From 5b595cf22647cc64f00f22bb346adc054d0930c8 Mon Sep 17 00:00:00 2001
From: Diamond Lewis <findlewis@gmail.com>
Date: Sat, 12 Sep 2020 10:26:42 -0500
Subject: [PATCH] fix(directAccess/cloud-code): Pass installationId with LogIn

InstallationId didn't get passed correctly. Resulting in _Session without installationId

https://github.com/parse-community/parse-server/blob/master/src/Routers/UsersRouter.js#L263

* Fixed error with POST /login and req.query is undefined
---
 spec/ParseServerRESTController.spec.js | 31 ++++++++++++++++++++++++++
 src/ParseServerRESTController.js       |  1 +
 src/Routers/UsersRouter.js             |  4 ++--
 3 files changed, 34 insertions(+), 2 deletions(-)

diff --git a/spec/ParseServerRESTController.spec.js b/spec/ParseServerRESTController.spec.js
index 0e9e04e796..c47340f114 100644
--- a/spec/ParseServerRESTController.spec.js
+++ b/spec/ParseServerRESTController.spec.js
@@ -662,4 +662,35 @@ describe('ParseServerRESTController', () => {
         }
       );
   });
+
+  it('ensures logIn is saved with installationId', async () => {
+    const installationId = 'installation123';
+    const user = await RESTController.request(
+      'POST',
+      '/classes/_User',
+      { username: 'hello', password: 'world' },
+      { installationId }
+    );
+    expect(user.sessionToken).not.toBeUndefined();
+    const query = new Parse.Query('_Session');
+    let sessions = await query.find({ useMasterKey: true });
+
+    expect(sessions.length).toBe(1);
+    expect(sessions[0].get('installationId')).toBe(installationId);
+    expect(sessions[0].get('sessionToken')).toBe(user.sessionToken);
+
+    const loggedUser = await RESTController.request(
+      'POST',
+      '/login',
+      { username: 'hello', password: 'world' },
+      { installationId }
+    );
+    expect(loggedUser.sessionToken).not.toBeUndefined();
+    sessions = await query.find({ useMasterKey: true });
+
+    // Should clean up old sessions with this installationId
+    expect(sessions.length).toBe(1);
+    expect(sessions[0].get('installationId')).toBe(installationId);
+    expect(sessions[0].get('sessionToken')).toBe(loggedUser.sessionToken);
+  });
 });
diff --git a/src/ParseServerRESTController.js b/src/ParseServerRESTController.js
index 1c6087c237..5ff357b8ef 100644
--- a/src/ParseServerRESTController.js
+++ b/src/ParseServerRESTController.js
@@ -107,6 +107,7 @@ function ParseServerRESTController(applicationId, router) {
           info: {
             applicationId: applicationId,
             sessionToken: options.sessionToken,
+            installationId: options.installationId,
             context: options.context || {}, // Add context
           },
           query,
diff --git a/src/Routers/UsersRouter.js b/src/Routers/UsersRouter.js
index 9d015f9659..61448dace2 100644
--- a/src/Routers/UsersRouter.js
+++ b/src/Routers/UsersRouter.js
@@ -41,8 +41,8 @@ export class UsersRouter extends ClassesRouter {
       // Use query parameters instead if provided in url
       let payload = req.body;
       if (
-        (!payload.username && req.query.username) ||
-        (!payload.email && req.query.email)
+        (!payload.username && req.query && req.query.username) ||
+        (!payload.email && req.query && req.query.email)
       ) {
         payload = req.query;
       }