joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

CLP objectId size validation fix (#6332)

Browse Source 
* Relax regex for customId ; allow varying id length

* test

* remove trycatch, fix typo

* de-duplicate test names; test pointer targetclass

* fixed early return; detailed errors for protected
This commit is contained in:
Old Grandpa
2020-01-14 12:01:14 +03:00
committed by Antonio Davi Macedo Coelho de Castro
parent 9842c6ee42
commit 2d257e20a0
4 changed files with 225 additions and 88 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
spec/PointerPermissions.spec.js
View File

@@ -399,7 +399,7 @@ describe('Pointer Permissions', () => {
});
});
it('should prevent creating pointer permission on bad field', done => {
it('should prevent creating pointer permission on bad field (of wrong type)', done => {
const config = Config.get(Parse.applicationId);
config.database
.loadSchema()
@@ -426,7 +426,34 @@ describe('Pointer Permissions', () => {
});
});
it('should prevent creating pointer permission on bad field', done => {
it('should prevent creating pointer permission on bad field (non-user pointer)', done => {
const config = Config.get(Parse.applicationId);
config.database
.loadSchema()
.then(schema => {
return schema.addClassIfNotExists(
'AnObject',
{ owner: { type: 'Pointer', targetClass: '_Session' } },
{
create: {},
writeUserFields: ['owner'],
readUserFields: ['owner'],
}
);
})
.then(() => {
fail('should not succeed');
})
.catch(err => {
expect(err.code).toBe(107);
expect(err.message).toBe(
"'owner' is not a valid column for class level pointer permissions writeUserFields"
);
done();
});
});
it('should prevent creating pointer permission on bad field (non-existing)', done => {
const config = Config.get(Parse.applicationId);
const object = new Parse.Object('AnObject');
object.set('owner', 'value');
@@ -984,7 +1011,7 @@ describe('Pointer Permissions', () => {
);
});
it('should fail with invalid pointer perms', done => {
it('should fail with invalid pointer perms (not array)', done => {
const config = Config.get(Parse.applicationId);
config.database
.loadSchema()
@@ -1002,7 +1029,7 @@ describe('Pointer Permissions', () => {
});
});
it('should fail with invalid pointer perms', done => {
it('should fail with invalid pointer perms (non-existing field)', done => {
const config = Config.get(Parse.applicationId);
config.database
.loadSchema()
@@ -1398,7 +1425,7 @@ describe('Pointer Permissions', () => {
}
});
it('should prevent creating pointer permission on bad field', async done => {
it('should prevent creating pointer permission on bad field (of wrong type)', async done => {
const config = Config.get(Parse.applicationId);
const schema = await config.database.loadSchema();
try {
@@ -1421,7 +1448,7 @@ describe('Pointer Permissions', () => {
}
});
it('should prevent creating pointer permission on bad field', async done => {
it('should prevent creating pointer permission on bad field (non-existing)', async done => {
const config = Config.get(Parse.applicationId);
const object = new Parse.Object('AnObject');
object.set('owners', 'value');
@@ -1955,7 +1982,7 @@ describe('Pointer Permissions', () => {
}
});
it('should fail with invalid pointer perms', async done => {
it('should fail with invalid pointer perms (not array)', async done => {
const config = Config.get(Parse.applicationId);
const schema = await config.database.loadSchema();
try {
@@ -1971,7 +1998,7 @@ describe('Pointer Permissions', () => {
}
});
it('should fail with invalid pointer perms', async done => {
it('should fail with invalid pointer perms (non-existing field)', async done => {
const config = Config.get(Parse.applicationId);
const schema = await config.database.loadSchema();
try {