From 91a0108084706262dd7a1bc6e00ea097104407c7 Mon Sep 17 00:00:00 2001 From: dblythy Date: Tue, 23 Feb 2021 19:56:54 +1100 Subject: [PATCH] New: allow options to be async on Cloud Validator (#7155) * new: allow options to be async on Cloud Validator * Update CHANGELOG.md * Ensure pushStatus is properly running (#7213) * Ensure pushStatus is properly running * remove duplicate test * new: allow options to be async on Cloud Validator * Update CHANGELOG.md * Update CloudCode.Validator.spec.js Co-authored-by: Diamond Lewis --- CHANGELOG.md | 2 + spec/CloudCode.Validator.spec.js | 76 ++++++++++++++++++++++++++++++++ src/triggers.js | 12 +++-- 3 files changed, 86 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ffcb4e4e..33e0421c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,7 @@ __BREAKING CHANGES:__ - NEW: Added file upload restriction. File upload is now only allowed for authenticated users by default for improved security. To allow file upload also for Anonymous Users or Public, set the `fileUpload` parameter in the [Parse Server Options](https://parseplatform.org/parse-server/api/master/ParseServerOptions.html). [#7071](https://github.com/parse-community/parse-server/pull/7071). Thanks to [dblythy](https://github.com/dblythy), [Manuel Trezza](https://github.com/mtrezza). ___ +- IMPROVE: Allow Cloud Validator `options` to be async [#7155](https://github.com/parse-community/parse-server/pull/7155). Thanks to [dblythy](https://github.com/dblythy) - NEW (EXPERIMENTAL): Added new page router with placeholder rendering and localization of custom and feature pages such as password reset and email verification. **Caution, this is an experimental feature that may not be appropriate for production.** [#6891](https://github.com/parse-community/parse-server/issues/6891). Thanks to [Manuel Trezza](https://github.com/mtrezza). - NEW: Added convenience method `Parse.Cloud.sendEmail(...)` to send email via email adapter in Cloud Code. [#7089](https://github.com/parse-community/parse-server/pull/7089). Thanks to [dblythy](https://github.com/dblythy) - NEW: LiveQuery support for $and, $nor, $containedBy, $geoWithin, $geoIntersects queries [#7113](https://github.com/parse-community/parse-server/pull/7113). Thanks to [dplewis](https://github.com/dplewis) @@ -25,6 +26,7 @@ ___ - IMPROVE: Added new account lockout policy option `accountLockout.unlockOnPasswordReset` to automatically unlock account on password reset. [#7146](https://github.com/parse-community/parse-server/pull/7146). Thanks to [Manuel Trezza](https://github.com/mtrezza). - IMPROVE: Parse Server is from now on continuously tested against all recent MongoDB versions that have not reached their end-of-life support date. Added MongoDB compatibility table to Parse Server docs. [7161](https://github.com/parse-community/parse-server/pull/7161). Thanks to [Manuel Trezza](https://github.com/mtrezza). - IMPROVE: Parse Server is from now on continuously tested against all recent Node.js versions that have not reached their end-of-life support date. [7161](https://github.com/parse-community/parse-server/pull/7177). Thanks to [Manuel Trezza](https://github.com/mtrezza). +- IMPROVE: Allow Cloud Validator `options` to be async [#7155](https://github.com/parse-community/parse-server/pull/7155). Thanks to [dblythy](https://github.com/dblythy) - IMPROVE: Optimize queries on classes with pointer permissions. [#7061](https://github.com/parse-community/parse-server/pull/7061). Thanks to [Pedro Diaz](https://github.com/pdiaz) - IMPROVE: Parse Server will from now on be continuously tested against all relevant Postgres versions (minor versions). Added Postgres compatibility table to Parse Server docs. [#7176](https://github.com/parse-community/parse-server/pull/7176). Thanks