joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add revokeSessionOnPasswordReset option. Closes #1584 (#1597)

Browse Source 
* Add revokeSessionOnPasswordReset option

* Fix nits
This commit is contained in:
Drew
2016-04-22 15:21:50 -07:00
committed by Florent Vilmart
parent 0d094767cf
commit d33dd68cc5
9 changed files with 96 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
spec/ParseUser.spec.js
View File

@@ -2115,9 +2115,7 @@ describe('Parse.User testing', () => {
});
});
// Sometimes the authData still has null on that keys
// https://github.com/ParsePlatform/parse-server/issues/935
it('should cleanup null authData keys', (done) => {
it('should cleanup null authData keys (regression test for #935)', (done) => {
let database = new Config(Parse.applicationId).database;
database.create('_User', {
username: 'user',
@@ -2151,8 +2149,7 @@ describe('Parse.User testing', () => {
})
});
// https://github.com/ParsePlatform/parse-server/issues/1198
it('should cleanup null authData keys ParseUser update', (done) => {
it('should cleanup null authData keys ParseUser update (regression test for #1198)', (done) => {
Parse.Cloud.beforeSave('_User', (req, res) => {
req.object.set('foo', 'bar');
res.success();
@@ -2347,4 +2344,67 @@ describe('Parse.User testing', () => {
done();
});
});
it('should revoke sessions when converting anonymous user to "normal" user', done => {
request.post({
url: 'http://localhost:8378/1/classes/_User',
headers: {
'X-Parse-Application-Id': Parse.applicationId,
'X-Parse-REST-API-Key': 'rest',
},
json: {authData: {anonymous: {id: '00000000-0000-0000-0000-000000000001'}}}
}, (err, res, body) => {
Parse.User.become(body.sessionToken)
.then(user => {
let obj = new Parse.Object('TestObject');
obj.setACL(new Parse.ACL(user));
return obj.save()
.then(() => {
// Change password, revoking session
user.set('username', 'no longer anonymous');
user.set('password', 'password');
return user.save()
})
.then(() => obj.fetch())
.catch(error => {
expect(error.code).toEqual(Parse.Error.OBJECT_NOT_FOUND);
done();
});
})
});
});
it('should not revoke session tokens if the server is configures to not revoke session tokens', done => {
setServerConfiguration({
serverURL: 'http://localhost:8378/1',
appId: 'test',
masterKey: 'test',
cloud: './spec/cloud/main.js',
revokeSessionOnPasswordReset: false,
})
request.post({
url: 'http://localhost:8378/1/classes/_User',
headers: {
'X-Parse-Application-Id': Parse.applicationId,
'X-Parse-REST-API-Key': 'rest',
},
json: {authData: {anonymous: {id: '00000000-0000-0000-0000-000000000001'}}}
}, (err, res, body) => {
Parse.User.become(body.sessionToken)
.then(user => {
let obj = new Parse.Object('TestObject');
obj.setACL(new Parse.ACL(user));
return obj.save()
.then(() => {
// Change password, revoking session
user.set('username', 'no longer anonymous');
user.set('password', 'password');
return user.save()
})
.then(() => obj.fetch())
// fetch should succeed as we still have our session token
.then(done, fail);
})
});
})
});