Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adds session creation code in Auth.js #4574

Merged
merged 1 commit into from
Feb 19, 2018
Merged

Adds session creation code in Auth.js #4574

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 39 additions & 3 deletions src/Auth.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
var Parse = require('parse/node').Parse;
var RestQuery = require('./RestQuery');
const cryptoUtils = require('./cryptoUtils');
const RestQuery = require('./RestQuery');
const Parse = require('parse/node');

// An Auth object tells you who is requesting something and whether
// the master key was used.
Expand Down Expand Up @@ -212,11 +213,46 @@ Auth.prototype._getAllRolesNamesForRoleIds = function(roleIDs, names = [], queri
})
}

const createSession = function(config, {
userId,
createdWith,
installationId,
additionalSessionData,
}) {
const token = 'r:' + cryptoUtils.newToken();
const expiresAt = config.generateSessionExpiresAt();
const sessionData = {
sessionToken: token,
user: {
__type: 'Pointer',
className: '_User',
objectId: userId
},
createdWith,
restricted: false,
expiresAt: Parse._encode(expiresAt)
};

if (installationId) {
sessionData.installationId = installationId
}

Object.assign(sessionData, additionalSessionData);
// We need to import RestWrite at this point for the cyclic dependency it has to it
const RestWrite = require('./RestWrite');

return {
sessionData,
createSession: () => new RestWrite(config, master(config), '_Session', null, sessionData).execute()
}
}

module.exports = {
Auth,
master,
nobody,
readOnly,
getAuthForSessionToken,
getAuthForLegacySessionToken
getAuthForLegacySessionToken,
createSession,
};
4 changes: 2 additions & 2 deletions src/Controllers/DatabaseController.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -511,7 +511,7 @@ class DatabaseController {
addRelation(key: string, fromClassName: string, fromId: string, toId: string) {
const doc = {
relatedId: toId,
owningId : fromId
owningId: fromId
};
return this.adapter.upsertOneObject(`_Join:${key}:${fromClassName}`, relationSchema, doc, doc);
}
Expand Down Expand Up @@ -658,7 +658,7 @@ class DatabaseController {

// Returns a promise for a list of owning ids given some related ids.
// className here is the owning className.
owningIds(className: string, key: string, relatedIds: string): Promise<string[]> {
owningIds(className: string, key: string, relatedIds: string[]): Promise<string[]> {
return this.adapter.find(joinTableName(className, key), relationSchema, { relatedId: { '$in': relatedIds } }, {})
.then(results => results.map(result => result.owningId));
}
Expand Down
55 changes: 22 additions & 33 deletions src/RestWrite.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
var SchemaController = require('./Controllers/SchemaController');
var deepcopy = require('deepcopy');

var Auth = require('./Auth');
const Auth = require('./Auth');
var cryptoUtils = require('./cryptoUtils');
var passwordCrypto = require('./password');
var Parse = require('parse/node');
Expand Down Expand Up @@ -568,29 +568,24 @@ RestWrite.prototype.createSessionToken = function() {
if (this.auth.installationId && this.auth.installationId === 'cloud') {
return;
}
var token = 'r:' + cryptoUtils.newToken();

var expiresAt = this.config.generateSessionExpiresAt();
var sessionData = {
sessionToken: token,
user: {
__type: 'Pointer',
className: '_User',
objectId: this.objectId()
},
const {
sessionData,
createSession,
} = Auth.createSession(this.config, {
userId: this.objectId(),
createdWith: {
'action': this.storage['authProvider'] ? 'login' : 'signup',
'authProvider': this.storage['authProvider'] || 'password'
},
restricted: false,
installationId: this.auth.installationId,
expiresAt: Parse._encode(expiresAt)
};
});

if (this.response && this.response.response) {
this.response.response.sessionToken = token;
this.response.response.sessionToken = sessionData.sessionToken;
}

return new RestWrite(this.config, Auth.master(this.config), '_Session', null, sessionData).execute();
return createSession();
}

