feat: Allow Parse.Session.current on expired session token instead …

…of throwing error (#8722)

BREAKING CHANGE: `Parse.Session.current()` no longer throws an error if the session token is expired, but instead returns the session token with its expiration date to allow checking its validity

spec/ParseUser.spec.js

@@ -3224,6 +3224,35 @@ describe('Parse.User testing', () => {
  .catch(done.fail);
  });
 
+ it('should return current session with expired expiration date', async () => {
+ await Parse.User.signUp('buser', 'somepass', null);
+ const response = await request({
+ method: 'GET',
+ url: 'http://localhost:8378/1/classes/_Session',
+ headers: {
+ 'X-Parse-Application-Id': 'test',
+ 'X-Parse-Master-Key': 'test',
+ },
+ });
+ const body = response.data;
+ const id = body.results[0].objectId;
+ const expiresAt = new Date(new Date().setYear(2015));
+ await request({
+ method: 'PUT',
+ url: 'http://localhost:8378/1/classes/_Session/' + id,
+ headers: {
+ 'X-Parse-Application-Id': 'test',
+ 'X-Parse-Master-Key': 'test',
+ 'Content-Type': 'application/json',
+ },
+ body: {
+ expiresAt: { __type: 'Date', iso: expiresAt.toISOString() },
+ },
+ });
+ const session = await Parse.Session.current();
+ expect(session.get('expiresAt')).toEqual(expiresAt);
+ });
+
  it('should not create extraneous session tokens', done => {
  const config = Config.get(Parse.applicationId);
  config.database

src/middlewares.js

@@ -342,7 +342,7 @@ const handleRateLimit = async (req, res, next) => {
 export const handleParseSession = async (req, res, next) => {
  try {
  const info = req.info;
- if (req.auth) {
+ if (req.auth || req.url === '/sessions/me') {
  next();
  return;
  }