Add revokeSessionOnPasswordReset option. Closes #1584 (#1597)

* Add revokeSessionOnPasswordReset option * Fix nits
2016-04-22 15:21:50 -07:00
parent 0d094767cf
commit d33dd68cc5
9 changed files with 96 additions and 17 deletions
--- a/src/Config.js
+++ b/src/Config.js
@@ -49,12 +49,20 @@ export class Config {
    this.liveQueryController = cacheInfo.liveQueryController;
    this.sessionLength = cacheInfo.sessionLength;
    this.generateSessionExpiresAt = this.generateSessionExpiresAt.bind(this);
+    this.revokeSessionOnPasswordReset = cacheInfo.revokeSessionOnPasswordReset;
  }

  static validate(options) {
-    this.validateEmailConfiguration({verifyUserEmails: options.verifyUserEmails, 
-                                appName: options.appName, 
-                                publicServerURL: options.publicServerURL})
+    this.validateEmailConfiguration({
+      verifyUserEmails: options.verifyUserEmails,
+      appName: options.appName,
+      publicServerURL: options.publicServerURL
+    })
+
+    if (typeof options.revokeSessionOnPasswordReset !== 'boolean') {
+      throw 'revokeSessionOnPasswordReset must be a boolean value';
+    }
+
    if (options.publicServerURL) {
      if (!options.publicServerURL.startsWith("http://") && !options.publicServerURL.startsWith("https://")) {
        throw "publicServerURL should be a valid HTTPS URL starting with https://"
--- a/src/ParseServer.js
+++ b/src/ParseServer.js
@@ -9,7 +9,7 @@ var batch = require('./batch'),
    Parse = require('parse/node').Parse,
    path = require('path'),
    authDataManager = require('./authDataManager');
-    
+
 if (!global._babelPolyfill) {
  require('babel-polyfill');
 }
@@ -115,6 +115,7 @@ class ParseServer {
    liveQuery = {},
    sessionLength = 31536000, // 1 Year in seconds
    verbose = false,
+    revokeSessionOnPasswordReset = true,
  }) {
    // Initialize the node client SDK automatically
    Parse.initialize(appId, javascriptKey || 'unused', masterKey);
@@ -186,7 +187,8 @@ class ParseServer {
      customPages: customPages,
      maxUploadSize: maxUploadSize,
      liveQueryController: liveQueryController,
-      sessionLength : Number(sessionLength),
+      sessionLength: Number(sessionLength),
+      revokeSessionOnPasswordReset
    });

    // To maintain compatibility. TODO: Remove in some version that breaks backwards compatability
--- a/src/RestWrite.js
+++ b/src/RestWrite.js
@@ -420,8 +420,7 @@ RestWrite.prototype.createSessionTokenIfNeeded = function() {

 // Handles any followup logic
 RestWrite.prototype.handleFollowup = function() {
-
-  if (this.storage && this.storage['clearSessions']) {
+  if (this.storage && this.storage['clearSessions'] && this.config.revokeSessionOnPasswordReset) {
    var sessionQuery = {
      user: {
          __type: 'Pointer',
--- a/src/cli/cli-definitions.js
+++ b/src/cli/cli-definitions.js
@@ -174,5 +174,10 @@ export default {
  "verbose": {
    env: "VERBOSE",
    help: "Set the logging to verbose"
+  },
+  "revokeSessionOnPasswordReset": {
+    env: "PARSE_SERVER_REVOKE_SESSION_ON_PASSWORD_RESET",
+    help: "When a user changes their password, either through the reset password email or while logged in, all sessions are revoked if this is true. Set to false if you don't want to revoke sessions.",
+    action: booleanParser
  }
 };
--- a/src/rest.js
+++ b/src/rest.js
@@ -9,7 +9,7 @@

 var Parse = require('parse/node').Parse;
 import cache from './cache';
-import Auth from './Auth';
+import Auth  from './Auth';

 var RestQuery = require('./RestQuery');
 var RestWrite = require('./RestWrite');
@@ -96,7 +96,6 @@ function create(config, auth, className, restObject) {
 // Usually, this is just updatedAt.
 function update(config, auth, className, objectId, restObject) {
  enforceRoleSecurity('update', className, auth);
-
  return Promise.resolve().then(() => {
    if (triggers.getTrigger(className, triggers.Types.beforeSave, config.applicationId) ||
        triggers.getTrigger(className, triggers.Types.afterSave, config.applicationId) ||