diff --git a/spec/ParseSession.spec.js b/spec/ParseSession.spec.js index a76c968602..345c9e6d50 100644 --- a/spec/ParseSession.spec.js +++ b/spec/ParseSession.spec.js @@ -393,4 +393,156 @@ describe('Parse.Session', () => { }); expect(verifyRes.data.expiresAt.iso).toBe(farFuture); }); + + it('should reject null expiresAt when updating a session via PUT', async () => { + const user = await Parse.User.signUp('sessionupdatenull1', 'password'); + const sessionToken = user.getSessionToken(); + + const sessionRes = await request({ + method: 'GET', + url: 'http://localhost:8378/1/sessions/me', + headers: { + 'X-Parse-Application-Id': 'test', + 'X-Parse-REST-API-Key': 'rest', + 'X-Parse-Session-Token': sessionToken, + }, + }); + const sessionId = sessionRes.data.objectId; + const originalExpiresAt = sessionRes.data.expiresAt; + + const updateRes = await request({ + method: 'PUT', + url: `http://localhost:8378/1/sessions/${sessionId}`, + headers: { + 'X-Parse-Application-Id': 'test', + 'X-Parse-REST-API-Key': 'rest', + 'X-Parse-Session-Token': sessionToken, + 'Content-Type': 'application/json', + }, + body: { + expiresAt: null, + }, + }).catch(e => e); + + expect(updateRes.data.code).toBe(Parse.Error.INVALID_KEY_NAME); + + const verifyRes = await request({ + method: 'GET', + url: 'http://localhost:8378/1/sessions/me', + headers: { + 'X-Parse-Application-Id': 'test', + 'X-Parse-REST-API-Key': 'rest', + 'X-Parse-Session-Token': sessionToken, + }, + }); + expect(verifyRes.data.expiresAt).toEqual(originalExpiresAt); + }); + + it('should reject null createdWith when updating a session via PUT', async () => { + const user = await Parse.User.signUp('sessionupdatenull2', 'password'); + const sessionToken = user.getSessionToken(); + + const sessionRes = await request({ + method: 'GET', + url: 'http://localhost:8378/1/sessions/me', + headers: { + 'X-Parse-Application-Id': 'test', + 'X-Parse-REST-API-Key': 'rest', + 'X-Parse-Session-Token': sessionToken, + }, + }); + const sessionId = sessionRes.data.objectId; + const originalCreatedWith = sessionRes.data.createdWith; + + const updateRes = await request({ + method: 'PUT', + url: `http://localhost:8378/1/sessions/${sessionId}`, + headers: { + 'X-Parse-Application-Id': 'test', + 'X-Parse-REST-API-Key': 'rest', + 'X-Parse-Session-Token': sessionToken, + 'Content-Type': 'application/json', + }, + body: { + createdWith: null, + }, + }).catch(e => e); + + expect(updateRes.data.code).toBe(Parse.Error.INVALID_KEY_NAME); + + const verifyRes = await request({ + method: 'GET', + url: 'http://localhost:8378/1/sessions/me', + headers: { + 'X-Parse-Application-Id': 'test', + 'X-Parse-REST-API-Key': 'rest', + 'X-Parse-Session-Token': sessionToken, + }, + }); + expect(verifyRes.data.createdWith).toEqual(originalCreatedWith); + }); + + it('should reject null installationId when updating a session via PUT', async () => { + const user = await Parse.User.signUp('sessionupdatenull3', 'password'); + const sessionToken = user.getSessionToken(); + + const sessionRes = await request({ + method: 'GET', + url: 'http://localhost:8378/1/sessions/me', + headers: { + 'X-Parse-Application-Id': 'test', + 'X-Parse-REST-API-Key': 'rest', + 'X-Parse-Session-Token': sessionToken, + }, + }); + const sessionId = sessionRes.data.objectId; + + const updateRes = await request({ + method: 'PUT', + url: `http://localhost:8378/1/sessions/${sessionId}`, + headers: { + 'X-Parse-Application-Id': 'test', + 'X-Parse-REST-API-Key': 'rest', + 'X-Parse-Session-Token': sessionToken, + 'Content-Type': 'application/json', + }, + body: { + installationId: null, + }, + }).catch(e => e); + + expect(updateRes.data.code).toBe(Parse.Error.INVALID_KEY_NAME); + }); + + it('should reject null sessionToken when updating a session via PUT', async () => { + const user = await Parse.User.signUp('sessionupdatenull4', 'password'); + const sessionToken = user.getSessionToken(); + + const sessionRes = await request({ + method: 'GET', + url: 'http://localhost:8378/1/sessions/me', + headers: { + 'X-Parse-Application-Id': 'test', + 'X-Parse-REST-API-Key': 'rest', + 'X-Parse-Session-Token': sessionToken, + }, + }); + const sessionId = sessionRes.data.objectId; + + const updateRes = await request({ + method: 'PUT', + url: `http://localhost:8378/1/sessions/${sessionId}`, + headers: { + 'X-Parse-Application-Id': 'test', + 'X-Parse-REST-API-Key': 'rest', + 'X-Parse-Session-Token': sessionToken, + 'Content-Type': 'application/json', + }, + body: { + sessionToken: null, + }, + }).catch(e => e); + + expect(updateRes.data.code).toBe(Parse.Error.INVALID_KEY_NAME); + }); }); diff --git a/src/RestWrite.js b/src/RestWrite.js index 630cc7f268..2d167731bf 100644 --- a/src/RestWrite.js +++ b/src/RestWrite.js @@ -1174,13 +1174,13 @@ RestWrite.prototype.handleSession = function () { if (this.query) { if (this.data.user && !this.auth.isMaster && this.data.user.objectId != this.auth.user.id) { throw new Parse.Error(Parse.Error.INVALID_KEY_NAME); - } else if (this.data.installationId) { + } else if ('installationId' in this.data) { throw new Parse.Error(Parse.Error.INVALID_KEY_NAME); - } else if (this.data.sessionToken) { + } else if ('sessionToken' in this.data) { throw new Parse.Error(Parse.Error.INVALID_KEY_NAME); - } else if (this.data.expiresAt && !this.auth.isMaster && !this.auth.isMaintenance) { + } else if ('expiresAt' in this.data && !this.auth.isMaster && !this.auth.isMaintenance) { throw new Parse.Error(Parse.Error.INVALID_KEY_NAME); - } else if (this.data.createdWith && !this.auth.isMaster && !this.auth.isMaintenance) { + } else if ('createdWith' in this.data && !this.auth.isMaster && !this.auth.isMaintenance) { throw new Parse.Error(Parse.Error.INVALID_KEY_NAME); } if (!this.auth.isMaster) {