From c4be51d7348e8c71add3373d6688870b2ecc5a58 Mon Sep 17 00:00:00 2001
From: Fosco Marotto <gfosco@gmail.com>
Date: Thu, 4 Feb 2016 19:18:33 -0800
Subject: [PATCH 1/3] Removed extra /logout handler

---
 src/sessions.js | 26 +-------------------------
 1 file changed, 1 insertion(+), 25 deletions(-)

diff --git a/src/sessions.js b/src/sessions.js
index 30290a9d52..b979de4513 100644
--- a/src/sessions.js
+++ b/src/sessions.js
@@ -41,29 +41,6 @@ function handleGet(req) {
   });
 }
 
-function handleLogout(req) {
-  // TODO: Verify correct behavior for logout without token
-  if (!req.info || !req.info.sessionToken) {
-    throw new Parse.Error(Parse.Error.SESSION_MISSING,
-                          'Session token required for logout.');
-  }
-  return rest.find(req.config, Auth.master(req.config), '_Session',
-                  { _session_token: req.info.sessionToken})
-  .then((response) => {
-    if (!response.results || response.results.length == 0) {
-      throw new Parse.Error(Parse.Error.INVALID_SESSION_TOKEN,
-                            'Session token not found.');
-    }
-    return rest.del(req.config, Auth.master(req.config), '_Session',
-                    response.results[0].objectId);
-  }).then(() => {
-    return {
-      status: 200,
-      response: {}
-    };
-  });
-}
-
 function handleFind(req) {
   var options = {};
   if (req.body.skip) {
@@ -111,7 +88,6 @@ function handleMe(req) {
   });
 }
 
-router.route('POST', '/logout', handleLogout);
 router.route('POST','/sessions', handleCreate);
 router.route('GET','/sessions/me', handleMe);
 router.route('GET','/sessions/:objectId', handleGet);
@@ -119,4 +95,4 @@ router.route('PUT','/sessions/:objectId', handleUpdate);
 router.route('GET','/sessions', handleFind);
 router.route('DELETE','/sessions/:objectId', handleDelete);
 
-module.exports = router;
\ No newline at end of file
+module.exports = router;

From ab12ff76b89558095688e38054681e9e23412544 Mon Sep 17 00:00:00 2001
From: Fosco Marotto <gfosco@gmail.com>
Date: Tue, 9 Feb 2016 15:55:43 -0800
Subject: [PATCH 2/3] Updated logout handling per review.

---
 src/users.js | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/users.js b/src/users.js
index d769b9c5d0..a33c32a74d 100644
--- a/src/users.js
+++ b/src/users.js
@@ -167,14 +167,17 @@ function handleDelete(req) {
 function handleLogOut(req) {
   var success = {response: {}};
   if (req.info && req.info.sessionToken) {
-    rest.find(req.config, Auth.master(req.config), '_Session',
+    return rest.find(req.config, Auth.master(req.config), '_Session',
       {_session_token: req.info.sessionToken}
     ).then((records) => {
       if (records.results && records.results.length) {
-        rest.del(req.config, Auth.master(req.config), '_Session',
-          records.results[0].id
-        );
+        return rest.del(req.config, Auth.master(req.config), '_Session',
+          records.results[0].objectId
+        ).then(() => {
+          return Promise.resolve(success);
+        });
       }
+      return Promise.resolve(success);
     });
   }
   return Promise.resolve(success);

From dee640c7d029da5cdf0852b5108433024e9d1e45 Mon Sep 17 00:00:00 2001
From: Fosco Marotto <gfosco@gmail.com>
Date: Wed, 10 Feb 2016 14:52:42 -0800
Subject: [PATCH 3/3] Added logout test and fixed error in restwrite

---
 spec/ParseUser.spec.js | 22 ++++++++++++++++++++++
 src/RestWrite.js       |  2 +-
 2 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/spec/ParseUser.spec.js b/spec/ParseUser.spec.js
index c9f25bd84d..d339de7b42 100644
--- a/spec/ParseUser.spec.js
+++ b/spec/ParseUser.spec.js
@@ -1576,5 +1576,27 @@ describe('Parse.User testing', () => {
     });
   });
 
+  it('ensure logout works', (done) => {
+    var user = null;
+    var sessionToken = null;
+
+    Parse.Promise.as().then(function() {
+      return Parse.User.signUp('log', 'out');
+    }).then((newUser) => {
+      user = newUser;
+      sessionToken = user.getSessionToken();
+      return Parse.User.logOut();
+    }).then(() => {
+      user.set('foo', 'bar');
+      return user.save(null, { sessionToken: sessionToken });
+    }).then(() => {
+      fail('Save should have failed.');
+      done();
+    }, (e) => {
+      expect(e.code).toEqual(Parse.Error.SESSION_MISSING);
+      done();
+    });
+  })
+
 });
 
diff --git a/src/RestWrite.js b/src/RestWrite.js
index 446a2db9a2..77a971c36b 100644
--- a/src/RestWrite.js
+++ b/src/RestWrite.js
@@ -637,7 +637,7 @@ RestWrite.prototype.runDatabaseOperation = function() {
       this.query &&
       !this.auth.couldUpdateUserId(this.query.objectId)) {
     throw new Parse.Error(Parse.Error.SESSION_MISSING,
-                          'cannot modify user ' + this.objectId);
+                          'cannot modify user ' + this.query.objectId);
   }
 
   // TODO: Add better detection for ACL, ensuring a user can't be locked from