From f9dde4a9f8a90c63f71172c9bc515b0f6c6d2e4a Mon Sep 17 00:00:00 2001
From: Diamond Lewis <findlewis@gmail.com>
Date: Mon, 25 Dec 2023 13:40:49 -0600
Subject: [PATCH] feat: Allow `Parse.Session.current` on expired session token
 instead of throwing error (#8722)

BREAKING CHANGE: `Parse.Session.current()` no longer throws an error if the session token is expired, but instead returns the session token with its expiration date to allow checking its validity
---
 spec/ParseUser.spec.js | 29 +++++++++++++++++++++++++++++
 src/middlewares.js     |  2 +-
 2 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/spec/ParseUser.spec.js b/spec/ParseUser.spec.js
index 99439e3803..43351f630c 100644
--- a/spec/ParseUser.spec.js
+++ b/spec/ParseUser.spec.js
@@ -3224,6 +3224,35 @@ describe('Parse.User testing', () => {
       .catch(done.fail);
   });
 
+  it('should return current session with expired expiration date', async () => {
+    await Parse.User.signUp('buser', 'somepass', null);
+    const response = await request({
+      method: 'GET',
+      url: 'http://localhost:8378/1/classes/_Session',
+      headers: {
+        'X-Parse-Application-Id': 'test',
+        'X-Parse-Master-Key': 'test',
+      },
+    });
+    const body = response.data;
+    const id = body.results[0].objectId;
+    const expiresAt = new Date(new Date().setYear(2015));
+    await request({
+      method: 'PUT',
+      url: 'http://localhost:8378/1/classes/_Session/' + id,
+      headers: {
+        'X-Parse-Application-Id': 'test',
+        'X-Parse-Master-Key': 'test',
+        'Content-Type': 'application/json',
+      },
+      body: {
+        expiresAt: { __type: 'Date', iso: expiresAt.toISOString() },
+      },
+    });
+    const session = await Parse.Session.current();
+    expect(session.get('expiresAt')).toEqual(expiresAt);
+  });
+
   it('should not create extraneous session tokens', done => {
     const config = Config.get(Parse.applicationId);
     config.database
diff --git a/src/middlewares.js b/src/middlewares.js
index 9319130188..d4edb37760 100644
--- a/src/middlewares.js
+++ b/src/middlewares.js
@@ -342,7 +342,7 @@ const handleRateLimit = async (req, res, next) => {
 export const handleParseSession = async (req, res, next) => {
   try {
     const info = req.info;
-    if (req.auth) {
+    if (req.auth || req.url === '/sessions/me') {
       next();
       return;
     }