* Adds failing test for #3451 (on multiple logins) * Factor sessionDestruction as part of Session creation flow in RestWrite * nits
This commit is contained in:
Florent Vilmart
GitHub
@@ -81,6 +81,8 @@ RestWrite.prototype.execute = function() {
|
||||
return this.transformUser();
|
||||
}).then(() => {
|
||||
return this.expandFilesForExistingObjects();
|
||||
}).then(() => {
|
||||
return this.destroyDuplicatedSessions();
|
||||
}).then(() => {
|
||||
return this.runDatabaseOperation();
|
||||
}).then(() => {
|
||||
@@ -588,19 +590,33 @@ RestWrite.prototype.createSessionToken = function() {
|
||||
this.response.response.sessionToken = token;
|
||||
}
|
||||
|
||||
// Destroy the sessions in 'Background'
|
||||
this.config.database.destroy('_Session', {
|
||||
user: {
|
||||
__type: 'Pointer',
|
||||
className: '_User',
|
||||
objectId: this.objectId()
|
||||
},
|
||||
installationId: this.auth.installationId,
|
||||
sessionToken: { '$ne': token },
|
||||
});
|
||||
return new RestWrite(this.config, Auth.master(this.config), '_Session', null, sessionData).execute();
|
||||
}
|
||||
|
||||
RestWrite.prototype.destroyDuplicatedSessions = function() {
|
||||
// Only for _Session, and at creation time
|
||||
if (this.className != '_Session' || this.query) {
|
||||
return;
|
||||
}
|
||||
// Destroy the sessions in 'Background'
|
||||
const {
|
||||
user,
|
||||
installationId,
|
||||
sessionToken,
|
||||
} = this.data;
|
||||
if (!user || !installationId) {
|
||||
return;
|
||||
}
|
||||
if (!user.objectId) {
|
||||
return;
|
||||
}
|
||||
this.config.database.destroy('_Session', {
|
||||
user,
|
||||
installationId,
|
||||
sessionToken: { '$ne': sessionToken },
|
||||
});
|
||||
}
|
||||
|
||||
// Handles any followup logic
|
||||
RestWrite.prototype.handleFollowup = function() {
|
||||
if (this.storage && this.storage['clearSessions'] && this.config.revokeSessionOnPasswordReset) {
|
||||
|
||||
Reference in New Issue
Block a user