Add filter sensitive fields logic that apply CLPs\nAdd protectedFields CLP\nAdd defaults for protectedFields CLP\nFix tests

2019-01-29 08:52:49 +00:00
parent b343de0c70
commit 0dec4931a0
7 changed files with 122 additions and 13 deletions
--- a/src/ParseServer.js
+++ b/src/ParseServer.js
@@ -333,6 +333,8 @@ function addParseCloud() {
 }

 function injectDefaults(options: ParseServerOptions) {
+  const hasProtectedFields = !!options.protectedFields;
+
  Object.keys(defaults).forEach(key => {
    if (!options.hasOwnProperty(key)) {
      options[key] = defaults[key];
@@ -344,15 +346,40 @@ function injectDefaults(options: ParseServerOptions) {
  }

  // Backwards compatibility
-  if (!options.protectedFields && options.userSensitiveFields) {
+  if (!hasProtectedFields && options.userSensitiveFields) {
    /* eslint-disable no-console */
-    console.warn(
-      `\nDEPRECATED: userSensitiveFields has been replaced by protectedFields allowing the ability to protect fields in all classes with CLP. \n`
+    !process.env.TESTING &&
+      console.warn(
+        `\nDEPRECATED: userSensitiveFields has been replaced by protectedFields allowing the ability to protect fields in all classes with CLP. \n`
+      );
+
+    const userSensitiveFields = Array.from(
+      new Set([
+        ...(defaults.userSensitiveFields || []),
+        ...(options.userSensitiveFields || []),
+      ])
    );
+
    /* eslint-enable no-console */
-    options.protectedFields = { _User: { '*': options.userSensitiveFields } };
+    options.protectedFields = { _User: { '*': userSensitiveFields } };
  }

+  // Merge protectedFields options with defaults.
+  Object.keys(defaults.protectedFields).forEach(c => {
+    const cur = options.protectedFields[c];
+    if (!cur) {
+      options.protectedFields[c] = defaults.protectedFields[c];
+    } else {
+      Object.keys(defaults.protectedFields[c]).forEach(r => {
+        const unq = new Set([
+          ...(options.protectedFields[c][r] || []),
+          ...defaults.protectedFields[c][r],
+        ]);
+        options.protectedFields[c][r] = Array.from(unq);
+      });
+    }
+  });
+
  options.masterKeyIps = Array.from(
    new Set(
      options.masterKeyIps.concat(defaults.masterKeyIps, options.masterKeyIps)