Skip authData validation if it hasn't changed. (#3783)

* Adds test for the new feature

* Re-validate authData only if mutated

- In case of short-lived tokens (like facebook) this will allow clients to be lax with asking users to re-login

spec/helper.js

@@ -106,7 +106,8 @@ var defaultConfiguration = {
     facebook: mockFacebook(),
     myoauth: {
       module: path.resolve(__dirname, "myoauth") // relative path as it's run from src
-    }
+    },
+    shortLivedAuth: mockShortLivedAuth()
   }
 };
 
@@ -369,6 +370,25 @@ function mockFacebook() {
   return mockFacebookAuthenticator('8675309', 'jenny');
 }
 
+function mockShortLivedAuth() {
+  const auth = {};
+  let accessToken;
+  auth.setValidAccessToken = function(validAccessToken) {
+    accessToken = validAccessToken;
+  }
+  auth.validateAuthData = function(authData) {
+    if (authData.access_token == accessToken) {
+      return Promise.resolve();
+    } else {
+      return Promise.reject('Invalid access token');
+    }
+  };
+  auth.validateAppId = function() {
+    return Promise.resolve();
+  };
+  return auth;
+}
+
 
 // This is polluting, but, it makes it way easier to directly port old tests.
 global.Parse = Parse;