'jenny');
 }

+function mockShortLivedAuth() {
+  const auth = {};
+  let accessToken;
+  auth.setValidAccessToken = function(validAccessToken) {
+    accessToken = validAccessToken;
+  }
+  auth.validateAuthData = function(authData) {
+    if (authData.access_token == accessToken) {
+      return Promise.resolve();
+    } else {
+      return Promise.reject('Invalid access token');
+    }
+  };
+  auth.validateAppId = function() {
+    return Promise.resolve();
+  };
+  return auth;
+}
+

 // This is polluting, but, it makes it way easier to directly port old tests.
 global.Parse = Parse;