parse-community
feat: Allow logout with invalid session token
Pull Request
- Report security issues confidentially.
- Any contribution is under this license.
- Link this pull request to an issue.
Issue
Currently, if trying to logout with an invalid session token, you will need to catch the error, and call logout again. It can be a bit tedious.
Closes: #307
Approach
Improves clearing session by allowing Parse.User.logOut({ clearSession: true }), which resolves even if invalid session token is returned.
Tasks
- [x] Add tests
Summary by CodeRabbit
-
New Features
- Added an optional setting to the logout process that allows users to specify whether to clear their session if the session token is invalid.
-
Bug Fixes
- Improved handling of invalid session tokens during logout, preventing unnecessary errors when the new session clearing option is enabled.
-
Tests
- Introduced new test cases to verify logout behavior with the session clearing option and invalid session tokens.
-
Documentation
- Updated documentation to reflect the new logout option and its behavior.
I will reformat the title to use the proper commit message syntax.
![parse-github-assistant[bot] avatar](https://avatars.githubusercontent.com/in/136195?v=4 "Published by a pub.dev verified publisher"){kind=small}
Codecov Report
Patch coverage: 87.50% and project coverage change: -0.02% :warning:
Comparison is base (
ca568a6) 100.00% compared to head (96cd284) 99.98%. Report is 1 commits behind head on alpha.
:exclamation: Current head 96cd284 differs from pull request most recent head 173d915. Consider uploading reports for the commit 173d915 to get more accurate results
Additional details and impacted files
@@ Coverage Diff @@
## alpha #1803 +/- ##
===========================================
- Coverage 100.00% 99.98% -0.02%
===========================================
Files 61 61
Lines 6168 6173 +5
Branches 1499 1500 +1
===========================================
+ Hits 6168 6172 +4
- Misses 0 1 +1
| Files Changed | Coverage Δ | |
|---|---|---|
| src/ParseUser.js | 99.81% <87.50%> (-0.19%) |
:arrow_down: |
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
Currently, if trying to logout with an invalid session token, you will need to catch the error, and call logout again.
What would be the difference between the first and second logout request? What makes the first fail and the second succeed?
@dblythy Friendly ping regarding the previous question. If the 1st logout attempt fails, why does the 2nd attempt (after catching the error) succeed?
@dblythy We should add this to the server side like https://github.com/parse-community/parse-server/pull/8722 so that it can work for all SDK's
@mtrezza I have no idea why there is a need to call Parse.User.logOut twice when there is a invalid session error to log out. I've been running into this issue a lot while fixing sessionToken invalid issues.
@dplewis see https://github.com/parse-community/parse-server/issues/7277#issuecomment-801953151