From d4f3ac5df9cf1c47fdd6838fba983648f802df62 Mon Sep 17 00:00:00 2001 From: dblythy Date: Fri, 19 Mar 2021 00:24:55 +1100 Subject: [PATCH 1/2] allow logout with invalid session --- spec/ParseUser.spec.js | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/spec/ParseUser.spec.js b/spec/ParseUser.spec.js index 91aeb4920a..498f32c744 100644 --- a/spec/ParseUser.spec.js +++ b/spec/ParseUser.spec.js @@ -3860,6 +3860,28 @@ describe('Parse.User testing', () => { }); }); + it('can logout with expired session token', async () => { + await Parse.User.signUp('asdf', 'zxcv'); + const sessionQuery = new Parse.Query(Parse.Session); + const session = await sessionQuery.first({ useMasterKey: true }); + const database = Config.get(Parse.applicationId).database; + await database.update( + '_Session', + { objectId: session.id }, + { expiresAt: new Date().setFullYear(2010) }, + {} + ); + await Parse.User.logOut(); + }); + + it('can logout with invalid session token', async () => { + await Parse.User.signUp('asdf', 'zxcv'); + const sessionQuery = new Parse.Query(Parse.Session); + const session = await sessionQuery.first({ useMasterKey: true }); + await session.destroy({ useMasterKey: true }); + await Parse.User.logOut(); + }); + it('does not duplicate session when logging in multiple times #3451', done => { const user = new Parse.User(); user From 788dbda0b7e19de68f0d671393db0f21ec17e950 Mon Sep 17 00:00:00 2001 From: dblythy Date: Fri, 19 Mar 2021 00:42:05 +1100 Subject: [PATCH 2/2] Update middlewares.js --- src/middlewares.js | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/middlewares.js b/src/middlewares.js index 1c0a372031..9b2583eec5 100644 --- a/src/middlewares.js +++ b/src/middlewares.js @@ -220,6 +220,9 @@ export function handleParseHeaders(req, res, next) { return Promise.resolve() .then(() => { // handle the upgradeToRevocableSession path on it's own + if (req.url === '/logout') { + return Promise.resolve(); + } if ( info.sessionToken && req.url === '/upgradeToRevocableSession' && @@ -241,8 +244,8 @@ export function handleParseHeaders(req, res, next) { .then(auth => { if (auth) { req.auth = auth; - next(); } + next(); }) .catch(error => { if (error instanceof Parse.Error) {