Fixes issue #4150: Session management (#4152)

* Adds tests * Provide fix * Fix post sessions (#4167) * add tests * provide fix * remove console.log
2017-09-18 14:53:11 -04:00
parent ba0a51ddc9
commit a39d045c7d
2 changed files with 106 additions and 2 deletions
--- a/spec/rest.spec.js
+++ b/spec/rest.spec.js
@@ -5,6 +5,7 @@ var Config = require('../src/Config');
 var Parse = require('parse/node').Parse;
 var rest = require('../src/rest');
 var request = require('request');
+var rp = require('request-promise');

 let config;
 let database;
@@ -498,6 +499,99 @@ describe('rest create', () => {
        expect(error.code).toEqual(119);
        done();
      })
+  });
+
+  it ('locks down session', (done) => {
+    let currentUser;
+    Parse.User.signUp('foo', 'bar').then((user) => {
+      currentUser = user;
+      const sessionToken = user.getSessionToken();
+      var headers = {
+        'Content-Type': 'application/octet-stream',
+        'X-Parse-Application-Id': 'test',
+        'X-Parse-REST-API-Key': 'rest',
+        'X-Parse-Session-Token': sessionToken,
+      };
+      let sessionId;
+      return rp.get({
+        headers: headers,
+        url: 'http://localhost:8378/1/sessions/me',
+        json: true,
+      }).then(body => {
+        sessionId = body.objectId;
+        return rp.put({
+          headers,
+          url: 'http://localhost:8378/1/sessions/' + sessionId,
+          json: {
+            installationId: 'yolo'
+          }
+        })
+      }).then(done.fail, (res) => {
+        expect(res.statusCode).toBe(400);
+        expect(res.error.code).toBe(105);
+        return rp.put({
+          headers,
+          url: 'http://localhost:8378/1/sessions/' + sessionId,
+          json: {
+            sessionToken: 'yolo'
+          }
+        })
+      }).then(done.fail, (res) => {
+        expect(res.statusCode).toBe(400);
+        expect(res.error.code).toBe(105);
+        return Parse.User.signUp('other', 'user');
+      }).then((otherUser) => {
+        const user = new Parse.User();
+        user.id = otherUser.id;
+        return rp.put({
+          headers,
+          url: 'http://localhost:8378/1/sessions/' + sessionId,
+          json: {
+            user: Parse._encode(user)
+          }
+        })
+      }).then(done.fail, (res) => {
+        expect(res.statusCode).toBe(400);
+        expect(res.error.code).toBe(105);
+        const user = new Parse.User();
+        user.id = currentUser.id;
+        return rp.put({
+          headers,
+          url: 'http://localhost:8378/1/sessions/' + sessionId,
+          json: {
+            user: Parse._encode(user)
+          }
+        })
+      }).then(done).catch(done.fail);
+    }).catch(done.fail);
+  });
+
+  it ('sets current user in new sessions', (done) => {
+    let currentUser;
+    Parse.User.signUp('foo', 'bar')
+      .then((user) => {
+        currentUser = user;
+        const sessionToken = user.getSessionToken();
+        const headers = {
+          'X-Parse-Application-Id': 'test',
+          'X-Parse-REST-API-Key': 'rest',
+          'X-Parse-Session-Token': sessionToken,
+        };
+        return rp.post({
+          headers,
+          url: 'http://localhost:8378/1/sessions',
+          json: true,
+          body: { 'user': { '__type': 'Pointer', 'className':'_User', 'objectId': 'fakeId' } },
+        })
+      })
+      .then((body) => {
+        if (body.user.objectId === currentUser.id) {
+          return done();
+        } else {
+          return done.fail();
+        }
+      })
+      .catch(done.fail);
  })
 });