Ignore _RevoableSession "header" that is sent by JS SDK. Fixes #1548. (#1627)

2016-04-25 12:52:21 -07:00
parent 234d0093ff
commit 957b5927b1
4 changed files with 44 additions and 16 deletions
--- a/spec/ParseAPI.spec.js
+++ b/spec/ParseAPI.spec.js
@@ -1299,7 +1299,7 @@ describe('miscellaneous', function() {
      });
    })
  });
-  
+
  it('properly returns incremented values (#1554)', (done) => {
      let headers = {
        'Content-Type': 'application/json',
@@ -1312,12 +1312,12 @@ describe('miscellaneous', function() {
        json: true
      };
     let object = new Parse.Object('AnObject');;
-     
+
     function runIncrement(amount) {
       let options = Object.assign({}, requestOptions, {
         body: {
           "key": {
-            __op: 'Increment', 
+            __op: 'Increment',
            amount: amount
           }
          },
@@ -1333,7 +1333,7 @@ describe('miscellaneous', function() {
         });
       })
     }
-     
+
     object.save().then(() => {
       return runIncrement(1);
     }).then((res) => {
@@ -1345,4 +1345,30 @@ describe('miscellaneous', function() {
     })
  })

+  it('ignores _RevocableSession "header" send by JS SDK', (done) => {
+    let object = new Parse.Object('AnObject');
+    object.set('a', 'b');
+    object.save().then(() => {
+      request.post({
+        headers: {'Content-Type': 'application/json'},
+        url: 'http://localhost:8378/1/classes/AnObject',
+        body: {
+          _method: 'GET',
+          _ApplicationId: 'test',
+          _JavaScriptKey: 'test',
+          _ClientVersion: 'js1.8.3',
+          _InstallationId: 'iid',
+          _RevocableSession: "1",
+        },
+        json: true
+      }, (err, res, body) => {
+        expect(body.error).toBeUndefined();
+        expect(body.results).not.toBeUndefined();
+        expect(body.results.length).toBe(1);
+        let result = body.results[0];
+        expect(result.a).toBe('b');
+        done();
+      })
+    });
+  });
 });
--- a/spec/RestQuery.spec.js
+++ b/spec/RestQuery.spec.js
@@ -167,7 +167,6 @@ describe('rest query', () => {
        expect(error).toBe(null);
        var b = JSON.parse(body);
        expect(b.code).toEqual(Parse.Error.INVALID_QUERY);
-        expect(b.error).toEqual('Improper encode of parameter');
        done();
      });
    }).then(() => {
@@ -185,7 +184,6 @@ describe('rest query', () => {
        expect(error).toBe(null);
        var b = JSON.parse(body);
        expect(b.code).toEqual(Parse.Error.INVALID_QUERY);
-        expect(b.error).toEqual('Improper encode of parameter');
        done();
      });
    });
--- a/src/Routers/ClassesRouter.js
+++ b/src/Routers/ClassesRouter.js
@@ -1,13 +1,13 @@

 import PromiseRouter from '../PromiseRouter';
-import rest from '../rest';
+import rest          from '../rest';

-import url from 'url';
+import url           from 'url';

 const ALLOWED_GET_QUERY_KEYS = ['keys', 'include'];

 export class ClassesRouter extends PromiseRouter {
-  
+
  handleFind(req) {
    let body = Object.assign(req.body, ClassesRouter.JSONFromQuery(req.query));
    let options = {};
@@ -16,7 +16,7 @@ export class ClassesRouter extends PromiseRouter {

    for (let key of Object.keys(body)) {
      if (allowConstraints.indexOf(key) === -1) {
-        throw new Parse.Error(Parse.Error.INVALID_QUERY, 'Improper encode of parameter');
+        throw new Parse.Error(Parse.Error.INVALID_QUERY, `Invalid paramater for query: ${key}`);
      }
    }

@@ -82,18 +82,18 @@ export class ClassesRouter extends PromiseRouter {
        if (!response.results || response.results.length == 0) {
          throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Object not found.');
        }
-        
+
        if (req.params.className === "_User") {
-          
+
          delete response.results[0].sessionToken;
-          
+
          const user =  response.results[0];
-         
+
          if (req.auth.user && user.objectId == req.auth.user.id) {
            // Force the session token
            response.results[0].sessionToken = req.info.sessionToken;
          }
-        }        
+        }
        return { response: response.results[0] };
      });
  }
@@ -124,7 +124,7 @@ export class ClassesRouter extends PromiseRouter {
    }
    return json
  }
-  
+
  mountRoutes() {
    this.route('GET', '/classes/:className', (req) => { return this.handleFind(req); });
    this.route('GET', '/classes/:className/:objectId', (req) => { return this.handleGet(req); });
--- a/src/middlewares.js
+++ b/src/middlewares.js
@@ -45,6 +45,10 @@ function handleParseHeaders(req, res, next) {
      fileViaJSON = true;
    }

+    if (req.body) {
+      delete req.body._RevocableSession;
+    }
+
    if (req.body &&
      req.body._ApplicationId &&
      cache.apps.get(req.body._ApplicationId) &&