Ignore _RevoableSession "header" that is sent by JS SDK. Fixes #1548. (#1627)

2016-04-25 12:52:21 -07:00
parent 234d0093ff
commit 957b5927b1
4 changed files with 44 additions and 16 deletions
--- a/src/Routers/ClassesRouter.js
+++ b/src/Routers/ClassesRouter.js
@@ -1,13 +1,13 @@

 import PromiseRouter from '../PromiseRouter';
-import rest from '../rest';
+import rest          from '../rest';

-import url from 'url';
+import url           from 'url';

 const ALLOWED_GET_QUERY_KEYS = ['keys', 'include'];

 export class ClassesRouter extends PromiseRouter {
-  
+
  handleFind(req) {
    let body = Object.assign(req.body, ClassesRouter.JSONFromQuery(req.query));
    let options = {};
@@ -16,7 +16,7 @@ export class ClassesRouter extends PromiseRouter {

    for (let key of Object.keys(body)) {
      if (allowConstraints.indexOf(key) === -1) {
-        throw new Parse.Error(Parse.Error.INVALID_QUERY, 'Improper encode of parameter');
+        throw new Parse.Error(Parse.Error.INVALID_QUERY, `Invalid paramater for query: ${key}`);
      }
    }

@@ -82,18 +82,18 @@ export class ClassesRouter extends PromiseRouter {
        if (!response.results || response.results.length == 0) {
          throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Object not found.');
        }
-        
+
        if (req.params.className === "_User") {
-          
+
          delete response.results[0].sessionToken;
-          
+
          const user =  response.results[0];
-         
+
          if (req.auth.user && user.objectId == req.auth.user.id) {
            // Force the session token
            response.results[0].sessionToken = req.info.sessionToken;
          }
-        }        
+        }
        return { response: response.results[0] };
      });
  }
@@ -124,7 +124,7 @@ export class ClassesRouter extends PromiseRouter {
    }
    return json
  }
-  
+
  mountRoutes() {
    this.route('GET', '/classes/:className', (req) => { return this.handleFind(req); });
    this.route('GET', '/classes/:className/:objectId', (req) => { return this.handleGet(req); });
--- a/src/middlewares.js
+++ b/src/middlewares.js
@@ -45,6 +45,10 @@ function handleParseHeaders(req, res, next) {
      fileViaJSON = true;
    }

+    if (req.body) {
+      delete req.body._RevocableSession;
+    }
+
    if (req.body &&
      req.body._ApplicationId &&
      cache.apps.get(req.body._ApplicationId) &&