RestWrite.prototype.destroyDuplicatedSessions = function() {
Expand Down Expand Up @@ -675,29 +670,23 @@ RestWrite.prototype.handleSession = function() {
}

if (!this.query && !this.auth.isMaster) {
var token = 'r:' + cryptoUtils.newToken();
var expiresAt = this.config.generateSessionExpiresAt();
var sessionData = {
sessionToken: token,
user: {
__type: 'Pointer',
className: '_User',
objectId: this.auth.user.id
},
createdWith: {
'action': 'create'
},
restricted: true,
expiresAt: Parse._encode(expiresAt)
};
const additionalSessionData = {};
for (var key in this.data) {
if (key === 'objectId' || key === 'user') {
continue;
}
sessionData[key] = this.data[key];
additionalSessionData[key] = this.data[key];
}
var create = new RestWrite(this.config, Auth.master(this.config), '_Session', null, sessionData);
return create.execute().then((results) => {

const { sessionData, createSession } = Auth.createSession(this.config, {
userId: this.auth.user.id,
createdWith: {
action: 'create',
},
additionalSessionData
});

return createSession().then((results) => {
if (!results.response) {
throw new Parse.Error(Parse.Error.INTERNAL_SERVER_ERROR,
'Error creating session.');
Expand Down
24 changes: 8 additions & 16 deletions src/Routers/SessionsRouter.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,6 @@ import ClassesRouter from './ClassesRouter';
import Parse from 'parse/node';
import rest from '../rest';
import Auth from '../Auth';
import RestWrite from '../RestWrite';
import { newToken } from '../cryptoUtils';

export class SessionsRouter extends ClassesRouter {

Expand Down Expand Up @@ -32,30 +30,24 @@ export class SessionsRouter extends ClassesRouter {

handleUpdateToRevocableSession(req) {
const config = req.config;
const masterAuth = Auth.master(config)
const user = req.auth.user;
// Issue #2720
// Calling without a session token would result in a not found user
if (!user) {
throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'invalid session');
}
const expiresAt = config.generateSessionExpiresAt();
const sessionData = {
sessionToken: 'r:' + newToken(),
user: {
__type: 'Pointer',
className: '_User',
objectId: user.id
},
const {
sessionData,
createSession
} = Auth.createSession(config, {
userId: user.id,
createdWith: {
'action': 'upgrade',
},
restricted: false,
installationId: req.auth.installationId,
expiresAt: Parse._encode(expiresAt)
};
const create = new RestWrite(config, masterAuth, '_Session', null, sessionData);
return create.execute().then(() => {
});

return createSession().then(() => {
// delete the session token, use the db to skip beforeSave
return config.database.update('_User', {
objectId: user.id
Expand Down
36 changes: 10 additions & 26 deletions src/Routers/UsersRouter.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,6 @@ import ClassesRouter from './ClassesRouter';
import rest from '../rest';
import Auth from '../Auth';
import passwordCrypto from '../password';
import RestWrite from '../RestWrite';
const cryptoUtils = require('../cryptoUtils');

export class UsersRouter extends ClassesRouter {

Expand Down Expand Up @@ -142,8 +140,6 @@ export class UsersRouter extends ClassesRouter {
}
}

const token = 'r:' + cryptoUtils.newToken();
user.sessionToken = token;
delete user.password;

// Remove hidden properties.
Expand All @@ -161,31 +157,19 @@ export class UsersRouter extends ClassesRouter {
delete user.authData;
}
}
const {
sessionData,
createSession
} = Auth.createSession(req.config, { userId: user.objectId, createdWith: {
'action': 'login',
'authProvider': 'password'
}, installationId: req.info.installationId });

req.config.filesController.expandFilesInObject(req.config, user);
user.sessionToken = sessionData.sessionToken;

const expiresAt = req.config.generateSessionExpiresAt();
const sessionData = {
sessionToken: token,
user: {
__type: 'Pointer',
className: '_User',
objectId: user.objectId
},
createdWith: {
'action': 'login',
'authProvider': 'password'
},
restricted: false,
expiresAt: Parse._encode(expiresAt)
};

if (req.info.installationId) {
sessionData.installationId = req.info.installationId
}
req.config.filesController.expandFilesInObject(req.config, user);

const create = new RestWrite(req.config, Auth.master(req.config), '_Session', null, sessionData);
return create.execute();
return createSession();
}).then(() => {
return { response: user };
});
Expand Down