From a782e124e605a6b705cd84d3b84f0adf90582c96 Mon Sep 17 00:00:00 2001
From: michael shanks <mike@budibase.com>
Date: Fri, 21 Jun 2019 14:00:24 +0100
Subject: [PATCH] tests passing...

---
 packages/core                                 |  2 +-
 packages/datastores/datastores/local.js       |  2 +-
 packages/server/middleware/routers.js         |  6 +++++-
 packages/server/tests/authenticate.js         |  2 +-
 .../server/utilities/masterAppInternal.js     | 21 +++++++++++++------
 5 files changed, 23 insertions(+), 10 deletions(-)

diff --git a/packages/core b/packages/core
index 29318b29d3..b372ad7403 160000
--- a/packages/core
+++ b/packages/core
@@ -1 +1 @@
-Subproject commit 29318b29d35ac8d8bfb137a5e739a308e01c1829
+Subproject commit b372ad7403fa12f92670ef38e7576bc5795006e9
diff --git a/packages/datastores/datastores/local.js b/packages/datastores/datastores/local.js
index 63d3d8dc1f..9dffc03489 100644
--- a/packages/datastores/datastores/local.js
+++ b/packages/datastores/datastores/local.js
@@ -53,7 +53,7 @@ const deleteFolder = root => async (path) =>
 
 const readableFileStream = root => async path => 
     fs.createReadStream(
-        join(root, path), "utf8"
+        join(root, path)
     );
 
 const writableFileStream = root => path => 
diff --git a/packages/server/middleware/routers.js b/packages/server/middleware/routers.js
index 4e91c26e0e..bd2fb1fa40 100644
--- a/packages/server/middleware/routers.js
+++ b/packages/server/middleware/routers.js
@@ -69,7 +69,11 @@ module.exports = (config, app) => {
             pathParts[1],
             ctx.sessionId);
 
-        await next();
+        if(ctx.instance === null) {
+            ctx.response.status = StatusCodes.UNAUTHORIZED;
+        } else {
+            await next();
+        }
     })
     .post("/:appname/api/changeMyPassword", async (ctx) => {
         await ctx.instance.authApi.changeMyPassword(
diff --git a/packages/server/tests/authenticate.js b/packages/server/tests/authenticate.js
index b8e105eedd..f7a86e9589 100644
--- a/packages/server/tests/authenticate.js
+++ b/packages/server/tests/authenticate.js
@@ -88,7 +88,7 @@ module.exports = (app) => {
 
         await app.get("/_master/api/users/")
             .set("cookie", newUserCookie)
-            .expect(statusCodes.FORBIDDEN);
+            .expect(statusCodes.UNAUTHORIZED);
 
         await app.post("/_master/api/authenticate", {
             username: testUserName,
diff --git a/packages/server/utilities/masterAppInternal.js b/packages/server/utilities/masterAppInternal.js
index b9a2cec927..a9e1a7281c 100644
--- a/packages/server/utilities/masterAppInternal.js
+++ b/packages/server/utilities/masterAppInternal.js
@@ -115,15 +115,23 @@ module.exports = async (config) => {
     const getInstanceApiForSession = async (appname, sessionId) => {
         if(isMaster(appname)) {
             const customId = bb.recordApi.customId("mastersession", sessionId);
-            const session = await bb.recordApi.load(`/sessions/${customId}`);
-            return await getApisForSession(masterDatastore, session);
+            try {
+                const session = await bb.recordApi.load(`/sessions/${customId}`);
+                return await getApisForSession(masterDatastore, session);
+            } catch(_) {
+                return null;
+            }
         }
         else {
             const app = await getApplication(appname);
             const customId = bb.recordApi.customId("session", sessionId);
-            const session = await bb.recordApi.load(`/applications/${app.id}/sessions/${customId}`);
-            const instanceDatastore = getInstanceDatastore(session.instanceDatastoreConfig)
-            return await getApisForSession(instanceDatastore, session);
+            try {
+                const session = await bb.recordApi.load(`/applications/${app.id}/sessions/${customId}`);
+                const instanceDatastore = getInstanceDatastore(session.instanceDatastoreConfig)
+                return await getApisForSession(instanceDatastore, session);
+            } catch(_) {
+                return null;
+            }
         }
     };
 
@@ -162,7 +170,8 @@ module.exports = async (config) => {
                 "/mastersessions_by_user",
                 {
                     rangeStartParams:{username}, 
-                    rangeEndParams:{username}
+                    rangeEndParams:{username},
+                    searchPhrase:`username:${username}`
                 }
             );