to [Corey Baker](https://github.com/cbaker6). - FIX: Fix error when a not yet inserted job is updated [#7196](https://github.com/parse-community/parse-server/pull/7196). Thanks to [Antonio Davi Macedo Coelho de Castro](https://github.com/davimacedo). diff --git a/spec/CloudCode.Validator.spec.js b/spec/CloudCode.Validator.spec.js index 36a7fc96..2a1cd427 100644 --- a/spec/CloudCode.Validator.spec.js +++ b/spec/CloudCode.Validator.spec.js @@ -1428,4 +1428,80 @@ describe('cloud validator', () => { done(); } }); + + it('set params options function async', async () => { + Parse.Cloud.define( + 'hello', + () => { + return 'Hello world!'; + }, + { + fields: { + data: { + type: String, + required: true, + options: async val => { + await new Promise(resolve => { + setTimeout(resolve, 500); + }); + return val === 'f'; + }, + error: 'Validation failed.', + }, + }, + } + ); + try { + await Parse.Cloud.run('hello', { data: 'd' }); + fail('validation should have failed'); + } catch (error) { + expect(error.code).toEqual(Parse.Error.VALIDATION_ERROR); + expect(error.message).toEqual('Validation failed.'); + } + const result = await Parse.Cloud.run('hello', { data: 'f' }); + expect(result).toBe('Hello world!'); + }); + + it('basic beforeSave requireUserKey as custom async function', async () => { + Parse.Cloud.beforeSave(Parse.User, () => {}, { + fields: { + accType: { + default: 'normal', + constant: true, + }, + }, + }); + Parse.Cloud.define( + 'secureFunction', + () => { + return "Here's all the secure data!"; + }, + { + requireUserKeys: { + accType: { + options: async val => { + await new Promise(resolve => { + setTimeout(resolve, 500); + }); + return ['admin', 'admin2'].includes(val); + }, + error: 'Unauthorized.', + }, + }, + } + ); + const user = new Parse.User(); + user.set('username', 'testuser'); + user.set('password', 'p@ssword'); + user.set('accType', 'admin'); + await user.signUp(); + expect(user.get('accType')).toBe('normal'); + try { + await Parse.Cloud.run('secureFunction'); + fail('function should only be available to admin users'); + } catch (error) { + expect(error.code).toEqual(Parse.Error.VALIDATION_ERROR); + expect(error.message).toEqual('Unauthorized.'); + } + }); }); diff --git a/src/triggers.js b/src/triggers.js index a9f08052..0a9e2342 100644 --- a/src/triggers.js +++ b/src/triggers.js @@ -662,11 +662,11 @@ async function builtInTriggerValidator(options, request, auth) { } }; - const validateOptions = (opt, key, val) => { + const validateOptions = async (opt, key, val) => { let opts = opt.options; if (typeof opts === 'function') { try { - const result = opts(val); + const result = await opts(val); if (!result && result != null) { throw opt.error || `Validation failed. Invalid value for ${key}.`; } @@ -699,6 +699,7 @@ async function builtInTriggerValidator(options, request, auth) { requiredParam(key); } } else { + const optionPromises = []; for (const key in options.fields) { const opt = options.fields[key]; let val = params[key]; @@ -731,10 +732,11 @@ async function builtInTriggerValidator(options, request, auth) { } } if (opt.options) { - validateOptions(opt, key, val); + optionPromises.push(validateOptions(opt, key, val)); } } } + await Promise.all(optionPromises); } let userRoles = options.requireAnyUserRoles; let requireAllRoles = options.requireAllUserRoles; @@ -780,12 +782,14 @@ async function builtInTriggerValidator(options, request, auth) { } } } else if (typeof userKeys === 'object') { + const optionPromises = []; for (const key in options.requireUserKeys) { const opt = options.requireUserKeys[key]; if (opt.options) { - validateOptions(opt, key, reqUser.get(key)); + optionPromises.push(validateOptions(opt, key, reqUser.get(key))); } } + await Promise.all(optionPromises); } }