MCPcopy
hub / github.com/parse-community/parse-server / handleLogInAs

Method handleLogInAs

src/Routers/UsersRouter.js:405–448  ·  view source on GitHub ↗

* This allows master-key clients to create user sessions without access to * user credentials. This enables systems that can authenticate access another * way (API key, app administrators) to act on a user's behalf. * * We create a new session rather than looking for an existing session;

(req)

Source from the content-addressed store, hash-verified

403 * different reasons from /login
404 */
405 async handleLogInAs(req) {
406 if (!req.auth.isMaster) {
407 throw createSanitizedError(
408 Parse.Error.OPERATION_FORBIDDEN,
409 'master key is required',
410 req.config
411 );
412 }
413 if (req.auth.isReadOnly) {
414 throw createSanitizedError(
415 Parse.Error.OPERATION_FORBIDDEN,
416 "read-only masterKey isn't allowed to login as another user.",
417 req.config
418 );
419 }
420
421 const userId = req.body?.userId || req.query.userId;
422 if (!userId) {
423 throw new Parse.Error(
424 Parse.Error.INVALID_VALUE,
425 'userId must not be empty, null, or undefined'
426 );
427 }
428
429 const queryResults = await req.config.database.find('_User', { objectId: userId });
430 const user = queryResults[0];
431 if (!user) {
432 throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'user not found');
433 }
434
435 this._sanitizeAuthData(user);
436
437 const { sessionData, createSession } = RestWrite.createSession(req.config, {
438 userId,
439 createdWith: RestWrite.buildCreatedWith('login', 'masterkey'),
440 installationId: req.info.installationId,
441 });
442
443 user.sessionToken = sessionData.sessionToken;
444
445 await createSession();
446
447 return { response: user };
448 }
449
450 handleVerifyPassword(req) {
451 return this._authenticateUserFromRequest(req)

Callers 1

mountRoutesMethod · 0.95

Calls 3

_sanitizeAuthDataMethod · 0.95
createSanitizedErrorFunction · 0.90
findMethod · 0.65

Tested by

no test coverage detected