From da7861988b6caa00a05000e035399f7ae3d01699 Mon Sep 17 00:00:00 2001
From: Benjamin Friedman <friedman.benjamin@gmail.com>
Date: Wed, 8 Nov 2017 15:00:09 -0800
Subject: [PATCH 1/2] remove session token replacement code

---
 spec/ParseSession.spec.js    | 48 ++++++++++++++++++++++++++++++++++++
 src/Routers/ClassesRouter.js |  7 ------
 2 files changed, 48 insertions(+), 7 deletions(-)
 create mode 100644 spec/ParseSession.spec.js

diff --git a/spec/ParseSession.spec.js b/spec/ParseSession.spec.js
new file mode 100644
index 0000000000..6c0ee85115
--- /dev/null
+++ b/spec/ParseSession.spec.js
@@ -0,0 +1,48 @@
+//
+// Tests behavior of Parse Sessions
+//
+
+"use strict";
+
+describe('Parse.Session', () => {
+  it('on query all should retain original sessionTokens with masterKey & sessionToken set', (done) => {
+    // sign up a few users
+    const user1 = new Parse.User();
+    const user2 = new Parse.User();
+    const user3 = new Parse.User();
+
+    user1.set("username", "testuser_1");
+    user2.set("username", "testuser_2");
+    user3.set("username", "testuser_3");
+
+    user1.set("password", "password");
+    user2.set("password", "password");
+    user3.set("password", "password");
+
+    return user1.signUp().then(() => {
+      return user2.signUp();
+    }).then(() => {
+      return user3.signUp();
+    }).then((user) => {
+      const query = new Parse.Query(Parse.Session);
+      return query.find({
+        useMasterKey: true,
+        sessionToken: user.get('sessionToken')
+      });
+    }).then((results) => {
+      const foundKeys = [];
+      for(const key in results) {
+        const sessionToken = results[key].get('sessionToken');
+        if(foundKeys[sessionToken]) {
+          fail('Duplicate session token present in response');
+          break;
+        }
+        foundKeys[sessionToken] = 1;
+      }
+      done();
+    }).catch((err) => {
+      fail(err);
+    });
+  })
+
+});
diff --git a/src/Routers/ClassesRouter.js b/src/Routers/ClassesRouter.js
index 6801f3bc1c..a9cb49333f 100644
--- a/src/Routers/ClassesRouter.js
+++ b/src/Routers/ClassesRouter.js
@@ -27,13 +27,6 @@ export class ClassesRouter extends PromiseRouter {
     }
     return rest.find(req.config, req.auth, this.className(req), body.where, options, req.info.clientSDK)
       .then((response) => {
-        if (response && response.results) {
-          for (const result of response.results) {
-            if (result.sessionToken) {
-              result.sessionToken = req.info.sessionToken || result.sessionToken;
-            }
-          }
-        }
         return { response: response };
       });
   }

From 43ed3459f3e9ef70de149cd7fd1164fc8717b52a Mon Sep 17 00:00:00 2001
From: Benjamin Friedman <friedman.benjamin@gmail.com>
Date: Thu, 16 Nov 2017 23:05:03 -0800
Subject: [PATCH 2/2] adds cases for _User/_Session with sessionToken and
 with/without masterKey

---
 spec/ParseSession.spec.js | 118 +++++++++++++++++++++++++++++++-------
 1 file changed, 98 insertions(+), 20 deletions(-)

diff --git a/spec/ParseSession.spec.js b/spec/ParseSession.spec.js
index 6c0ee85115..c69710a307 100644
--- a/spec/ParseSession.spec.js
+++ b/spec/ParseSession.spec.js
@@ -4,26 +4,31 @@
 
 "use strict";
 
