joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Ensure legacy users with authData are not locked out (#4898)

Browse Source 
* Adds fix for issue, ensuring legacy users with no ACL are properly handled

* Runs tests only on mongo
This commit is contained in:
Florent Vilmart
2018-07-18 14:42:50 +00:00
parent 2c316ceaad
commit 5a32eb33e6
3 changed files with 47 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/Controllers/DatabaseController.js
View File

@@ -427,7 +427,7 @@ class DatabaseController {
}
});
for (const updateOperation in update) {
if (Object.keys(updateOperation).some(innerKey => innerKey.includes('$') || innerKey.includes('.'))) {
if (update[updateOperation] && typeof update[updateOperation] === 'object' && Object.keys(update[updateOperation]).some(innerKey => innerKey.includes('$') || innerKey.includes('.'))) {
throw new Parse.Error(Parse.Error.INVALID_NESTED_KEY, "Nested keys should not contain the '$' or '.' characters");
}
}
@@ -660,7 +660,7 @@ class DatabaseController {
* @param {boolean} fast set to true if it's ok to just delete rows and not indexes
* @returns {Promise<void>} when the deletions completes
*/
deleteEverything(fast: boolean = false): Promise<void> {
deleteEverything(fast: boolean = false): Promise<any> {
this.schemaPromise = null;
return Promise.all([
this.adapter.deleteAllClasses(fast),

16
src/RestWrite.js
View File

@@ -278,13 +278,23 @@ RestWrite.prototype.findUsersWithAuthData = function(authData) {
return findPromise;
}
RestWrite.prototype.filteredObjectsByACL = function(objects) {
if (this.auth.isMaster) {
return objects;
}
return objects.filter((object) => {
if (!object.ACL) {
return true; // legacy users that have no ACL field on them
}
// Regular users that have been locked out.
return object.ACL && Object.keys(object.ACL).length > 0;
});
}
RestWrite.prototype.handleAuthData = function(authData) {
let results;
return this.findUsersWithAuthData(authData).then((r) => {
results = r.filter((user) => {
return !this.auth.isMaster && user.ACL && Object.keys(user.ACL).length > 0;
});
results = this.filteredObjectsByACL(r);
if (results.length > 1) {
// More than 1 user with the passed id's
throw new Parse.Error(Parse.Error.ACCOUNT_ALREADY_LINKED,