Run test that require db access (#5796)

as mongo only. also seperate out into own section of test.
2019-07-10 13:25:29 -04:00
parent 815b7c6e05
commit 76ce9e1a5c
1 changed files with 42 additions and 37 deletions
--- a/spec/ParseUser.spec.js
+++ b/spec/ParseUser.spec.js
@@ -3847,41 +3847,46 @@ describe('Parse.User testing', () => {
      }
    );
  });
-
+});
-  it('should validate credentials first and check if account already linked afterwards (GHSA-8w3j-g983-8jh5)', async done => {
+
-    // Add User to Database with authData
+describe('Security Advisory GHSA-8w3j-g983-8jh5', function() {
-    const database = Config.get(Parse.applicationId).database;
+  it_only_db('mongo')(
-    const collection = await database.adapter._adaptiveCollection('_User');
+    'should validate credentials first and check if account already linked afterwards ()',
-    await collection.insertOne({
+    async done => {
-      _id: 'ABCDEF1234',
+      // Add User to Database with authData
-      name: '<some_name>',
+      const database = Config.get(Parse.applicationId).database;
-      email: '<some_email>',
+      const collection = await database.adapter._adaptiveCollection('_User');
-      username: '<some_username>',
+      await collection.insertOne({
-      _hashed_password: '<some_password>',
+        _id: 'ABCDEF1234',
-      _auth_data_custom: {
+        name: '<some_name>',
-        id: 'linkedID', // Already linked userid
+        email: '<some_email>',
-      },
+        username: '<some_username>',
-      sessionToken: '<some_session_token>',
+        _hashed_password: '<some_password>',
-    });
+        _auth_data_custom: {
-    const provider = {
+          id: 'linkedID', // Already linked userid
-      getAuthType: () => 'custom',
+        },
-      restoreAuthentication: () => true,
+        sessionToken: '<some_session_token>',
-    }; // AuthProvider checks if password is 'password'
+      });
-    Parse.User._registerAuthenticationProvider(provider);
+      const provider = {
-
+        getAuthType: () => 'custom',
-    // Try to link second user with wrong password
+        restoreAuthentication: () => true,
-    try {
+      }; // AuthProvider checks if password is 'password'
-      const user = await Parse.AnonymousUtils.logIn();
+      Parse.User._registerAuthenticationProvider(provider);
-      await user._linkWith(provider.getAuthType(), {
+
-        authData: { id: 'linkedID', password: 'wrong' },
+      // Try to link second user with wrong password
-      });
+      try {
-    } catch (error) {
+        const user = await Parse.AnonymousUtils.logIn();
-      // This should throw Parse.Error.SESSION_MISSING and not Parse.Error.ACCOUNT_ALREADY_LINKED
+        await user._linkWith(provider.getAuthType(), {
-      expect(error.code).toEqual(Parse.Error.SESSION_MISSING);
+          authData: { id: 'linkedID', password: 'wrong' },
-      done();
+        });
-      return;
+      } catch (error) {
-    }
+        // This should throw Parse.Error.SESSION_MISSING and not Parse.Error.ACCOUNT_ALREADY_LINKED
-    fail();
+        expect(error.code).toEqual(Parse.Error.SESSION_MISSING);
-    done();
+        done();
-  });
+        return;
      }
      fail();
      done();
    }
  );
 });