spec/RevocableSessionsUpgrade.spec.js

const Config = require('../lib/Config');
const sessionToken = 'legacySessionToken';
const request = require('../lib/request');
const Parse = require('parse/node');

function createUser() {
  const config = Config.get(Parse.applicationId);
  const user = {
    objectId: '1234567890',
    username: 'hello',
    password: 'pass',
    _session_token: sessionToken,
  };
  return config.database.create('_User', user);
}

describe_only_db('mongo')('revocable sessions', () => {
  beforeEach(done => {
    // Create 1 user with the legacy
    createUser().then(done);
  });

  it('should upgrade legacy session token', done => {
    const user = Parse.Object.fromJSON({
      className: '_User',
      objectId: '1234567890',
      sessionToken: sessionToken,
    });
    user
      ._upgradeToRevocableSession()
      .then(res => {
        expect(res.getSessionToken().indexOf('r:')).toBe(0);
        const config = Config.get(Parse.applicationId);
        // use direct access to the DB to make sure we're not
        // getting the session token stripped
        return config.database
          .loadSchema()
          .then(schemaController => {
            return schemaController.getOneSchema('_User', true);
          })
          .then(schema => {
            return config.database.adapter.find('_User', schema, { objectId: '1234567890' }, {});
          })
          .then(results => {
            expect(results.length).toBe(1);
            expect(results[0].sessionToken).toBeUndefined();
          });
      })
      .then(
        () => {
          done();
        },
        err => {
          jfail(err);
          done();
        }
      );
  });

  it('should be able to become with revocable session token', done => {
    const user = Parse.Object.fromJSON({
      className: '_User',
      objectId: '1234567890',
      sessionToken: sessionToken,
    });
    user
      ._upgradeToRevocableSession()
      .then(res => {
        expect(res.getSessionToken().indexOf('r:')).toBe(0);
        return Parse.User.logOut()
          .then(() => {
            return Parse.User.become(res.getSessionToken());
          })
          .then(user => {
            expect(user.id).toEqual('1234567890');
          });
      })
      .then(
        () => {
          done();
        },
        err => {
          jfail(err);
          done();
        }
      );
  });

  it('should not upgrade bad legacy session token', done => {
    request({
      method: 'POST',
      url: Parse.serverURL + '/upgradeToRevocableSession',
      headers: {
        'X-Parse-Application-Id': Parse.applicationId,
        'X-Parse-Rest-API-Key': 'rest',
        'X-Parse-Session-Token': 'badSessionToken',
      },
    })
      .then(
        () => {
          fail('should not be able to upgrade a bad token');
        },
        response => {
          expect(response.status).toBe(400);
          expect(response.data).not.toBeUndefined();
          expect(response.data.code).toBe(Parse.Error.INVALID_SESSION_TOKEN);
          expect(response.data.error).toEqual('invalid legacy session token');
        }
      )
      .then(() => {
        done();
      });
  });

  it('should not crash without session token #2720', done => {
    request({
      method: 'POST',
      url: Parse.serverURL + '/upgradeToRevocableSession',
      headers: {
        'X-Parse-Application-Id': Parse.applicationId,
        'X-Parse-Rest-API-Key': 'rest',
      },
    })
      .then(
        () => {
          fail('should not be able to upgrade a bad token');
        },
        response => {
          expect(response.status).toBe(404);
          expect(response.data).not.toBeUndefined();
          expect(response.data.code).toBe(Parse.Error.OBJECT_NOT_FOUND);
          expect(response.data.error).toEqual('invalid session');
        }
      )
      .then(() => {
        done();
      });
  });
});
Removes need to use babel-register (#4865) * Removes need to use babel-register - Adds watch to watch changes when running the test to regenerate - Tests are now pure node 8 * Adds timing to helper.js * Update contribution guide * Adds inline sourcemaps generation to restore coverage * nits 2018-07-02 23:30:14 -04:00			`const Config = require('../lib/Config');`
Adds endpoint for non-revocable session token upgrade (#2646) 2016-09-09 14:48:06 -04:00			`const sessionToken = 'legacySessionToken';`
Remove request and request-promise from dev dependencies (#5077) * removes from emailverificationtoken spec * updates winston * Updates ValidationAndPasswordsReset * Use local request in schemas * Removes request in rest.spec * Removes request from PushRouter0 * removes request from public API * removes request from index.spec * Removes request form parse.push spec * removes request from ParseInstallation spec * Removes from ParseHooks * removes request from ParseGlobalConfig.spec * Removes request from ParseAPI.spec.js * removes request from LogsRouter * removes in features * Filters undefined headers instead of crashing * Removes request from ParseUser spec * Removes usage of request in ParseFile.spec.js * Removes request from AuthAdapters.js * removes request-promise from ParseGeoPoint.spec * Removes request-promise from ParseQuery spec * remove request-promise from UserPII * removes request-promise from EnableExpressErrorHandler * Updates RevocableSessionUpgrade spec * Update RestQuery * Removes read preferenceOptionM * ensure we forward auth from URL * use request in CloudCode.spec.js * Removes request-promise from JobSchedule.spec * Removes rp from VerifyUserPassword.spec.js * Removes rp from PasswordPolicy spec * Removes rp from ParsePolygon spec * Removes rp from fullTextSearch spec * Removes rp from PArseQuery.Aggregate * Ensure we properly forward errors * Removes request and request-promise 2018-09-24 17:07:51 -04:00			`const request = require('../lib/request');`
Adds endpoint for non-revocable session token upgrade (#2646) 2016-09-09 14:48:06 -04:00			`const Parse = require('parse/node');`

