Skip to content

Commit

Permalink
Makes sure we don't strip authData or session token from users using …
Browse files Browse the repository at this point in the history 
…masterKey (parse-community#2348)

* Makes sure we don't strip auth data or session token from users queried with masterKey (parse-community#2342))

* nit: test title
  • Loading branch information
@flovilmart
flovilmart authored and Rafael Santos committed Mar 15, 2017
1 parent c5ea321 commit d82085e
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 1 deletion.
30 changes: 30 additions & 0 deletions spec/ParseUser.spec.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1029,6 +1029,36 @@ describe('Parse.User testing', () => {
});
});

it_exclude_dbs(['postgres'])("user authData should be available in cloudcode (#2342)", (done) => {

Parse.Cloud.define('checkLogin', (req, res) => {
expect(req.user).not.toBeUndefined();
expect(Parse.FacebookUtils.isLinked(req.user)).toBe(true);
res.success();
});

var provider = getMockFacebookProvider();
Parse.User._registerAuthenticationProvider(provider);
Parse.User._logInWith("facebook", {
success: function(model) {
ok(model instanceof Parse.User, "Model should be a Parse.User");
strictEqual(Parse.User.current(), model);
ok(model.extended(), "Should have used subclass.");
strictEqual(provider.authData.id, provider.synchronizedUserId);
strictEqual(provider.authData.access_token, provider.synchronizedAuthToken);
strictEqual(provider.authData.expiration_date, provider.synchronizedExpiration);
ok(model._isLinked("facebook"), "User should be linked to facebook");

Parse.Cloud.run('checkLogin').then(done, done);
},
error: function(model, error) {
console.error(model, error);
ok(false, "linking should have worked");
done();
}
});
});

it_exclude_dbs(['postgres'])("log in with provider and update token", (done) => {
var provider = getMockFacebookProvider();
var secondProvider = getMockFacebookProviderWithIdToken('8675309', 'jenny_valid_token');
Expand Down
2 changes: 1 addition & 1 deletion src/RestQuery.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -504,7 +504,7 @@ function includePath(config, auth, response, path) {
obj.__type = 'Object';
obj.className = includeResponse.className;

if (obj.className == "_User") {
if (obj.className == "_User" && !auth.isMaster) {
delete obj.sessionToken;
delete obj.authData;
}
Expand Down

0 comments on commit d82085e

Please sign in to comment.