Merge pull request #254 from ParsePlatform/fosco.logout

Removed extra /logout handler
2016-02-10 16:52:30 -08:00
parent 793085ac38 dee640c7d0
commit 8d89838afb
4 changed files with 31 additions and 30 deletions
--- a/spec/ParseUser.spec.js
+++ b/spec/ParseUser.spec.js
@@ -1592,5 +1592,27 @@ describe('Parse.User testing', () => {
    });
  });

+  it('ensure logout works', (done) => {
+    var user = null;
+    var sessionToken = null;
+
+    Parse.Promise.as().then(function() {
+      return Parse.User.signUp('log', 'out');
+    }).then((newUser) => {
+      user = newUser;
+      sessionToken = user.getSessionToken();
+      return Parse.User.logOut();
+    }).then(() => {
+      user.set('foo', 'bar');
+      return user.save(null, { sessionToken: sessionToken });
+    }).then(() => {
+      fail('Save should have failed.');
+      done();
+    }, (e) => {
+      expect(e.code).toEqual(Parse.Error.SESSION_MISSING);
+      done();
+    });
+  })
+
 });

--- a/src/RestWrite.js
+++ b/src/RestWrite.js
@@ -637,7 +637,7 @@ RestWrite.prototype.runDatabaseOperation = function() {
      this.query &&
      !this.auth.couldUpdateUserId(this.query.objectId)) {
    throw new Parse.Error(Parse.Error.SESSION_MISSING,
-                          'cannot modify user ' + this.objectId);
+                          'cannot modify user ' + this.query.objectId);
  }

  // TODO: Add better detection for ACL, ensuring a user can't be locked from
--- a/src/sessions.js
+++ b/src/sessions.js
@@ -41,29 +41,6 @@ function handleGet(req) {
  });
 }

-function handleLogout(req) {
-  // TODO: Verify correct behavior for logout without token
-  if (!req.info || !req.info.sessionToken) {
-    throw new Parse.Error(Parse.Error.SESSION_MISSING,
-                          'Session token required for logout.');
-  }
-  return rest.find(req.config, Auth.master(req.config), '_Session',
-                  { _session_token: req.info.sessionToken})
-  .then((response) => {
-    if (!response.results || response.results.length == 0) {
-      throw new Parse.Error(Parse.Error.INVALID_SESSION_TOKEN,
-                            'Session token not found.');
-    }
-    return rest.del(req.config, Auth.master(req.config), '_Session',
-                    response.results[0].objectId);
-  }).then(() => {
-    return {
-      status: 200,
-      response: {}
-    };
-  });
-}
-
 function handleFind(req) {
  var options = {};
  if (req.body.skip) {
@@ -111,7 +88,6 @@ function handleMe(req) {
  });
 }

-router.route('POST', '/logout', handleLogout);
 router.route('POST','/sessions', handleCreate);
 router.route('GET','/sessions/me', handleMe);
 router.route('GET','/sessions/:objectId', handleGet);
@@ -119,4 +95,4 @@ router.route('PUT','/sessions/:objectId', handleUpdate);
 router.route('GET','/sessions', handleFind);
 router.route('DELETE','/sessions/:objectId', handleDelete);

-module.exports = router;
+module.exports = router;
--- a/src/users.js
+++ b/src/users.js
@@ -169,14 +169,17 @@ function handleDelete(req) {
 function handleLogOut(req) {
  var success = {response: {}};
  if (req.info && req.info.sessionToken) {
-    rest.find(req.config, Auth.master(req.config), '_Session',
+    return rest.find(req.config, Auth.master(req.config), '_Session',
      {_session_token: req.info.sessionToken}
    ).then((records) => {
      if (records.results && records.results.length) {
-        rest.del(req.config, Auth.master(req.config), '_Session',
-          records.results[0].id
-        );
+        return rest.del(req.config, Auth.master(req.config), '_Session',
+          records.results[0].objectId
+        ).then(() => {
+          return Promise.resolve(success);
+        });
      }
+      return Promise.resolve(success);
    });
  }
  return Promise.resolve(success);