Fixes sessionTokens being overridden in 'find' (parse-community#4332)

montymxb · flovilmart · commit 454defaa55dd · 2017-11-25T15:28:08.000-05:00
* remove session token replacement code

* adds cases for _User/_Session with sessionToken and with/without masterKey
diff --git a/spec/ParseSession.spec.js b/spec/ParseSession.spec.js
@@ -0,0 +1,126 @@
+//
+// Tests behavior of Parse Sessions
+//
+
+"use strict";
+
+function setupTestUsers() {
+  const user1 = new Parse.User();
+  const user2 = new Parse.User();
+  const user3 = new Parse.User();
+
+  user1.set("username", "testuser_1");
+  user2.set("username", "testuser_2");
+  user3.set("username", "testuser_3");
+
+  user1.set("password", "password");
+  user2.set("password", "password");
+  user3.set("password", "password");
+
+  return user1.signUp().then(() => {
+    return user2.signUp();
+  }).then(() => {
+    return user3.signUp();
+  })
+}
+
+describe('Parse.Session', () => {
+
+  // multiple sessions with masterKey + sessionToken
+  it('should retain original sessionTokens with masterKey & sessionToken set', (done) => {
+    setupTestUsers().then((user) => {
+      const query = new Parse.Query(Parse.Session);
+      return query.find({
+        useMasterKey: true,
+        sessionToken: user.get('sessionToken')
+      });
+    }).then((results) => {
+      const foundKeys = [];
+      expect(results.length).toBe(3);
+      for(const key in results) {
+        const sessionToken = results[key].get('sessionToken');
+        if(foundKeys[sessionToken]) {
+          fail('Duplicate session token present in response');
+          break;
+        }
+        foundKeys[sessionToken] = 1;
+      }
+      done();
+    }).catch((err) => {
+      fail(err);
+    });
+  });
+
+  // single session returned, with just one sessionToken
+  it('should retain original sessionTokens with just sessionToken set', (done) => {
+    let knownSessionToken;
+    setupTestUsers().then((user) => {
+      knownSessionToken = user.get('sessionToken');
+      const query = new Parse.Query(Parse.Session);
+      return query.find({
+        sessionToken: knownSessionToken
+      });
+    }).then((results) => {
+      expect(results.length).toBe(1);
+      const sessionToken = results[0].get('sessionToken');
+      expect(sessionToken).toBe(knownSessionToken);
+      done();
+    }).catch((err) => {
+      fail(err);
+    });
+  });
+
+  // multiple users with masterKey + sessionToken
+  it('token on users should retain original sessionTokens with masterKey & sessionToken set', (done) => {
+    setupTestUsers().then((user) => {
+      const query = new Parse.Query(Parse.User);
+      return query.find({
+        useMasterKey: true,
+        sessionToken: user.get('sessionToken')
+      });
+    }).then((results) => {
+      const foundKeys = [];
+      expect(results.length).toBe(3);
+      for(const key in results) {
+        const sessionToken = results[key].get('sessionToken');
+        if(foundKeys[sessionToken] && sessionToken !== undefined) {
+          fail('Duplicate session token present in response');
+          break;
+        }
+        foundKeys[sessionToken] = 1;
+      }
+      done();
+    }).catch((err) => {
+      fail(err);
+    });
+  });
+
+  // multiple users with just sessionToken
+  it('token on users should retain original sessionTokens with just sessionToken set', (done) => {
+    let knownSessionToken;
+    setupTestUsers().then((user) => {
+      knownSessionToken = user.get('sessionToken');
+      const query = new Parse.Query(Parse.User);
+      return query.find({
+        sessionToken: knownSessionToken
+      });
+    }).then((results) => {
+      const foundKeys = [];
+      expect(results.length).toBe(3);
+      for(const key in results) {
+        const sessionToken = results[key].get('sessionToken');
+        if(foundKeys[sessionToken] && sessionToken !== undefined) {
+          fail('Duplicate session token present in response');
+          break;
+        }
+        foundKeys[sessionToken] = 1;
+      }
+
+
+      done();
+    }).catch((err) => {
+      fail(err);
+    });
+  });
+
+});
diff --git a/src/Routers/ClassesRouter.js b/src/Routers/ClassesRouter.js
@@ -27,13 +27,6 @@ export class ClassesRouter extends PromiseRouter {
     }
     return rest.find(req.config, req.auth, this.className(req), body.where, options, req.info.clientSDK)
       .then((response) => {
-        if (response && response.results) {
-          for (const result of response.results) {
-            if (result.sessionToken) {
-              result.sessionToken = req.info.sessionToken || result.sessionToken;
-            }
-          }
-        }
         return { response: response };
       });
   }

Original file line number	Diff line number	Diff line change
`@@ -27,13 +27,6 @@ export class ClassesRouter extends PromiseRouter {`
`27`	`27`	`}`
`28`	`28`	`return rest.find(req.config, req.auth, this.className(req), body.where, options, req.info.clientSDK)`
`29`	`29`	`.then((response) => {`
`30`		`- if (response && response.results) {`
`31`		`- for (const result of response.results) {`
`32`		`- if (result.sessionToken) {`
`33`		`- result.sessionToken = req.info.sessionToken \|\| result.sessionToken;`
`34`		`- }`
`35`		`- }`
`36`		`- }`
`37`	`30`	`return { response: response };`
`38`	`31`	`});`
`39`	`32`	`}`