joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixes issue #4150: Session management (#4152)

Browse Source 
* Adds tests

* Provide fix

* Fix post sessions (#4167)

* add tests

* provide fix

* remove console.log
This commit is contained in:
Florent Vilmart
2017-09-18 14:53:11 -04:00
committed by GitHub
parent ba0a51ddc9
commit a39d045c7d
2 changed files with 106 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/RestWrite.js
View File

@@ -627,7 +627,7 @@ RestWrite.prototype.handleFollowup = function() {
};
// Handles the _Session class specialness.
// Does nothing if this isn't an installation object.
// Does nothing if this isn't an _Session object.
RestWrite.prototype.handleSession = function() {
if (this.response || this.className !== '_Session') {
return;
@@ -644,6 +644,16 @@ RestWrite.prototype.handleSession = function() {
'ACL on a Session.');
}
if (this.query) {
if (this.data.user && !this.auth.isMaster && this.data.user.objectId != this.auth.user.id) {
throw new Parse.Error(Parse.Error.INVALID_KEY_NAME);
} else if (this.data.installationId) {
throw new Parse.Error(Parse.Error.INVALID_KEY_NAME);
} else if (this.data.sessionToken) {
throw new Parse.Error(Parse.Error.INVALID_KEY_NAME);
}
}
if (!this.query && !this.auth.isMaster) {
var token = 'r:' + cryptoUtils.newToken();
var expiresAt = this.config.generateSessionExpiresAt();
@@ -661,7 +671,7 @@ RestWrite.prototype.handleSession = function() {
expiresAt: Parse._encode(expiresAt)
};
for (var key in this.data) {
if (key == 'objectId') {
if (key === 'objectId' || key === 'user') {
continue;
}
sessionData[key] = this.data[key];