joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Clears session on password change

Browse Source 
- Fixes error type when passing an invalid session token
This commit is contained in:
Florent Vilmart
2016-02-15 10:12:53 -05:00
parent cf7202f80a
commit ea07eb506d
3 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
spec/ParseUser.spec.js
View File

@@ -1606,7 +1606,9 @@ describe('Parse.User testing', () => {
}).then(function(newUser) { }).then(function(newUser) {
fail('Session should have been invalidated'); fail('Session should have been invalidated');
done(); done();
}, function() { }, function(err) {
expect(err.code).toBe(209);
expect(err.message).toBe('invalid session token');
done(); done();
}); });
}); });

2
src/RestWrite.js
View File

@@ -306,7 +306,7 @@ RestWrite.prototype.transformUser = function() {
if (!this.data.password) { if (!this.data.password) {
return; return;
} }
if (this.query) { if (this.query && !this.auth.isMaster ) {
this.storage['clearSessions'] = true; this.storage['clearSessions'] = true;
} }
return passwordCrypto.hash(this.data.password).then((hashedPassword) => { return passwordCrypto.hash(this.data.password).then((hashedPassword) => {

8
src/Routers/UsersRouter.js
View File

@@ -41,8 +41,7 @@ export class UsersRouter extends ClassesRouter {
handleMe(req) { handleMe(req) {
if (!req.info || !req.info.sessionToken) { if (!req.info || !req.info.sessionToken) {
throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, throw new Parse.Error(Parse.Error.INVALID_SESSION_TOKEN, 'invalid session token');
'Object not found.');
} }
return rest.find(req.config, Auth.master(req.config), '_Session', return rest.find(req.config, Auth.master(req.config), '_Session',
{ _session_token: req.info.sessionToken }, { _session_token: req.info.sessionToken },
@@ -51,8 +50,7 @@ export class UsersRouter extends ClassesRouter {
if (!response.results || if (!response.results ||
response.results.length == 0 || response.results.length == 0 ||
!response.results[0].user) { !response.results[0].user) {
throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, throw new Parse.Error(Parse.Error.INVALID_SESSION_TOKEN, 'invalid session token');
'Object not found.');
} else { } else {
let user = response.results[0].user; let user = response.results[0].user;
return { response: user }; return { response: user };
@@ -145,10 +143,10 @@ export class UsersRouter extends ClassesRouter {
let router = new PromiseRouter(); let router = new PromiseRouter();
router.route('GET', '/users', req => { return this.handleFind(req); }); router.route('GET', '/users', req => { return this.handleFind(req); });
router.route('POST', '/users', req => { return this.handleCreate(req); }); router.route('POST', '/users', req => { return this.handleCreate(req); });
router.route('GET', '/users/me', req => { return this.handleMe(req); });
router.route('GET', '/users/:objectId', req => { return this.handleGet(req); }); router.route('GET', '/users/:objectId', req => { return this.handleGet(req); });
router.route('PUT', '/users/:objectId', req => { return this.handleUpdate(req); }); router.route('PUT', '/users/:objectId', req => { return this.handleUpdate(req); });
router.route('DELETE', '/users/:objectId', req => { return this.handleDelete(req); }); router.route('DELETE', '/users/:objectId', req => { return this.handleDelete(req); });
router.route('GET', '/users/me', req => { return this.handleMe(req); });
router.route('GET', '/login', req => { return this.handleLogIn(req); }); router.route('GET', '/login', req => { return this.handleLogIn(req); });
router.route('POST', '/logout', req => { return this.handleLogOut(req); }); router.route('POST', '/logout', req => { return this.handleLogOut(req); });
router.route('POST', '/requestPasswordReset', () => { router.route('POST', '/requestPasswordReset', () => {