Merge pull request #1110 from ParsePlatform/flovilmart.missingSessionInstallationId

Properly sets installationId on creating session with 3rd party auth

spec/OAuth.spec.js

@@ -204,13 +204,11 @@ describe('OAuth', function() {
         myoauth: getMockMyOauthProvider().authData
       }
     };
-    var headers = {'X-Parse-Application-Id': 'test',
-          'X-Parse-REST-API-Key': 'rest',
-          'Content-Type': 'application/json' }
 
     var options = {
         headers: {'X-Parse-Application-Id': 'test',
           'X-Parse-REST-API-Key': 'rest',
+          'X-Parse-Installation-Id': 'yolo',
           'Content-Type': 'application/json' },
         url: 'http://localhost:8378/1/users',
         body: JSON.stringify(jsonBody)
@@ -224,9 +222,19 @@ describe('OAuth', function() {
     createOAuthUser((error, response, body) => {
         expect(error).toBe(null);
         var b = JSON.parse(body);
+        ok(b.sessionToken);
         expect(b.objectId).not.toBeNull();
         expect(b.objectId).not.toBeUndefined();
-        done();
+        var sessionToken = b.sessionToken;
+        var q = new Parse.Query("_Session");
+        q.equalTo('sessionToken', sessionToken);
+        q.first({useMasterKey: true}).then((res) => {
+          expect(res.get("installationId")).toEqual('yolo');
+          done();
+        }).fail((err) => {
+          fail('should not fail fetching the session');
+          done();
+        })
       });
 
   });

spec/ParseUser.spec.js

@@ -1768,9 +1768,37 @@ describe('Parse.User testing', () => {
     });
   });
 
-  it('user get session from token', (done) => {
+  it('user get session from token on signup', (done) => {
     Parse.Promise.as().then(() => {
       return Parse.User.signUp("finn", "human", { foo: "bar" });
+    }).then((user) => {
+      request.get({
+        headers: {
+          'X-Parse-Application-Id': 'test',
+          'X-Parse-Session-Token': user.getSessionToken(),
+          'X-Parse-REST-API-Key': 'rest'
+        },
+        url: 'http://localhost:8378/1/sessions/me',
+      }, (error, response, body) => {
+        expect(error).toBe(null);
+        var b = JSON.parse(body);
+        expect(typeof b.sessionToken).toEqual('string');
+        expect(typeof b.createdWith).toEqual('object');
+        expect(b.createdWith.action).toEqual('signup');
+        expect(typeof b.user).toEqual('object');
+        expect(b.user.objectId).toEqual(user.id);
+        done();
+      });
+    });
+  });
+
+  it('user get session from token on login', (done) => {
+    Parse.Promise.as().then(() => {
+      return Parse.User.signUp("finn", "human", { foo: "bar" });
+    }).then((user) => {
+      return Parse.User.logOut().then(() => {
+        return Parse.User.logIn("finn", "human");
+      })
     }).then((user) => {
       request.get({
         headers: {

src/RestWrite.js

@@ -327,11 +327,11 @@ RestWrite.prototype.transformUser = function() {
           objectId: this.objectId()
         },
         createdWith: {
-          'action': 'login',
+          'action': 'signup',
           'authProvider': this.storage['authProvider'] || 'password'
         },
         restricted: false,
-        installationId: this.data.installationId,
+        installationId: this.auth.installationId,
         expiresAt: Parse._encode(expiresAt)
       };
       if (this.response && this.response.response) {

src/Routers/UsersRouter.js

@@ -27,17 +27,7 @@ export class UsersRouter extends ClassesRouter {
     req.body = data;
     req.params.className = '_User';
 
-    //req.config.userController.setEmailVerifyToken(req.body);
-
     return super.handleCreate(req);
-  
-  // if (req.config.verifyUserEmails) {
-  //     // Send email as fire-and-forget once the user makes it into the DB.
-  //     p.then(() => {
-  //       req.config.userController.sendVerificationEmail(req.body);
-  //     });
-  //   }
-  //   return p;
   }
 
   handleUpdate(req) {
@@ -102,9 +92,9 @@ export class UsersRouter extends ClassesRouter {
         let token = 'r:' + cryptoUtils.newToken();
         user.sessionToken = token;
         delete user.password;
-        
+
         // Sometimes the authData still has null on that keys
-        // https://github.com/ParsePlatform/parse-server/issues/935 
+        // https://github.com/ParsePlatform/parse-server/issues/935
         if (user.authData) {
           Object.keys(user.authData).forEach((provider) => {
             if (user.authData[provider] === null) {
@@ -115,7 +105,7 @@ export class UsersRouter extends ClassesRouter {
             delete user.authData;
           }
         }
-        
+
         req.config.filesController.expandFilesInObject(req.config, user);
 
         let expiresAt = new Date();
@@ -165,14 +155,14 @@ export class UsersRouter extends ClassesRouter {
     }
     return Promise.resolve(success);
   }
-  
+
   handleResetRequest(req) {
      let { email } = req.body;
      if (!email) {
        throw new Parse.Error(Parse.Error.EMAIL_MISSING, "you must provide an email");
      }
      let userController = req.config.userController;
-     
+
      return userController.sendPasswordResetEmail(email).then((token) => {
         return Promise.resolve({
           response: {}
@@ -181,7 +171,7 @@ export class UsersRouter extends ClassesRouter {
        throw new Parse.Error(Parse.Error.EMAIL_NOT_FOUND, `no user found with email ${email}`);
      });
   }
-  
+
 
   mountRoutes() {
     this.route('GET', '/users', req => { return this.handleFind(req); });

src/middlewares.js

@@ -97,7 +97,7 @@ function handleParseHeaders(req, res, next) {
   // Client keys are not required in parse-server, but if any have been configured in the server, validate them
   //  to preserve original behavior.
   let keys = ["clientKey", "javascriptKey", "dotNetKey", "restAPIKey"];
-  
+
   // We do it with mismatching keys to support no-keys config
   var keyMismatch = keys.reduce(function(mismatch, key){
 
@@ -107,7 +107,7 @@ function handleParseHeaders(req, res, next) {
     }
     return mismatch;
   }, 0);
-  
+
   // All keys mismatch
   if (keyMismatch == keys.length) {
     return invalidRequest(req, res);