joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: Authentication provider credentials are usable across Parse Server apps; fixes security vulnerability [GHSA-837q-jhwx-cmpv](https://github.com/parse-community/parse-server/security/advisories/GHSA-837q-jhwx-cmpv) (#9667)

Browse Source
This commit is contained in:
Manuel
2025-03-21 10:49:09 +01:00
committed by GitHub
parent c56b2c49b2
commit 5ef0440c8e
59 changed files with 5987 additions and 1680 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
spec/SecurityCheckGroups.spec.js
View File

@@ -32,6 +32,7 @@ describe('Security Check Groups', () => {
config.masterKey = 'aMoreSecur3Passwor7!';
config.security.enableCheckLog = false;
config.allowClientClassCreation = false;
config.enableInsecureAuthAdapters = false;
await reconfigureServer(config);
const group = new CheckGroupServerConfig();
@@ -39,6 +40,7 @@ describe('Security Check Groups', () => {
expect(group.checks()[0].checkState()).toBe(CheckState.success);
expect(group.checks()[1].checkState()).toBe(CheckState.success);
expect(group.checks()[2].checkState()).toBe(CheckState.success);
expect(group.checks()[4].checkState()).toBe(CheckState.success);
});
it('checks fail correctly', async () => {
@@ -52,6 +54,7 @@ describe('Security Check Groups', () => {
expect(group.checks()[0].checkState()).toBe(CheckState.fail);
expect(group.checks()[1].checkState()).toBe(CheckState.fail);
expect(group.checks()[2].checkState()).toBe(CheckState.fail);
expect(group.checks()[4].checkState()).toBe(CheckState.fail);
});
});