Remove hidden properties in handleLogin & handleMe (#4335)
This commit is contained in:
Tom
committed by
Benjamin Wilson Friedman
Benjamin Wilson Friedman
parent
08ab1f453d
commit
932a474606
@@ -3038,7 +3038,7 @@ describe('Parse.User testing', () => {
|
||||
});
|
||||
});
|
||||
|
||||
it('should not retrieve hidden fields', done => {
|
||||
it('should not retrieve hidden fields on GET users/me (#3432)', done => {
|
||||
|
||||
var emailAdapter = {
|
||||
sendVerificationEmail: () => {},
|
||||
@@ -3073,6 +3073,34 @@ describe('Parse.User testing', () => {
|
||||
expect(res.emailVerified).toBe(false);
|
||||
expect(res._email_verify_token).toBeUndefined();
|
||||
done()
|
||||
}).catch((err) => {
|
||||
fail(JSON.stringify(err));
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should not retrieve hidden fields on GET users/id (#3432)', done => {
|
||||
|
||||
var emailAdapter = {
|
||||
sendVerificationEmail: () => {},
|
||||
sendPasswordResetEmail: () => Promise.resolve(),
|
||||
sendMail: () => Promise.resolve()
|
||||
}
|
||||
|
||||
const user = new Parse.User();
|
||||
user.set({
|
||||
username: 'hello',
|
||||
password: 'world',
|
||||
email: "test@email.com"
|
||||
})
|
||||
|
||||
reconfigureServer({
|
||||
appName: 'unused',
|
||||
verifyUserEmails: true,
|
||||
emailAdapter: emailAdapter,
|
||||
publicServerURL: "http://localhost:8378/1"
|
||||
}).then(() => {
|
||||
return user.signUp();
|
||||
}).then(() => rp({
|
||||
method: 'GET',
|
||||
url: 'http://localhost:8378/1/users/' + Parse.User.current().id,
|
||||
@@ -3091,6 +3119,45 @@ describe('Parse.User testing', () => {
|
||||
});
|
||||
});
|
||||
|
||||
it('should not retrieve hidden fields on login (#3432)', done => {
|
||||
|
||||
var emailAdapter = {
|
||||
sendVerificationEmail: () => {},
|
||||
sendPasswordResetEmail: () => Promise.resolve(),
|
||||
sendMail: () => Promise.resolve()
|
||||
}
|
||||
|
||||
const user = new Parse.User();
|
||||
user.set({
|
||||
username: 'hello',
|
||||
password: 'world',
|
||||
email: "test@email.com"
|
||||
})
|
||||
|
||||
reconfigureServer({
|
||||
appName: 'unused',
|
||||
verifyUserEmails: true,
|
||||
emailAdapter: emailAdapter,
|
||||
publicServerURL: "http://localhost:8378/1"
|
||||
}).then(() => {
|
||||
return user.signUp();
|
||||
}).then(() => rp.get({
|
||||
url: 'http://localhost:8378/1/login?email=test@email.com&username=hello&password=world',
|
||||
json: true,
|
||||
headers: {
|
||||
'X-Parse-Application-Id': Parse.applicationId,
|
||||
'X-Parse-REST-API-Key': 'rest'
|
||||
},
|
||||
})).then((res) => {
|
||||
expect(res.emailVerified).toBe(false);
|
||||
expect(res._email_verify_token).toBeUndefined();
|
||||
done();
|
||||
}).catch((err) => {
|
||||
fail(JSON.stringify(err));
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should not allow updates to hidden fields', done => {
|
||||
var emailAdapter = {
|
||||
sendVerificationEmail: () => {},
|
||||
|
||||
Reference in New Issue
Block a user