joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Makes sure we don't strip authData or session token from users using masterKey (#2348)

Browse Source 
* Makes sure we don't strip auth data or session token from users queried with masterKey (#2342))

* nit: test title
This commit is contained in:
Florent Vilmart
2016-07-23 20:14:53 +02:00
committed by Tyler Brock
parent 88d913f3a2
commit c9fc80984a
2 changed files with 31 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
spec/ParseUser.spec.js
View File

@@ -1029,6 +1029,36 @@ describe('Parse.User testing', () => {
});
});
it_exclude_dbs(['postgres'])("user authData should be available in cloudcode (#2342)", (done) => {
Parse.Cloud.define('checkLogin', (req, res) => {
expect(req.user).not.toBeUndefined();
expect(Parse.FacebookUtils.isLinked(req.user)).toBe(true);
res.success();
});
var provider = getMockFacebookProvider();
Parse.User._registerAuthenticationProvider(provider);
Parse.User._logInWith("facebook", {
success: function(model) {
ok(model instanceof Parse.User, "Model should be a Parse.User");
strictEqual(Parse.User.current(), model);
ok(model.extended(), "Should have used subclass.");
strictEqual(provider.authData.id, provider.synchronizedUserId);
strictEqual(provider.authData.access_token, provider.synchronizedAuthToken);
strictEqual(provider.authData.expiration_date, provider.synchronizedExpiration);
ok(model._isLinked("facebook"), "User should be linked to facebook");
Parse.Cloud.run('checkLogin').then(done, done);
},
error: function(model, error) {
console.error(model, error);
ok(false, "linking should have worked");
done();
}
});
});
it_exclude_dbs(['postgres'])("log in with provider and update token", (done) => {
var provider = getMockFacebookProvider();
var secondProvider = getMockFacebookProviderWithIdToken('8675309', 'jenny_valid_token');

2
src/RestQuery.js
View File

@@ -504,7 +504,7 @@ function includePath(config, auth, response, path) {
obj.__type = 'Object';
obj.className = includeResponse.className;
if (obj.className == "_User") {
if (obj.className == "_User" && !auth.isMaster) {
delete obj.sessionToken;
delete obj.authData;
}