joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request from GHSA-7pr3-p5fm-8r9x
Some checks failed
docker / build (push) Has been cancelled
Details

Browse Source 
* fix: LQ deletes session token

* add 4.10.4

* add changes
This commit is contained in:
dblythy
2021-09-30 12:52:12 +10:00
committed by GitHub
parent 6683cd96b6
commit 4ac4b7f710
6 changed files with 121 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/LiveQuery/ParseLiveQueryServer.js
View File

@@ -179,6 +179,14 @@ class ParseLiveQueryServer {
deletedParseObject = res.object.toJSON();
deletedParseObject.className = className;
}
if (
(deletedParseObject.className === '_User' ||
deletedParseObject.className === '_Session') &&
!client.hasMasterKey
) {
delete deletedParseObject.sessionToken;
delete deletedParseObject.authData;
}
client.pushDelete(requestId, deletedParseObject);
})
.catch(error => {
@@ -315,6 +323,16 @@ class ParseLiveQueryServer {
originalParseObject = res.original.toJSON();
originalParseObject.className = res.original.className || className;
}
if (
(currentParseObject.className === '_User' ||
currentParseObject.className === '_Session') &&
!client.hasMasterKey
) {
delete currentParseObject.sessionToken;
delete originalParseObject?.sessionToken;
delete currentParseObject.authData;
delete originalParseObject?.authData;
}
const functionName =
'push' + message.event.charAt(0).toUpperCase() + message.event.slice(1);
if (client[functionName]) {