joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request from GHSA-2479-qvv7-47qq

Browse Source 
* Failing test

* provide fix

* clearer test

* failing expect
This commit is contained in:
Diamond Lewis
2019-06-12 16:12:11 -05:00
committed by GitHub
parent 54ba9a0f00
commit 8709daf698
2 changed files with 29 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
spec/AudienceRouter.spec.js
View File

@@ -1,6 +1,7 @@
const auth = require('../lib/Auth'); const auth = require('../lib/Auth');
const Config = require('../lib/Config'); const Config = require('../lib/Config');
const rest = require('../lib/rest'); const rest = require('../lib/rest');
const request = require('../lib/request');
const AudiencesRouter = require('../lib/Routers/AudiencesRouter') const AudiencesRouter = require('../lib/Routers/AudiencesRouter')
.AudiencesRouter; .AudiencesRouter;
@@ -438,4 +439,28 @@ describe('AudiencesRouter', () => {
}); });
}); });
}); });
it('should handle _Audience invalid fields via rest', async () => {
await reconfigureServer({
appId: 'test',
restAPIKey: 'test',
publicServerURL: 'http://localhost:8378/1',
});
try {
await request({
method: 'POST',
url: 'http://localhost:8378/1/classes/_Audience',
body: { lorem: 'ipsum', _method: 'POST' },
headers: {
'X-Parse-Application-Id': 'test',
'X-Parse-REST-API-Key': 'test',
'Content-Type': 'application/json',
},
});
expect(true).toBeFalsy();
} catch (e) {
expect(e.data.code).toBe(107);
expect(e.data.error).toBe('Could not add field lorem');
}
});
}); });

7
src/Controllers/SchemaController.js
View File

@@ -228,9 +228,7 @@ function validateCLP(perms: ClassLevelPermissions, fields: SchemaFields) {
// @flow-disable-next // @flow-disable-next
throw new Parse.Error( throw new Parse.Error(
Parse.Error.INVALID_JSON, Parse.Error.INVALID_JSON,
`'${ `'${perms[operation]}' is not a valid value for class level permissions ${operation}`
perms[operation]
}' is not a valid value for class level permissions ${operation}`
); );
} else { } else {
perms[operation].forEach(key => { perms[operation].forEach(key => {
@@ -395,6 +393,9 @@ class SchemaData {
this.__data = {}; this.__data = {};
this.__protectedFields = protectedFields; this.__protectedFields = protectedFields;
allSchemas.forEach(schema => { allSchemas.forEach(schema => {
if (volatileClasses.includes(schema.className)) {
return;
}
Object.defineProperty(this, schema.className, { Object.defineProperty(this, schema.className, {
get: () => { get: () => {
if (!this.__data[schema.className]) { if (!this.__data[schema.className]) {