fix: improve security by deprecating creating users with public access by default (#7319)

2021-10-08 14:24:20 +11:00
parent 2b5bf2261b
commit 484c2e81ca
10 changed files with 86 additions and 28 deletions
--- a/src/Config.js
+++ b/src/Config.js
@@ -75,6 +75,7 @@ export class Config {
    fileUpload,
    pages,
    security,
+    enforcePrivateUsers,
  }) {
    if (masterKey === readOnlyMasterKey) {
      throw new Error('masterKey and readOnlyMasterKey should be different');
@@ -111,6 +112,13 @@ export class Config {
    this.validateIdempotencyOptions(idempotencyOptions);
    this.validatePagesOptions(pages);
    this.validateSecurityOptions(security);
+    this.validateEnforcePrivateUsers(enforcePrivateUsers);
+  }
+
+  static validateEnforcePrivateUsers(enforcePrivateUsers) {
+    if (typeof enforcePrivateUsers !== 'boolean') {
+      throw 'Parse Server option enforcePrivateUsers must be a boolean.';
+    }
  }

  static validateSecurityOptions(security) {