-
-
Notifications
You must be signed in to change notification settings - Fork 4.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Adds endpoint for non-revocable session token upgrade (#2646)
- Loading branch information
1 parent
c5fdd91
commit 340eb46
Showing
4 changed files
with
156 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,92 @@ | ||
const Config = require('../src/Config'); | ||
const sessionToken = 'legacySessionToken'; | ||
const rp = require('request-promise'); | ||
const Parse = require('parse/node'); | ||
|
||
function createUser() { | ||
const config = new Config(Parse.applicationId); | ||
const user = { | ||
objectId: '1234567890', | ||
username: 'hello', | ||
password: 'pass', | ||
_session_token: sessionToken | ||
} | ||
return config.database.create('_User', user); | ||
} | ||
|
||
describe('revocable sessions', () => { | ||
|
||
beforeEach((done) => { | ||
// Create 1 user with the legacy | ||
createUser().then(done); | ||
}); | ||
|
||
it('should upgrade legacy session token', done => { | ||
let user = Parse.Object.fromJSON({ | ||
className: '_User', | ||
objectId: '1234567890', | ||
sessionToken: sessionToken | ||
}); | ||
user._upgradeToRevocableSession().then((res) => { | ||
expect(res.getSessionToken().indexOf('r:')).toBe(0); | ||
const config = new Config(Parse.applicationId); | ||
// use direct access to the DB to make sure we're not | ||
// getting the session token stripped | ||
return config.database.loadSchema().then(schemaController => { | ||
return schemaController.getOneSchema('_User', true) | ||
}).then((schema) => { | ||
return config.database.adapter.find('_User', schema, {objectId: '1234567890'}, {}) | ||
}).then((results) => { | ||
expect(results.length).toBe(1); | ||
expect(results[0].sessionToken).toBeUndefined(); | ||
}); | ||
}).then(() => { | ||
done(); | ||
}, (err) => { | ||
jfail(err); | ||
done(); | ||
}); | ||
}); | ||
|
||
it('should be able to become with revocable session token', done => { | ||
let user = Parse.Object.fromJSON({ | ||
className: '_User', | ||
objectId: '1234567890', | ||
sessionToken: sessionToken | ||
}); | ||
user._upgradeToRevocableSession().then((res) => { | ||
expect(res.getSessionToken().indexOf('r:')).toBe(0); | ||
return Parse.User.logOut().then(() => { | ||
return Parse.User.become(res.getSessionToken()) | ||
}).then((user) => { | ||
expect(user.id).toEqual('1234567890'); | ||
}); | ||
}).then(() => { | ||
done(); | ||
}, (err) => { | ||
jfail(err); | ||
done(); | ||
}); | ||
}); | ||
|
||
it('should not upgrade bad legacy session token', done => { | ||
rp.post({ | ||
url: Parse.serverURL+'/upgradeToRevocableSession', | ||
headers: { | ||
'X-Parse-Application-Id': Parse.applicationId, | ||
'X-Parse-Rest-API-Key': 'rest', | ||
'X-Parse-Session-Token': 'badSessionToken' | ||
}, | ||
json: true | ||
}).then((res) => { | ||
fail('should not be able to upgrade a bad token'); | ||
}, (response) => { | ||
expect(response.statusCode).toBe(400); | ||
expect(response.error).not.toBeUndefined(); | ||
expect(response.error.code).toBe(Parse.Error.INVALID_SESSION_TOKEN); | ||
expect(response.error.error).toEqual('invalid legacy session token'); | ||
}).then(() => { | ||
done(); | ||
}); | ||
}); | ||
}) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters