diff --git a/spec/RestQuery.spec.js b/spec/RestQuery.spec.js index 5635590e68..8e18001cdb 100644 --- a/spec/RestQuery.spec.js +++ b/spec/RestQuery.spec.js @@ -7,9 +7,6 @@ var rest = require('../src/rest'); var querystring = require('querystring'); var request = require('request'); -var DatabaseAdapter = require('../src/DatabaseAdapter'); -var database = DatabaseAdapter.getDatabaseConnection('test', 'test_'); - var config = new Config('test'); var nobody = auth.nobody(config); @@ -38,40 +35,6 @@ describe('rest query', () => { }); }); - describe('query for user w/ legacy credentials', () => { - var data = { - username: 'blah', - password: 'pass', - sessionToken: 'abc123', - } - describe('without masterKey', () => { - it('has them stripped from results', (done) => { - database.create('_User', data).then(() => { - return rest.find(config, nobody, '_User') - }).then((result) => { - var user = result.results[0]; - expect(user.username).toEqual('blah'); - expect(user.sessionToken).toBeUndefined(); - expect(user.password).toBeUndefined(); - done(); - }); - }); - }); - describe('with masterKey', () => { - it('has them stripped from results', (done) => { - database.create('_User', data).then(() => { - return rest.find(config, {isMaster: true}, '_User') - }).then((result) => { - var user = result.results[0]; - expect(user.username).toEqual('blah'); - expect(user.sessionToken).toBeUndefined(); - expect(user.password).toBeUndefined(); - done(); - }); - }); - }); - }); - // Created to test a scenario in AnyPic it('query with include', (done) => { var photo = { diff --git a/src/Controllers/DatabaseController.js b/src/Controllers/DatabaseController.js index 0475c301ac..8643684d4f 100644 --- a/src/Controllers/DatabaseController.js +++ b/src/Controllers/DatabaseController.js @@ -127,13 +127,12 @@ DatabaseController.prototype.untransformObject = function( return object; } - delete object.authData; - delete object.sessionToken; - if (isMaster || (aclGroup.indexOf(object.objectId) > -1)) { return object; } + delete object.authData; + delete object.sessionToken; return object; };