			`function createUser() {`
Refactors configuration management (#4271) * Adds flow types / Configuration interfaces * Lets call it options * Use a single interface to generate the configurations * Translates options to definitions only if comments are set * improves logic * Moves objects around * Fixes issue affecting logging of circular objects * fixes undefined env * Moves all defaults to defaults * Adds back CLI defaults * Restored defaults in commander.js * Merge provided defaults and platform defaults * Addresses visual nits * Improves Config.js code * Adds ability to pass the default value in trailing comments * Load platform defaults from the definitions file * proper default values on various options * Adds ParseServer.start and server.start(options) as quick startup methods * Moves creating liveQueryServer http into ParseServer.js * removes dead code * Adds tests to guarantee we can start a LQ Server from main module * Fixes incorrect code regading liveQuery init port * Start a http server for LQ if port is specified * ensure we dont fail if config.port is not set * Specify port * ignore other path skipped in tests * Adds test for custom middleware setting * Refactors new Config into Config.get - Hides AppCache from ParseServer.js, use Config.put which validates * Extracts controller creation into Controllers/index.js - This makes the ParseServer init way simpler * Move serverURL inference into ParseServer * review nits 2017-10-23 08:43:05 -04:00			`const config = Config.get(Parse.applicationId);`
Adds endpoint for non-revocable session token upgrade (#2646) 2016-09-09 14:48:06 -04:00			`const user = {`
			`objectId: '1234567890',`
			`username: 'hello',`
			`password: 'pass',`
Use Prettier JS (#5017) * Adds prettier * Run lint before tests 2018-09-01 13:58:06 -04:00			`_session_token: sessionToken,`
			`};`
Adds endpoint for non-revocable session token upgrade (#2646) 2016-09-09 14:48:06 -04:00			`return config.database.create('_User', user);`
			`}`

Revocable session upgrade only on mongo (#2685) * Revert "Tries a new travis configuration" * Revocable session upgrade only on mongo 2016-09-09 17:02:15 -04:00			`describe_only_db('mongo')('revocable sessions', () => {`
Use Prettier JS (#5017) * Adds prettier * Run lint before tests 2018-09-01 13:58:06 -04:00			`beforeEach(done => {`
Adds endpoint for non-revocable session token upgrade (#2646) 2016-09-09 14:48:06 -04:00			`// Create 1 user with the legacy`
			`createUser().then(done);`
			`});`

