Prevent linkWith sessionToken from generating new session (#5801)

parse-community · Jul 11, 2019 · bb06376 · bb06376
1 parent 26943de
commit bb06376
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 0 deletions.
diff --git a/spec/ParseUser.spec.js b/spec/ParseUser.spec.js
@@ -1564,6 +1564,26 @@ describe('Parse.User testing', () => {
  expect(u2.getSessionToken()).toBe(model.getSessionToken());
  });
 
+ it('link with provider via sessionToken should not create new sessionToken (Regression #5799)', async () => {
+ const provider = getMockFacebookProvider();
+ Parse.User._registerAuthenticationProvider(provider);
+ const user = new Parse.User();
+ user.set('username', 'testLinkWithProviderNoOverride');
+ user.set('password', 'mypass');
+ await user.signUp();
+ const sessionToken = user.getSessionToken();
+
+ await user._linkWith('facebook', {}, { sessionToken });
+ expect(sessionToken).toBe(user.getSessionToken());
+
+ expect(user._isLinked(provider)).toBe(true);
+ await user._unlinkFrom(provider, { sessionToken });
+ expect(user._isLinked(provider)).toBe(false);
+
+ const become = await Parse.User.become(sessionToken);
+ expect(sessionToken).toBe(become.getSessionToken());
+ });
+
  it('link with provider failed', async done => {
  const provider = getMockFacebookProvider();
  provider.shouldError = true;

diff --git a/src/RestWrite.js b/src/RestWrite.js
@@ -806,6 +806,10 @@ RestWrite.prototype.createSessionTokenIfNeeded = function() {
  if (this.query && !this.data.authData) {
  return;
  }
+ // Don't generate new sessionToken if linking via sessionToken
+ if (this.auth.user && this.data.authData) {
+ return;
+ }
  if (
  !this.storage['authProvider'] && // signup call, with
  this.config.preventLoginWithUnverifiedEmail && // no login without verification