From 675b1043c4fb950ca4edc337b659ccdabb19dc2d Mon Sep 17 00:00:00 2001
From: Francis Lessard <flessard@propage.com>
Date: Sat, 27 Feb 2016 06:41:31 -0500
Subject: [PATCH 1/2] Fix become on non existing user

Fix bug where become return invalid session if the pointer to user
doesn't exist
---
 spec/ParseUser.spec.js     | 35 +++++++++++++++++++++++++++++++++++
 src/Routers/UsersRouter.js |  3 ++-
 2 files changed, 37 insertions(+), 1 deletion(-)

diff --git a/spec/ParseUser.spec.js b/spec/ParseUser.spec.js
index 424e4207f0..4e69394b81 100644
--- a/spec/ParseUser.spec.js
+++ b/spec/ParseUser.spec.js
@@ -122,6 +122,41 @@ describe('Parse.User testing', () => {
     });
   });
 
+  it("become on non existing user", (done) => {
+    var user = null;
+    var sessionToken = null;
+    var userPointer = null;
+
+    Parse.Promise.as().then(function() {
+      return Parse.User.signUp("9090", "-----");
+
+    }).then(function(newUser) {
+      equal(Parse.User.current(), newUser);
+
+      user = newUser;
+      userPointer = user.toPointer();
+      sessionToken = newUser.getSessionToken();
+      ok(sessionToken);
+
+            var u = Parse.Object.fromJSON(userPointer);
+      return u.destroy({useMasterKey:true});
+
+    }).then(function() {
+      return Parse.User.become(sessionToken);
+    }).then((user) => {
+      ok(false, "Shouldn't have been able to log in with non existing user.");
+    }, function(error) {
+      ok(error);
+      console.log(error);
+      return Parse.Promise.as();
+    }).then(function() {
+      done();
+    }, function(error) {
+      ok(false, error);
+      done();
+    });
+  });
+
   it("become", (done) => {
     var user = null;
     var sessionToken = null;
diff --git a/src/Routers/UsersRouter.js b/src/Routers/UsersRouter.js
index 592bdc0b0a..8876901c7e 100644
--- a/src/Routers/UsersRouter.js
+++ b/src/Routers/UsersRouter.js
@@ -47,9 +47,10 @@ export class UsersRouter extends ClassesRouter {
       { _session_token: sessionToken },
       { include: 'user' })
       .then((response) => {
+        
         if (!response.results ||
           response.results.length == 0 ||
-          !response.results[0].user) {
+          !response.results[0].user || ( response.results[0].user.__type && response.results[0].user.__type === 'Pointer' ) ) {
           throw new Parse.Error(Parse.Error.INVALID_SESSION_TOKEN, 'invalid session token');
         } else {
           let user = response.results[0].user;

From 3737290b21b3153e2c0cac5282e553df9dfddb9a Mon Sep 17 00:00:00 2001
From: Francis Lessard <flessard@propage.com>
Date: Sat, 27 Feb 2016 07:00:55 -0500
Subject: [PATCH 2/2] Remove  console.log

---
 spec/ParseUser.spec.js | 1 -
 1 file changed, 1 deletion(-)

diff --git a/spec/ParseUser.spec.js b/spec/ParseUser.spec.js
index 4e69394b81..99e95031db 100644
--- a/spec/ParseUser.spec.js
+++ b/spec/ParseUser.spec.js
@@ -147,7 +147,6 @@ describe('Parse.User testing', () => {
       ok(false, "Shouldn't have been able to log in with non existing user.");
     }, function(error) {
       ok(error);
-      console.log(error);
       return Parse.Promise.as();
     }).then(function() {
       done();