(context, queryInfo, keysPrefix, userId)
| 7 | import { createSanitizedError } from '../../Error'; |
| 8 | |
| 9 | const getUserFromSessionToken = async (context, queryInfo, keysPrefix, userId) => { |
| 10 | const { info, config } = context; |
| 11 | if (!info || !info.sessionToken) { |
| 12 | throw createSanitizedError(Parse.Error.INVALID_SESSION_TOKEN, 'Invalid session token', config); |
| 13 | } |
| 14 | const sessionToken = info.sessionToken; |
| 15 | const selectedFields = getFieldNames(queryInfo) |
| 16 | .filter(field => field.startsWith(keysPrefix)) |
| 17 | .map(field => field.replace(keysPrefix, '')); |
| 18 | |
| 19 | const keysAndInclude = extractKeysAndInclude(selectedFields); |
| 20 | const { keys } = keysAndInclude; |
| 21 | let { include } = keysAndInclude; |
| 22 | |
| 23 | if (userId && !keys && !include) { |
| 24 | return { |
| 25 | sessionToken, |
| 26 | }; |
| 27 | } else if (keys && !include) { |
| 28 | include = 'user'; |
| 29 | } |
| 30 | |
| 31 | if (userId) { |
| 32 | // We need to re create the auth context |
| 33 | // to avoid security breach if userId is provided |
| 34 | context.auth = new Auth({ |
| 35 | config, |
| 36 | isMaster: context.auth.isMaster, |
| 37 | user: { id: userId }, |
| 38 | }); |
| 39 | } |
| 40 | |
| 41 | const options = {}; |
| 42 | if (keys) { |
| 43 | options.keys = keys |
| 44 | .split(',') |
| 45 | .map(key => `${key}`) |
| 46 | .join(','); |
| 47 | } |
| 48 | if (include) { |
| 49 | options.include = include |
| 50 | .split(',') |
| 51 | .map(included => `${included}`) |
| 52 | .join(','); |
| 53 | } |
| 54 | |
| 55 | const response = await rest.find( |
| 56 | config, |
| 57 | context.auth, |
| 58 | '_User', |
| 59 | // Get the user it self from auth object |
| 60 | { objectId: context.auth.user.id }, |
| 61 | options, |
| 62 | info.clientVersion, |
| 63 | info.context |
| 64 | ); |
| 65 | if (!response.results || response.results.length == 0) { |
| 66 | throw createSanitizedError(Parse.Error.INVALID_SESSION_TOKEN, 'Invalid session token', config); |
no test coverage detected