Adds liniting into the workflow (#3082) * initial linting of src * fix indent to 2 spaces * Removes unnecessary rules * ignore spec folder for now * Spec linting * Fix spec indent * nits * nits * no no-empty rule 2016-11-24 15:47:41 -05:00			`it('should upgrade legacy session token', done => {`
Enable prefer-const lint rule (#3202) 2016-12-07 15:17:05 -08:00			`const user = Parse.Object.fromJSON({`
Adds endpoint for non-revocable session token upgrade (#2646) 2016-09-09 14:48:06 -04:00			`className: '_User',`
			`objectId: '1234567890',`
Use Prettier JS (#5017) * Adds prettier * Run lint before tests 2018-09-01 13:58:06 -04:00			`sessionToken: sessionToken,`
Adds endpoint for non-revocable session token upgrade (#2646) 2016-09-09 14:48:06 -04:00			`});`
Use Prettier JS (#5017) * Adds prettier * Run lint before tests 2018-09-01 13:58:06 -04:00			`user`
			`._upgradeToRevocableSession()`
			`.then(res => {`
			`expect(res.getSessionToken().indexOf('r:')).toBe(0);`
			`const config = Config.get(Parse.applicationId);`
			`// use direct access to the DB to make sure we're not`
			`// getting the session token stripped`
			`return config.database`
			`.loadSchema()`
			`.then(schemaController => {`
			`return schemaController.getOneSchema('_User', true);`
			`})`
			`.then(schema => {`
fix(prettier): Properly handle lint-stage files (#6970) Now handles top level files and recursive files in folders. Set max line length to be 100 2020-10-25 15:06:58 -05:00			`return config.database.adapter.find('_User', schema, { objectId: '1234567890' }, {});`
Use Prettier JS (#5017) * Adds prettier * Run lint before tests 2018-09-01 13:58:06 -04:00			`})`
			`.then(results => {`
			`expect(results.length).toBe(1);`
			`expect(results[0].sessionToken).toBeUndefined();`
			`});`
			`})`
			`.then(`
			`() => {`
			`done();`
			`},`
			`err => {`
			`jfail(err);`
			`done();`
			`}`
			`);`
Adds endpoint for non-revocable session token upgrade (#2646) 2016-09-09 14:48:06 -04:00			`});`

Adds liniting into the workflow (#3082) * initial linting of src * fix indent to 2 spaces * Removes unnecessary rules * ignore spec folder for now * Spec linting * Fix spec indent * nits * nits * no no-empty rule 2016-11-24 15:47:41 -05:00			`it('should be able to become with revocable session token', done => {`
Enable prefer-const lint rule (#3202) 2016-12-07 15:17:05 -08:00			`const user = Parse.Object.fromJSON({`
Adds endpoint for non-revocable session token upgrade (#2646) 2016-09-09 14:48:06 -04:00			`className: '_User',`
			`objectId: '1234567890',`
Use Prettier JS (#5017) * Adds prettier * Run lint before tests 2018-09-01 13:58:06 -04:00			`sessionToken: sessionToken,`
Adds endpoint for non-revocable session token upgrade (#2646) 2016-09-09 14:48:06 -04:00			`});`
Use Prettier JS (#5017) * Adds prettier * Run lint before tests 2018-09-01 13:58:06 -04:00			`user`
			`._upgradeToRevocableSession()`
			`.then(res => {`
			`expect(res.getSessionToken().indexOf('r:')).toBe(0);`
			`return Parse.User.logOut()`
			`.then(() => {`
			`return Parse.User.become(res.getSessionToken());`
			`})`
			`.then(user => {`
			`expect(user.id).toEqual('1234567890');`
			`});`
			`})`
			`.then(`
			`() => {`
			`done();`
			`},`
			`err => {`
			`jfail(err);`
			`done();`
			`}`
			`);`
Adds endpoint for non-revocable session token upgrade (#2646) 2016-09-09 14:48:06 -04:00			`});`

