From 957b5927b15f75e6b703d079af3ae6bc3b4adb04 Mon Sep 17 00:00:00 2001
From: Drew <drew.a.gross@gmail.com>
Date: Mon, 25 Apr 2016 12:52:21 -0700
Subject: [PATCH] Ignore _RevoableSession "header" that is sent by JS SDK.
 Fixes #1548. (#1627)

---
 spec/ParseAPI.spec.js        | 34 ++++++++++++++++++++++++++++++----
 spec/RestQuery.spec.js       |  2 --
 src/Routers/ClassesRouter.js | 20 ++++++++++----------
 src/middlewares.js           |  4 ++++
 4 files changed, 44 insertions(+), 16 deletions(-)

diff --git a/spec/ParseAPI.spec.js b/spec/ParseAPI.spec.js
index cd436f34..a1bb412f 100644
--- a/spec/ParseAPI.spec.js
+++ b/spec/ParseAPI.spec.js
@@ -1299,7 +1299,7 @@ describe('miscellaneous', function() {
       });
     })
   });
-  
+
   it('properly returns incremented values (#1554)', (done) => {
       let headers = {
         'Content-Type': 'application/json',
@@ -1312,12 +1312,12 @@ describe('miscellaneous', function() {
         json: true
       };
      let object = new Parse.Object('AnObject');;
-     
+
      function runIncrement(amount) {
        let options = Object.assign({}, requestOptions, {
          body: {
            "key": {
-            __op: 'Increment', 
+            __op: 'Increment',
             amount: amount
            }
           },
@@ -1333,7 +1333,7 @@ describe('miscellaneous', function() {
          });
        })
      }
-     
+
      object.save().then(() => {
        return runIncrement(1);
      }).then((res) => {
@@ -1345,4 +1345,30 @@ describe('miscellaneous', function() {
      })
   })
 
+  it('ignores _RevocableSession "header" send by JS SDK', (done) => {
+    let object = new Parse.Object('AnObject');
+    object.set('a', 'b');
+    object.save().then(() => {
+      request.post({
+        headers: {'Content-Type': 'application/json'},
+        url: 'http://localhost:8378/1/classes/AnObject',
+        body: {
+          _method: 'GET',
+          _ApplicationId: 'test',
+          _JavaScriptKey: 'test',
+          _ClientVersion: 'js1.8.3',
+          _InstallationId: 'iid',
+          _RevocableSession: "1",
+        },
+        json: true
+      }, (err, res, body) => {
+        expect(body.error).toBeUndefined();
+        expect(body.results).not.toBeUndefined();
+        expect(body.results.length).toBe(1);
+        let result = body.results[0];
+        expect(result.a).toBe('b');
+        done();
+      })
+    });
+  });
 });
diff --git a/spec/RestQuery.spec.js b/spec/RestQuery.spec.js
index 5635590e..3cff6339 100644
--- a/spec/RestQuery.spec.js
+++ b/spec/RestQuery.spec.js
@@ -167,7 +167,6 @@ describe('rest query', () => {
         expect(error).toBe(null);
         var b = JSON.parse(body);
         expect(b.code).toEqual(Parse.Error.INVALID_QUERY);
-        expect(b.error).toEqual('Improper encode of parameter');
         done();
       });
     }).then(() => {
@@ -185,7 +184,6 @@ describe('rest query', () => {
         expect(error).toBe(null);
         var b = JSON.parse(body);
         expect(b.code).toEqual(Parse.Error.INVALID_QUERY);
-        expect(b.error).toEqual('Improper encode of parameter');
         done();
       });
     });
diff --git a/src/Routers/ClassesRouter.js b/src/Routers/ClassesRouter.js
index 9803858c..e7bccf66 100644
--- a/src/Routers/ClassesRouter.js
+++ b/src/Routers/ClassesRouter.js
@@ -1,13 +1,13 @@
 
 import PromiseRouter from '../PromiseRouter';
-import rest from '../rest';
+import rest          from '../rest';
 
-import url from 'url';
+import url           from 'url';
 
 const ALLOWED_GET_QUERY_KEYS = ['keys', 'include'];
 
 export class ClassesRouter extends PromiseRouter {
-  
+
   handleFind(req) {
     let body = Object.assign(req.body, ClassesRouter.JSONFromQuery(req.query));
     let options = {};
@@ -16,7 +16,7 @@ export class ClassesRouter extends PromiseRouter {
 
     for (let key of Object.keys(body)) {
       if (allowConstraints.indexOf(key) === -1) {
-        throw new Parse.Error(Parse.Error.INVALID_QUERY, 'Improper encode of parameter');
+        throw new Parse.Error(Parse.Error.INVALID_QUERY, `Invalid paramater for query: ${key}`);
       }
     }
 
@@ -82,18 +82,18 @@ export class ClassesRouter extends PromiseRouter {
         if (!response.results || response.results.length == 0) {
           throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Object not found.');
         }
-        
+
         if (req.params.className === "_User") {
-          
+
           delete response.results[0].sessionToken;
-          
+
           const user =  response.results[0];
-         
+
           if (req.auth.user && user.objectId == req.auth.user.id) {
             // Force the session token
             response.results[0].sessionToken = req.info.sessionToken;
           }
-        }        
+        }
         return { response: response.results[0] };
       });
   }
@@ -124,7 +124,7 @@ export class ClassesRouter extends PromiseRouter {
     }
     return json
   }
-  
+
   mountRoutes() {
     this.route('GET', '/classes/:className', (req) => { return this.handleFind(req); });
     this.route('GET', '/classes/:className/:objectId', (req) => { return this.handleGet(req); });
diff --git a/src/middlewares.js b/src/middlewares.js
index d56840b4..10115d68 100644
--- a/src/middlewares.js
+++ b/src/middlewares.js
@@ -45,6 +45,10 @@ function handleParseHeaders(req, res, next) {
       fileViaJSON = true;
     }
 
+    if (req.body) {
+      delete req.body._RevocableSession;
+    }
+
     if (req.body &&
       req.body._ApplicationId &&
       cache.apps.get(req.body._ApplicationId) &&