diff --git a/spec/ParseUser.spec.js b/spec/ParseUser.spec.js index 939a2108..22a0915b 100644 --- a/spec/ParseUser.spec.js +++ b/spec/ParseUser.spec.js @@ -74,6 +74,58 @@ describe('Parse.User testing', () => { }); }); + it('user login with non-string username with REST API', (done) => { + Parse.User.signUp('asdf', 'zxcv', null, { + success: () => { + return rp.post({ + url: 'http://localhost:8378/1/login', + headers: { + 'X-Parse-Application-Id': Parse.applicationId, + 'X-Parse-REST-API-Key': 'rest', + }, + json: { + _method: 'GET', + username: {'$regex':'^asd'}, + password: 'zxcv', + } + }).then((res) => { + fail(`no request should succeed: ${JSON.stringify(res)}`); + done(); + }).catch((err) => { + expect(err.statusCode).toBe(404); + expect(err.message).toMatch('{"code":101,"error":"Invalid username/password."}'); + done(); + }); + }, + }); + }); + + it('user login with non-string username with REST API', (done) => { + Parse.User.signUp('asdf', 'zxcv', null, { + success: () => { + return rp.post({ + url: 'http://localhost:8378/1/login', + headers: { + 'X-Parse-Application-Id': Parse.applicationId, + 'X-Parse-REST-API-Key': 'rest', + }, + json: { + _method: 'GET', + username: 'asdf', + password: {'$regex':'^zx'}, + } + }).then((res) => { + fail(`no request should succeed: ${JSON.stringify(res)}`); + done(); + }).catch((err) => { + expect(err.statusCode).toBe(404); + expect(err.message).toMatch('{"code":101,"error":"Invalid username/password."}'); + done(); + }); + }, + }); + }); + it("user login", (done) => { Parse.User.signUp("asdf", "zxcv", null, { success: function(user) { @@ -2465,6 +2517,51 @@ describe('Parse.User testing', () => { }); }); + it('should not send email when email is not a string', (done) => { + let emailCalled = false; + let emailOptions; + var emailAdapter = { + sendVerificationEmail: (options) => { + emailOptions = options; + emailCalled = true; + }, + sendPasswordResetEmail: () => Promise.resolve(), + sendMail: () => Promise.resolve() + } + reconfigureServer({ + appName: 'unused', + verifyUserEmails: true, + emailAdapter: emailAdapter, + publicServerURL: 'http://localhost:8378/1', + }); + var user = new Parse.User(); + user.set('username', 'asdf@jkl.com'); + user.set('password', 'zxcv'); + user.set('email', 'asdf@jkl.com'); + user.signUp(null, { + success: (user) => { + return rp.post({ + url: 'http://localhost:8378/1/requestPasswordReset', + headers: { + 'X-Parse-Application-Id': Parse.applicationId, + 'X-Parse-Session-Token': user.sessionToken, + 'X-Parse-REST-API-Key': 'rest', + }, + json: { + email: {"$regex":"^asd"}, + } + }).then((res) => { + fail('no request should succeed: ' + JSON.stringify(res)); + done(); + }).catch((err) => { + expect(err.statusCode).toBe(400); + expect(err.message).toMatch('{"code":125,"error":"you must provide a valid email string"}'); + done(); + }); + }, + }); + }); + it('should aftersave with full object', (done) => { var hit = 0; diff --git a/src/Routers/UsersRouter.js b/src/Routers/UsersRouter.js index ec5f12f1..d32cc30c 100644 --- a/src/Routers/UsersRouter.js +++ b/src/Routers/UsersRouter.js @@ -79,6 +79,9 @@ export class UsersRouter extends ClassesRouter { if (!req.body.password) { throw new Parse.Error(Parse.Error.PASSWORD_MISSING, 'password is required.'); } + if (typeof req.body.username !== 'string' || typeof req.body.password !== 'string') { + throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Invalid username/password.'); + } let user; let isValidPassword = false; @@ -190,6 +193,9 @@ export class UsersRouter extends ClassesRouter { if (!email) { throw new Parse.Error(Parse.Error.EMAIL_MISSING, "you must provide an email"); } + if (typeof email !== 'string') { + throw new Parse.Error(Parse.Error.INVALID_EMAIL_ADDRESS, 'you must provide a valid email string'); + } let userController = req.config.userController; return userController.sendPasswordResetEmail(email).then(token => { return Promise.resolve({