Adds liniting into the workflow (#3082) * initial linting of src * fix indent to 2 spaces * Removes unnecessary rules * ignore spec folder for now * Spec linting * Fix spec indent * nits * nits * no no-empty rule 2016-11-24 15:47:41 -05:00			`it('should not upgrade bad legacy session token', done => {`
Remove request and request-promise from dev dependencies (#5077) * removes from emailverificationtoken spec * updates winston * Updates ValidationAndPasswordsReset * Use local request in schemas * Removes request in rest.spec * Removes request from PushRouter0 * removes request from public API * removes request from index.spec * Removes request form parse.push spec * removes request from ParseInstallation spec * Removes from ParseHooks * removes request from ParseGlobalConfig.spec * Removes request from ParseAPI.spec.js * removes request from LogsRouter * removes in features * Filters undefined headers instead of crashing * Removes request from ParseUser spec * Removes usage of request in ParseFile.spec.js * Removes request from AuthAdapters.js * removes request-promise from ParseGeoPoint.spec * Removes request-promise from ParseQuery spec * remove request-promise from UserPII * removes request-promise from EnableExpressErrorHandler * Updates RevocableSessionUpgrade spec * Update RestQuery * Removes read preferenceOptionM * ensure we forward auth from URL * use request in CloudCode.spec.js * Removes request-promise from JobSchedule.spec * Removes rp from VerifyUserPassword.spec.js * Removes rp from PasswordPolicy spec * Removes rp from ParsePolygon spec * Removes rp from fullTextSearch spec * Removes rp from PArseQuery.Aggregate * Ensure we properly forward errors * Removes request and request-promise 2018-09-24 17:07:51 -04:00			`request({`
			`method: 'POST',`
Add lint rule space-infix-ops (#3237) Disallows: 1+1. Must be 1 + 1. 2017-01-11 12:31:40 -08:00			`url: Parse.serverURL + '/upgradeToRevocableSession',`
Adds endpoint for non-revocable session token upgrade (#2646) 2016-09-09 14:48:06 -04:00			`headers: {`
			`'X-Parse-Application-Id': Parse.applicationId,`
			`'X-Parse-Rest-API-Key': 'rest',`
Use Prettier JS (#5017) * Adds prettier * Run lint before tests 2018-09-01 13:58:06 -04:00			`'X-Parse-Session-Token': 'badSessionToken',`
Adds endpoint for non-revocable session token upgrade (#2646) 2016-09-09 14:48:06 -04:00			`},`
Use Prettier JS (#5017) * Adds prettier * Run lint before tests 2018-09-01 13:58:06 -04:00			`})`
			`.then(`
			`() => {`
			`fail('should not be able to upgrade a bad token');`
			`},`
			`response => {`
Remove request and request-promise from dev dependencies (#5077) * removes from emailverificationtoken spec * updates winston * Updates ValidationAndPasswordsReset * Use local request in schemas * Removes request in rest.spec * Removes request from PushRouter0 * removes request from public API * removes request from index.spec * Removes request form parse.push spec * removes request from ParseInstallation spec * Removes from ParseHooks * removes request from ParseGlobalConfig.spec * Removes request from ParseAPI.spec.js * removes request from LogsRouter * removes in features * Filters undefined headers instead of crashing * Removes request from ParseUser spec * Removes usage of request in ParseFile.spec.js * Removes request from AuthAdapters.js * removes request-promise from ParseGeoPoint.spec * Removes request-promise from ParseQuery spec * remove request-promise from UserPII * removes request-promise from EnableExpressErrorHandler * Updates RevocableSessionUpgrade spec * Update RestQuery * Removes read preferenceOptionM * ensure we forward auth from URL * use request in CloudCode.spec.js * Removes request-promise from JobSchedule.spec * Removes rp from VerifyUserPassword.spec.js * Removes rp from PasswordPolicy spec * Removes rp from ParsePolygon spec * Removes rp from fullTextSearch spec * Removes rp from PArseQuery.Aggregate * Ensure we properly forward errors * Removes request and request-promise 2018-09-24 17:07:51 -04:00			`expect(response.status).toBe(400);`
			`expect(response.data).not.toBeUndefined();`
			`expect(response.data.code).toBe(Parse.Error.INVALID_SESSION_TOKEN);`
			`expect(response.data.error).toEqual('invalid legacy session token');`
Use Prettier JS (#5017) * Adds prettier * Run lint before tests 2018-09-01 13:58:06 -04:00			`}`
			`)`
			`.then(() => {`
			`done();`
			`});`
Adds endpoint for non-revocable session token upgrade (#2646) 2016-09-09 14:48:06 -04:00			`});`
handling matching api.parse.com when calling upgradeToRevocableSession without a sessionToken (#2721) 2016-09-17 15:52:52 -04:00
