forked from parse-community/parse-server
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: Remove deprecation
DEPPS3
: Config option `enforcePrivateUsers…
…` defaults to `true` (parse-community#8283) BREAKING CHANGE: The Parse Server option `enforcePrivateUsers` is set to `true` by default; in previous releases this option defaults to `false`; this change improves the default security configuration of Parse Server (parse-community#8283)
- Loading branch information
Showing
12 changed files
with
85 additions
and
17 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -292,30 +292,37 @@ describe('ParseGraphQLServer', () => { | |
let objects = []; | ||
|
||
async function prepareData() { | ||
const acl = new Parse.ACL(); | ||
acl.setPublicReadAccess(true); | ||
user1 = new Parse.User(); | ||
user1.setUsername('user1'); | ||
user1.setPassword('user1'); | ||
user1.setEmail('[email protected]'); | ||
user1.setACL(acl); | ||
await user1.signUp(); | ||
|
||
user2 = new Parse.User(); | ||
user2.setUsername('user2'); | ||
user2.setPassword('user2'); | ||
user2.setACL(acl); | ||
await user2.signUp(); | ||
|
||
user3 = new Parse.User(); | ||
user3.setUsername('user3'); | ||
user3.setPassword('user3'); | ||
user3.setACL(acl); | ||
await user3.signUp(); | ||
|
||
user4 = new Parse.User(); | ||
user4.setUsername('user4'); | ||
user4.setPassword('user4'); | ||
user4.setACL(acl); | ||
await user4.signUp(); | ||
|
||
user5 = new Parse.User(); | ||
user5.setUsername('user5'); | ||
user5.setPassword('user5'); | ||
user5.setACL(acl); | ||
await user5.signUp(); | ||
|
||
const roleACL = new Parse.ACL(); | ||
|
@@ -7066,6 +7073,11 @@ describe('ParseGraphQLServer', () => { | |
}, | ||
}, | ||
}, | ||
context: { | ||
headers: { | ||
'X-Parse-Master-Key': 'test', | ||
}, | ||
}, | ||
}); | ||
|
||
expect(result.data.createUser.clientMutationId).toEqual(clientMutationId); | ||
|
@@ -7123,6 +7135,7 @@ describe('ParseGraphQLServer', () => { | |
username: 'user2', | ||
password: 'user2', | ||
someField: 'someValue2', | ||
ACL: { public: { read: true, write: true } }, | ||
}, | ||
}, | ||
someField: 'someValue', | ||
|
@@ -7195,6 +7208,7 @@ describe('ParseGraphQLServer', () => { | |
username: 'user2', | ||
password: 'user2', | ||
someField: 'someValue2', | ||
ACL: { public: { read: true, write: true } }, | ||
}, | ||
}, | ||
}, | ||
|
@@ -8308,19 +8322,21 @@ describe('ParseGraphQLServer', () => { | |
const someClass = new Parse.Object('SomeClass'); | ||
await someClass.save(); | ||
|
||
const roleACL = new Parse.ACL(); | ||
roleACL.setPublicReadAccess(true); | ||
|
||
const user = new Parse.User(); | ||
user.set('username', 'username'); | ||
user.set('password', 'password'); | ||
user.setACL(roleACL); | ||
await user.signUp(); | ||
|
||
const user2 = new Parse.User(); | ||
user2.set('username', 'username2'); | ||
user2.set('password', 'password2'); | ||
user2.setACL(roleACL); | ||
await user2.signUp(); | ||
|
||
const roleACL = new Parse.ACL(); | ||
roleACL.setPublicReadAccess(true); | ||
|
||
const role = new Parse.Role('aRole', roleACL); | ||
await role.save(); | ||
|
||
|
@@ -10597,6 +10613,9 @@ describe('ParseGraphQLServer', () => { | |
const user = new Parse.User(); | ||
user.setUsername('user1'); | ||
user.setPassword('user1'); | ||
const acl = new Parse.ACL(); | ||
acl.setPublicReadAccess(true); | ||
user.setACL(acl); | ||
await user.signUp(); | ||
|
||
await parseGraphQLServer.parseGraphQLSchema.schemaCache.clear(); | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -196,14 +196,13 @@ describe('Parse.User testing', () => { | |
const ACL = user.getACL(); | ||
expect(ACL.getReadAccess(user)).toBe(true); | ||
expect(ACL.getWriteAccess(user)).toBe(true); | ||
expect(ACL.getPublicReadAccess()).toBe(true); | ||
expect(ACL.getPublicReadAccess()).toBe(false); | ||
expect(ACL.getPublicWriteAccess()).toBe(false); | ||
const perms = ACL.permissionsById; | ||
expect(Object.keys(perms).length).toBe(2); | ||
expect(Object.keys(perms).length).toBe(1); | ||
expect(perms[user.id].read).toBe(true); | ||
expect(perms[user.id].write).toBe(true); | ||
expect(perms['*'].read).toBe(true); | ||
expect(perms['*'].write).not.toBe(true); | ||
