Added ParseSession

Author: Fosco Marotto

src/Parse/ParseClient.php

@@ -44,6 +44,11 @@ final class ParseClient
    */
   private static $storage;
 
+  /**
+   * @var - Boolean for enabling revocable sessions.
+   */
+  private static $forceRevocableSession = false;
+
   /**
    * Constant for version string to include with requests.
    * @ignore
@@ -56,7 +61,7 @@ final class ParseClient
    * @param string $app_id                Parse Application ID
    * @param string $rest_key              Parse REST API Key
    * @param string $master_key            Parse Master Key
-   * @param string $enableCurlExceptions  Enable or disable Parse curl exceptions
+   * @param boolean $enableCurlExceptions  Enable or disable Parse curl exceptions
    *
    * @return null
    */
@@ -65,6 +70,7 @@ public static function initialize($app_id, $rest_key, $master_key, $enableCurlEx
     ParseUser::registerSubclass();
     ParseRole::registerSubclass();
     ParseInstallation::registerSubclass();
+    ParseSession::registerSubclass();
     self::$applicationId = $app_id;
     self::$restKey = $rest_key;
     self::$masterKey = $master_key;
@@ -341,6 +347,9 @@ public static function _getRequestHeaders($sessionToken, $useMasterKey)
     } else {
       $headers[] = 'X-Parse-REST-API-Key: ' . self::$restKey;
     }
+    if (self::$forceRevocableSession) {
+      $headers[] = 'X-Parse-Revocable-Session: 1';
+    }
     /**
      * Set an empty Expect header to stop the 100-continue behavior for post
      *   data greater than 1024 bytes.
@@ -384,4 +393,16 @@ public static function getLocalPushDateFormat($value)
     $date = date_format($value, $dateFormatString);
     return $date;
   }
+
+  /**
+   * Allows an existing application to start using revocable sessions, without forcing
+   * all requests for the app to use them.  After calling this method, login & signup requests
+   * will be returned a unique and revocable session token.
+   *
+   */
+  public static function enableRevocableSessions()
+  {
+    self::$forceRevocableSession = true;
+  }
+
 }

src/Parse/ParseObject.php

@@ -532,7 +532,7 @@ public function _mergeAfterFetchWithSelectedKeys($result, $selectedKeys)
   private function mergeFromServer($data, $completeData = true)
   {
     $this->hasBeenFetched = ($this->hasBeenFetched || $completeData) ? true : false;
-    $this->mergeMagicFields($data);
+    $this->_mergeMagicFields($data);
     foreach ($data as $key => $value) {
       if ($key === '__type' && $value === 'className') {
         continue;
@@ -567,7 +567,7 @@ private function mergeFromServer($data, $completeData = true)
    *
    * @return null
    */
-  private function mergeMagicFields(&$data)
+  public function _mergeMagicFields(&$data)
   {
     if (isset($data['objectId'])) {
       $this->objectId = $data['objectId'];

src/Parse/ParseSession.php

@@ -0,0 +1,90 @@
+<?php
+
+namespace Parse;
+
+use Parse\ParseObject;
+use Parse\ParseUser;
+
+/**
+ * ParseSession - Representation of an expiring user session
+ *
+ * @package  Parse
+ * @author   Fosco Marotto <fjm@fb.com>
+ */
+class ParseSession extends ParseObject
+{
+
+  public static $parseClassName = "_Session";
+
+  private $_sessionToken = null;
+
+  /**
+   * Returns the session token string.
+   *
+   * @return string
+   */
+  public function getSessionToken()
+  {
+    return $this->_sessionToken;
+  }
+
+  /**
+   * Retrieves the Session object for the currently logged in user.
+   *
+   * @param boolean $useMasterKey If the Master Key should be used to override security
+   *
+   * @return ParseSession
+   */
+  public static function getCurrentSession($useMasterKey = false)
+  {
+    $session = new ParseSession();
+    $token = ParseUser::getCurrentUser()->getSessionToken();
+    $response = ParseClient::_request('GET', '/1/sessions/me', $token, null, $useMasterKey);
+    $session->_mergeAfterFetch($response);
+    $session->handleSaveResult();
+    return $session;
+  }
+
+
+  /**
+   * Determines whether the current session token is revocable.
+   * This method is useful for migrating an existing app to use
+   * revocable sessions.
+   *
+   * @return boolean
+   */
+  public static function isCurrentSessionRevocable()
+  {
+    $user = ParseUser::getCurrentUser();
+    if ($user) {
+      return self::_isRevocable($user->getSessionToken());
+    }
+  }
+
+  /**
+   * Determines whether a session token is revocable.
+   *
+   * @param string $token The session token to check
+   *
+   * @return boolean
+   */
+  public static function _isRevocable($token)
+  {
+    return strpos($token, "r:") === 0;
+  }
+
+  /**
+   * After a save, perform Session object specific logic.
+   *
+   * @return null
+   */
+  private function handleSaveResult()
+  {
+    if (isset($this->serverData['sessionToken'])) {
+      $this->_sessionToken = $this->serverData['sessionToken'];
+      unset($this->serverData['sessionToken']);
+    }
+    $this->rebuildEstimatedData();
+  }
+
+}

src/Parse/ParseUser.php

@@ -162,13 +162,19 @@ public static function become($sessionToken)
 
   /**
    * Log out the current user.  This will clear the storage and future calls
-   *   to current will return null
+   *   to current will return null.
+   * This will make a network request to /1/logout to invalidate the session
    *
    * @return null
    */
   public static function logOut()
   {
     if (ParseUser::getCurrentUser()) {
+      try {
+        $result = ParseClient::_request('GET', '/1/logout');
+      } catch (ParseException $ex) {
+        // If this fails, we're going to ignore it.
+      }
       static::$currentUser = null;
     }
     ParseClient::getStorage()->remove('user');