joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: Dry handleAuthData for safer code maintenance in the future (#9025)

Browse Source
This commit is contained in:
Antoine Cormouls
2024-03-19 22:41:21 +01:00
committed by GitHub
parent 1a2b513e8c
commit 6d4663b47e
2 changed files with 34 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
spec/AuthenticationAdaptersV2.spec.js
View File

@@ -487,6 +487,33 @@ describe('Auth Adapter features', () => {
expect(baseAdapter2.validateAuthData).toHaveBeenCalledTimes(2); expect(baseAdapter2.validateAuthData).toHaveBeenCalledTimes(2);
}); });
it('should not perform authData validation twice when data mutated', async () => {
spyOn(baseAdapter, 'validateAuthData').and.resolveTo({});
await reconfigureServer({
auth: { baseAdapter },
allowExpiredAuthDataToken: false,
});
const user = new Parse.User();
await user.save({
authData: {
baseAdapter: { id: 'baseAdapter', token: "sometoken1" },
},
});
expect(baseAdapter.validateAuthData).toHaveBeenCalledTimes(1);
const user2 = new Parse.User();
await user2.save({
authData: {
baseAdapter: { id: 'baseAdapter', token: "sometoken2" },
},
});
expect(baseAdapter.validateAuthData).toHaveBeenCalledTimes(2);
});
it('should require additional provider if configured', async () => { it('should require additional provider if configured', async () => {
await reconfigureServer({ await reconfigureServer({
auth: { baseAdapter, additionalAdapter }, auth: { baseAdapter, additionalAdapter },
@@ -937,7 +964,7 @@ describe('Auth Adapter features', () => {
allowExpiredAuthDataToken: false, allowExpiredAuthDataToken: false,
}); });
logger = require('../lib/logger').logger; logger = require('../lib/logger').logger;
spyOn(logger, 'error').and.callFake(() => {}); spyOn(logger, 'error').and.callFake(() => { });
user = new Parse.User(); user = new Parse.User();
await user.save({ authData: { modernAdapter: { id: 'modernAdapter' } } }); await user.save({ authData: { modernAdapter: { id: 'modernAdapter' } } });
const user2 = new Parse.User(); const user2 = new Parse.User();

15
src/RestWrite.js
View File

@@ -523,10 +523,14 @@ RestWrite.prototype.handleAuthData = async function (authData) {
const r = await Auth.findUsersWithAuthData(this.config, authData); const r = await Auth.findUsersWithAuthData(this.config, authData);
const results = this.filteredObjectsByACL(r); const results = this.filteredObjectsByACL(r);
if (results.length > 1) { const userId = this.getUserId();
const userResult = results[0];
const foundUserIsNotCurrentUser = userId && userResult && userId !== userResult.objectId;
if (results.length > 1 || foundUserIsNotCurrentUser) {
// To avoid https://github.com/parse-community/parse-server/security/advisories/GHSA-8w3j-g983-8jh5 // To avoid https://github.com/parse-community/parse-server/security/advisories/GHSA-8w3j-g983-8jh5
// Let's run some validation before throwing // Let's run some validation before throwing
await Auth.handleAuthDataValidation(authData, this, results[0]); await Auth.handleAuthDataValidation(authData, this, userResult);
throw new Parse.Error(Parse.Error.ACCOUNT_ALREADY_LINKED, 'this auth is already used'); throw new Parse.Error(Parse.Error.ACCOUNT_ALREADY_LINKED, 'this auth is already used');
} }
@@ -544,13 +548,6 @@ RestWrite.prototype.handleAuthData = async function (authData) {
// User found with provided authData // User found with provided authData
if (results.length === 1) { if (results.length === 1) {
const userId = this.getUserId();
const userResult = results[0];
// Prevent duplicate authData id
if (userId && userId !== userResult.objectId) {
await Auth.handleAuthDataValidation(authData, this, results[0]);
throw new Parse.Error(Parse.Error.ACCOUNT_ALREADY_LINKED, 'this auth is already used');
}
this.storage.authProvider = Object.keys(authData).join(','); this.storage.authProvider = Object.keys(authData).join(',');