Adds liniting into the workflow (#3082) * initial linting of src * fix indent to 2 spaces * Removes unnecessary rules * ignore spec folder for now * Spec linting * Fix spec indent * nits * nits * no no-empty rule 2016-11-24 15:47:41 -05:00			`it('should not crash without session token #2720', done => {`
Remove request and request-promise from dev dependencies (#5077) * removes from emailverificationtoken spec * updates winston * Updates ValidationAndPasswordsReset * Use local request in schemas * Removes request in rest.spec * Removes request from PushRouter0 * removes request from public API * removes request from index.spec * Removes request form parse.push spec * removes request from ParseInstallation spec * Removes from ParseHooks * removes request from ParseGlobalConfig.spec * Removes request from ParseAPI.spec.js * removes request from LogsRouter * removes in features * Filters undefined headers instead of crashing * Removes request from ParseUser spec * Removes usage of request in ParseFile.spec.js * Removes request from AuthAdapters.js * removes request-promise from ParseGeoPoint.spec * Removes request-promise from ParseQuery spec * remove request-promise from UserPII * removes request-promise from EnableExpressErrorHandler * Updates RevocableSessionUpgrade spec * Update RestQuery * Removes read preferenceOptionM * ensure we forward auth from URL * use request in CloudCode.spec.js * Removes request-promise from JobSchedule.spec * Removes rp from VerifyUserPassword.spec.js * Removes rp from PasswordPolicy spec * Removes rp from ParsePolygon spec * Removes rp from fullTextSearch spec * Removes rp from PArseQuery.Aggregate * Ensure we properly forward errors * Removes request and request-promise 2018-09-24 17:07:51 -04:00			`request({`
			`method: 'POST',`
Add lint rule space-infix-ops (#3237) Disallows: 1+1. Must be 1 + 1. 2017-01-11 12:31:40 -08:00			`url: Parse.serverURL + '/upgradeToRevocableSession',`
handling matching api.parse.com when calling upgradeToRevocableSession without a sessionToken (#2721) 2016-09-17 15:52:52 -04:00			`headers: {`
			`'X-Parse-Application-Id': Parse.applicationId,`
Use Prettier JS (#5017) * Adds prettier * Run lint before tests 2018-09-01 13:58:06 -04:00			`'X-Parse-Rest-API-Key': 'rest',`
handling matching api.parse.com when calling upgradeToRevocableSession without a sessionToken (#2721) 2016-09-17 15:52:52 -04:00			`},`
Use Prettier JS (#5017) * Adds prettier * Run lint before tests 2018-09-01 13:58:06 -04:00			`})`
			`.then(`
			`() => {`
			`fail('should not be able to upgrade a bad token');`
			`},`
			`response => {`
Remove request and request-promise from dev dependencies (#5077) * removes from emailverificationtoken spec * updates winston * Updates ValidationAndPasswordsReset * Use local request in schemas * Removes request in rest.spec * Removes request from PushRouter0 * removes request from public API * removes request from index.spec * Removes request form parse.push spec * removes request from ParseInstallation spec * Removes from ParseHooks * removes request from ParseGlobalConfig.spec * Removes request from ParseAPI.spec.js * removes request from LogsRouter * removes in features * Filters undefined headers instead of crashing * Removes request from ParseUser spec * Removes usage of request in ParseFile.spec.js * Removes request from AuthAdapters.js * removes request-promise from ParseGeoPoint.spec * Removes request-promise from ParseQuery spec * remove request-promise from UserPII * removes request-promise from EnableExpressErrorHandler * Updates RevocableSessionUpgrade spec * Update RestQuery * Removes read preferenceOptionM * ensure we forward auth from URL * use request in CloudCode.spec.js * Removes request-promise from JobSchedule.spec * Removes rp from VerifyUserPassword.spec.js * Removes rp from PasswordPolicy spec * Removes rp from ParsePolygon spec * Removes rp from fullTextSearch spec * Removes rp from PArseQuery.Aggregate * Ensure we properly forward errors * Removes request and request-promise 2018-09-24 17:07:51 -04:00			`expect(response.status).toBe(404);`
			`expect(response.data).not.toBeUndefined();`
			`expect(response.data.code).toBe(Parse.Error.OBJECT_NOT_FOUND);`
			`expect(response.data.error).toEqual('invalid session');`
Use Prettier JS (#5017) * Adds prettier * Run lint before tests 2018-09-01 13:58:06 -04:00			`}`
			`)`
			`.then(() => {`
			`done();`
			`});`
handling matching api.parse.com when calling upgradeToRevocableSession without a sessionToken (#2721) 2016-09-17 15:52:52 -04:00			`});`
Use Prettier JS (#5017) * Adds prettier * Run lint before tests 2018-09-01 13:58:06 -04:00			`});`