+function setupTestUsers() {
+  const user1 = new Parse.User();
+  const user2 = new Parse.User();
+  const user3 = new Parse.User();
+
+  user1.set("username", "testuser_1");
+  user2.set("username", "testuser_2");
+  user3.set("username", "testuser_3");
+
+  user1.set("password", "password");
+  user2.set("password", "password");
+  user3.set("password", "password");
+
+  return user1.signUp().then(() => {
+    return user2.signUp();
+  }).then(() => {
+    return user3.signUp();
+  })
+}
+
 describe('Parse.Session', () => {
-  it('on query all should retain original sessionTokens with masterKey & sessionToken set', (done) => {
-    // sign up a few users
-    const user1 = new Parse.User();
-    const user2 = new Parse.User();
-    const user3 = new Parse.User();
-
-    user1.set("username", "testuser_1");
-    user2.set("username", "testuser_2");
-    user3.set("username", "testuser_3");
-
-    user1.set("password", "password");
-    user2.set("password", "password");
-    user3.set("password", "password");
-
-    return user1.signUp().then(() => {
-      return user2.signUp();
-    }).then(() => {
-      return user3.signUp();
-    }).then((user) => {
+
+  // multiple sessions with masterKey + sessionToken
+  it('should retain original sessionTokens with masterKey & sessionToken set', (done) => {
+    setupTestUsers().then((user) => {
       const query = new Parse.Query(Parse.Session);
       return query.find({
         useMasterKey: true,
@@ -31,6 +36,7 @@ describe('Parse.Session', () => {
       });
     }).then((results) => {
       const foundKeys = [];
+      expect(results.length).toBe(3);
       for(const key in results) {
         const sessionToken = results[key].get('sessionToken');
         if(foundKeys[sessionToken]) {
@@ -43,6 +49,78 @@ describe('Parse.Session', () => {
     }).catch((err) => {
       fail(err);
     });
-  })
+  });
+
+  // single session returned, with just one sessionToken
+  it('should retain original sessionTokens with just sessionToken set', (done) => {
+    let knownSessionToken;
+    setupTestUsers().then((user) => {
+      knownSessionToken = user.get('sessionToken');
+      const query = new Parse.Query(Parse.Session);
+      return query.find({
+        sessionToken: knownSessionToken
+      });
+    }).then((results) => {
+      expect(results.length).toBe(1);
+      const sessionToken = results[0].get('sessionToken');
+      expect(sessionToken).toBe(knownSessionToken);
+      done();
+    }).catch((err) => {
+      fail(err);
+    });
+  });
+
+  // multiple users with masterKey + sessionToken
+  it('token on users should retain original sessionTokens with masterKey & sessionToken set', (done) => {
+    setupTestUsers().then((user) => {
+      const query = new Parse.Query(Parse.User);
+      return query.find({
+        useMasterKey: true,
+        sessionToken: user.get('sessionToken')
+      });
+    }).then((results) => {
+      const foundKeys = [];
+      expect(results.length).toBe(3);
+      for(const key in results) {
+        const sessionToken = results[key].get('sessionToken');
+        if(foundKeys[sessionToken] && sessionToken !== undefined) {
+          fail('Duplicate session token present in response');
+          break;
+        }
+        foundKeys[sessionToken] = 1;
+      }
+      done();
+    }).catch((err) => {
+      fail(err);
+    });
+  });
+
+  // multiple users with just sessionToken
+  it('token on users should retain original sessionTokens with just sessionToken set', (done) => {
+    let knownSessionToken;
+    setupTestUsers().then((user) => {
+      knownSessionToken = user.get('sessionToken');
+      const query = new Parse.Query(Parse.User);
+      return query.find({
+        sessionToken: knownSessionToken
+      });
+    }).then((results) => {
+      const foundKeys = [];
+      expect(results.length).toBe(3);
+      for(const key in results) {
+        const sessionToken = results[key].get('sessionToken');
+        if(foundKeys[sessionToken] && sessionToken !== undefined) {
+          fail('Duplicate session token present in response');
+          break;
+        }
+        foundKeys[sessionToken] = 1;
+      }
+
+
+      done();
+    }).catch((err) => {
+      fail(err);
+    });
+  });
 
 });