expect(perms['*']).toBeUndefined(); | ||
done(); | ||
}); | ||
|
||
|
@@ -875,8 +874,8 @@ describe('Parse.User testing', () => { | |
kevin.set('password', 'mypass'); | ||
await kevin.signUp(); | ||
const query = new Parse.Query(Parse.User); | ||
const count = await query.count(); | ||
equal(count, 2); | ||
const count = await query.find({ useMasterKey: true }); | ||
equal(count.length, 2); | ||
done(); | ||
}); | ||
|
||
|
@@ -2153,7 +2152,15 @@ describe('Parse.User testing', () => { | |
}); | ||
|
||
it("querying for users doesn't get session tokens", done => { | ||
Parse.User.signUp('finn', 'human', { foo: 'bar' }) | ||
const user = new Parse.User(); | ||
user.set('username', 'finn'); | ||
user.set('password', 'human'); | ||
user.set('foo', 'bar'); | ||
const acl = new Parse.ACL(); | ||
acl.setPublicReadAccess(true); | ||
user.setACL(acl); | ||
user | ||
.signUp() | ||
.then(function () { | ||
return Parse.User.logOut(); | ||
}) | ||
|
@@ -2162,6 +2169,9 @@ describe('Parse.User testing', () => { | |
user.set('username', 'jake'); | ||
user.set('password', 'dog'); | ||
user.set('foo', 'baz'); | ||
const acl = new Parse.ACL(); | ||
acl.setPublicReadAccess(true); | ||
user.setACL(acl); | ||
return user.signUp(); | ||
}) | ||
.then(function () { | ||
|
@@ -2188,7 +2198,14 @@ describe('Parse.User testing', () => { | |
}); | ||
|
||
it('querying for users only gets the expected fields', done => { | ||
Parse.User.signUp('finn', 'human', { foo: 'bar' }).then(() => { | ||
const user = new Parse.User(); | ||
user.setUsername('finn'); | ||
user.setPassword('human'); | ||
user.set('foo', 'bar'); | ||
const acl = new Parse.ACL(); | ||
acl.setPublicReadAccess(true); | ||
user.setACL(acl); | ||
user.signUp().then(() => { | ||
request({ | ||
headers: { | ||
'X-Parse-Application-Id': 'test', | ||
|
@@ -3426,6 +3443,9 @@ describe('Parse.User testing', () => { | |
password: 'world', | ||
email: '[email protected]', | ||
}); | ||
const acl = new Parse.ACL(); | ||
acl.setPublicReadAccess(true); | ||
user.setACL(acl); | ||
|
||
reconfigureServer({ | ||
appName: 'unused', | ||
|
@@ -4057,6 +4077,12 @@ describe('Parse.User testing', () => { | |
silent: true, | ||
}); | ||
|
||
Parse.Cloud.beforeSave(Parse.User, ({ object }) => { | ||
const acl = new Parse.ACL(); | ||
acl.setPublicReadAccess(true); | ||
object.setACL(acl); | ||
}); | ||
|
||
const query = new Parse.Query(Parse.User); | ||
query.doesNotExist('foo'); | ||
const subscription = await query.subscribe(); | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -13,6 +13,9 @@ describe('ProtectedFields', function () { | |
user.setPassword('sekrit'); | ||
user.set('email', '[email protected]'); | ||
user.set('favoriteColor', 'yellow'); | ||
const acl = new Parse.ACL(); | ||
acl.setPublicReadAccess(true); | ||
user.setACL(acl); | ||
await user.save(); | ||
|
||
const fetched = await new Parse.Query(Parse.User).get(user.id); | ||
|
@@ -35,6 +38,9 @@ describe('ProtectedFields', function () { | |
user.set('timeZone', 'America/Los_Angeles'); | ||
user.set('favoriteColor', 'yellow'); | ||
user.set('favoriteFood', 'pizza'); | ||
const acl = new Parse.ACL(); | ||
acl.setPublicReadAccess(true); | ||
user.setACL(acl); | ||
await user.save(); | ||
|
||
const fetched = await new Parse.Query(Parse.User).get(user.id); | ||
|
@@ -57,6 +63,9 @@ describe('ProtectedFields', function () { | |
user.set('timeZone', 'America/Los_Angeles'); | ||
user.set('favoriteColor', 'yellow'); | ||
user.set('favoriteFood', 'pizza'); | ||
const acl = new Parse.ACL(); | ||
acl.setPublicReadAccess(true); | ||
user.setACL(acl); | ||
await user.save(); | ||
|
||
const fetched = await new Parse.Query(Parse.User).get(user.id); | ||
|
@@ -108,6 +117,9 @@ describe('ProtectedFields', function () { | |
user.set('timeZone', 'America/Los_Angeles'); | ||
user.set('favoriteColor', 'yellow'); | ||
user.set('favoriteFood', 'pizza'); | ||
const acl = new Parse.ACL(); | ||
acl.setPublicReadAccess(true); | ||
user.setACL(acl); | ||
await user.save(); | ||
|
||
const objA = await new Parse.Object('ClassA').set('foo', 'zzz').set('bar', 'yyy').save(); | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters