fix: Authentication provider credentials are usable across Parse Server apps; fixes security vulnerability [GHSA-837q-jhwx-cmpv](https://github.com/parse-community/parse-server/security/advisories/GHSA-837q-jhwx-cmpv) (#9667)

src/Adapters/Auth/meetup.js

@@ -1,15 +1,24 @@
 // Helper functions for accessing the meetup API.
 var Parse = require('parse/node').Parse;
 const httpsRequest = require('./httpsRequest');
+import Config from '../../Config';
+import Deprecator from '../../Deprecator/Deprecator';
 
 // Returns a promise that fulfills iff this user id is valid.
-function validateAuthData(authData) {
-  return request('member/self', authData.access_token).then(data => {
-    if (data && data.id == authData.id) {
-      return;
-    }
+async function validateAuthData(authData) {
+  const config = Config.get(Parse.applicationId);
+  const meetupConfig = config.auth.meetup;
+
+  Deprecator.logRuntimeDeprecation({ usage: 'meetup adapter' });
+
+  if (!meetupConfig?.enableInsecureAuth) {
+    throw new Parse.Error('Meetup only works with enableInsecureAuth: true');
+  }
+
+  const data = await request('member/self', authData.access_token);
+  if (data?.id !== authData.id) {
     throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Meetup auth is invalid for this user.');
-  });
+  }
 }
 
 // Returns a promise that fulfills iff this app id is valid.