joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: Dry handleAuthData for safer code maintenance in the future (#9025)

Browse Source
This commit is contained in:
Antoine Cormouls
2024-03-19 22:41:21 +01:00
committed by GitHub
parent 1a2b513e8c
commit 6d4663b47e
2 changed files with 34 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/RestWrite.js
View File

@@ -523,10 +523,14 @@ RestWrite.prototype.handleAuthData = async function (authData) {
const r = await Auth.findUsersWithAuthData(this.config, authData);
const results = this.filteredObjectsByACL(r);
if (results.length > 1) {
const userId = this.getUserId();
const userResult = results[0];
const foundUserIsNotCurrentUser = userId && userResult && userId !== userResult.objectId;
if (results.length > 1 || foundUserIsNotCurrentUser) {
// To avoid https://github.com/parse-community/parse-server/security/advisories/GHSA-8w3j-g983-8jh5
// Let's run some validation before throwing
await Auth.handleAuthDataValidation(authData, this, results[0]);
await Auth.handleAuthDataValidation(authData, this, userResult);
throw new Parse.Error(Parse.Error.ACCOUNT_ALREADY_LINKED, 'this auth is already used');
}
@@ -544,13 +548,6 @@ RestWrite.prototype.handleAuthData = async function (authData) {
// User found with provided authData
if (results.length === 1) {
const userId = this.getUserId();
const userResult = results[0];
// Prevent duplicate authData id
if (userId && userId !== userResult.objectId) {
await Auth.handleAuthDataValidation(authData, this, results[0]);
throw new Parse.Error(Parse.Error.ACCOUNT_ALREADY_LINKED, 'this auth is already used');
}
this.storage.authProvider = Object.keys(authData).join(',');