joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b9839c1e92bdadcf4ffe6b4a3c839a5f01920f76
kami-parse-server/spec/RevocableSessionsUpgrade.spec.js
Florent Vilmart 045d941aef Remove request and request-promise from dev dependencies (#5077) 
* removes from emailverificationtoken spec

* updates winston

* Updates ValidationAndPasswordsReset

* Use local request in schemas

* Removes request in rest.spec

* Removes request from PushRouter0

* removes request from public API

* removes request from index.spec

* Removes request form parse.push spec

* removes request from ParseInstallation spec

* Removes from ParseHooks

* removes request from ParseGlobalConfig.spec

* Removes request from ParseAPI.spec.js

* removes request from LogsRouter

* removes in features

* Filters undefined headers instead of crashing

* Removes request from ParseUser spec

* Removes usage of request in ParseFile.spec.js

* Removes request from AuthAdapters.js

* removes request-promise from ParseGeoPoint.spec

* Removes request-promise from ParseQuery spec

* remove request-promise from UserPII

* removes request-promise from EnableExpressErrorHandler

* Updates RevocableSessionUpgrade spec

* Update RestQuery

* Removes read preferenceOptionM

* ensure we forward auth from URL

* use request in CloudCode.spec.js

* Removes request-promise from JobSchedule.spec

* Removes rp from VerifyUserPassword.spec.js

* Removes rp from PasswordPolicy spec

* Removes rp from ParsePolygon spec

* Removes rp from fullTextSearch spec

* Removes rp from PArseQuery.Aggregate

* Ensure we properly forward errors

* Removes request and request-promise
2018-09-24 17:07:51 -04:00

145 lines
3.9 KiB
JavaScript
Raw Blame History

const Config = require('../lib/Config');
const sessionToken = 'legacySessionToken';
const request = require('../lib/request');
const Parse = require('parse/node');
function createUser() {
const config = Config.get(Parse.applicationId);
const user = {
objectId: '1234567890',
username: 'hello',
password: 'pass',
_session_token: sessionToken,
};
return config.database.create('_User', user);
}
describe_only_db('mongo')('revocable sessions', () => {
beforeEach(done => {
// Create 1 user with the legacy
createUser().then(done);
});
it('should upgrade legacy session token', done => {
const user = Parse.Object.fromJSON({
className: '_User',
objectId: '1234567890',
sessionToken: sessionToken,
});
user
._upgradeToRevocableSession()
.then(res => {
expect(res.getSessionToken().indexOf('r:')).toBe(0);
const config = Config.get(Parse.applicationId);
// use direct access to the DB to make sure we're not
// getting the session token stripped
return config.database
.loadSchema()
.then(schemaController => {
return schemaController.getOneSchema('_User', true);
})
.then(schema => {
return config.database.adapter.find(
'_User',
schema,
{ objectId: '1234567890' },
{}
);
})
.then(results => {
expect(results.length).toBe(1);
expect(results[0].sessionToken).toBeUndefined();
});
})
.then(
() => {
done();
},
err => {
jfail(err);
done();
}
);
});
it('should be able to become with revocable session token', done => {
const user = Parse.Object.fromJSON({
className: '_User',
objectId: '1234567890',
sessionToken: sessionToken,
});
user
._upgradeToRevocableSession()
.then(res => {
expect(res.getSessionToken().indexOf('r:')).toBe(0);
return Parse.User.logOut()
.then(() => {
return Parse.User.become(res.getSessionToken());
})
.then(user => {
expect(user.id).toEqual('1234567890');
});
})
.then(
() => {
done();
},
err => {
jfail(err);
done();
}
);
});
it('should not upgrade bad legacy session token', done => {
request({
method: 'POST',
url: Parse.serverURL + '/upgradeToRevocableSession',
headers: {
'X-Parse-Application-Id': Parse.applicationId,
'X-Parse-Rest-API-Key': 'rest',
'X-Parse-Session-Token': 'badSessionToken',
},
})
.then(
() => {
fail('should not be able to upgrade a bad token');
},
response => {
expect(response.status).toBe(400);
expect(response.data).not.toBeUndefined();
expect(response.data.code).toBe(Parse.Error.INVALID_SESSION_TOKEN);
expect(response.data.error).toEqual('invalid legacy session token');
}
)
.then(() => {
done();
});
});
it('should not crash without session token #2720', done => {
request({
method: 'POST',
url: Parse.serverURL + '/upgradeToRevocableSession',
headers: {
'X-Parse-Application-Id': Parse.applicationId,
'X-Parse-Rest-API-Key': 'rest',
},
})
.then(
() => {
fail('should not be able to upgrade a bad token');
},
response => {
expect(response.status).toBe(404);
expect(response.data).not.toBeUndefined();
expect(response.data.code).toBe(Parse.Error.OBJECT_NOT_FOUND);
expect(response.data.error).toEqual('invalid session');
}
)
.then(() => {
done();
});
});
});
Reference in New Issue View Git Blame Copy Permalink