Merge pull request #373 from flessard/session-token

Fix : Session token issue

Author: gfosco

spec/ParseUser.spec.js

@@ -1358,6 +1358,25 @@ describe('Parse.User testing', () => {
     });
   });
 
+  it('retrieve user data from fetch, make sure the session token hasn\'t changed', (done) => {
+    var user = new Parse.User();
+    user.setPassword("asdf");
+    user.setUsername("zxcv");
+    var currentSessionToken = "";
+    Parse.Promise.as().then(function() {
+        return user.signUp();
+    }).then(function(){
+        currentSessionToken = user.getSessionToken();
+        return user.fetch();
+    }).then(function(u){
+        expect(currentSessionToken).toEqual(u.getSessionToken());
+        done();
+    }, function(error) {
+      ok(false, error);
+      done();
+    })
+  });
+
   it('user save should fail with invalid email', (done) => {
     var user = new Parse.User();
     user.set('username', 'teste');

src/RestQuery.js

@@ -415,6 +415,11 @@ function includePath(config, auth, response, path) {
     for (var obj of includeResponse.results) {
       obj.__type = 'Object';
       obj.className = className;
+
+      if(className == "_User"){
+        delete obj.sessionToken;
+      }
+
       replace[obj.objectId] = obj;
     }
     var resp = {

src/Routers/ClassesRouter.js

@@ -51,6 +51,11 @@ export class ClassesRouter {
         if (!response.results || response.results.length == 0) {
           throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Object not found.');
         }
+        
+        if(req.params.className === "_User"){
+          delete response.results[0].sessionToken;
+        }
+
         return { response: response.results[0] };
       });
   }