Always clear sessions when user password is updated

spec/ParseServerRESTController.spec.js

@@ -135,10 +135,7 @@ describe('ParseServerRESTController', () => {
     }).then(sessions => {
       expect(sessions.length).toBe(0);
       done();
-    }, (err) => {
-      jfail(err);
-      done();
-    });
+    }, done.fail);
   });
 
   it('ensures a session token is created when passing installationId != cloud', (done) => {

spec/ParseUser.spec.js

@@ -2935,4 +2935,21 @@ describe('Parse.User testing', () => {
       done();
     });
   });
+
+  it('should revoke sessions when setting paswword with masterKey (#3289)', (done) => {
+    let user;
+    Parse.User.signUp('username', 'password')
+      .then((newUser) => {
+        user = newUser;
+        user.set('password', 'newPassword');
+        return user.save(null, {useMasterKey: true});
+      }).then(() => {
+        const query = new Parse.Query('_Session');
+        query.equalTo('user', user);
+        return query.find({useMasterKey: true});
+      }).then((results) => {
+        expect(results.length).toBe(0);
+        done();
+      }, done.fail);
+  });
 });

src/RestWrite.js

@@ -375,9 +375,12 @@ RestWrite.prototype.transformUser = function() {
       return Promise.resolve();
     }
 
-    if (this.query && !this.auth.isMaster) {
+    if (this.query) {
       this.storage['clearSessions'] = true;
-      this.storage['generateNewSession'] = true;
+      // Generate a new session only if the user requested
+      if (!this.auth.isMaster) {
+        this.storage['generateNewSession'] = true;
+      }
     }
 
     return this._validatePasswordPolicy().then(() => {