joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

"Object not found." instead of "Insufficient auth." when using master key (#5133)

Browse Source 
* add additional isMaster check

* adding some tests

* nits

* covering all basis
This commit is contained in:
Georges Jamous
2018-10-23 02:33:43 +03:00
committed by Florent Vilmart
parent de79b70cbc
commit 961abda4eb
2 changed files with 38 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
spec/ParseUser.spec.js
View File

@@ -3314,7 +3314,9 @@ describe('Parse.User testing', () => {
done(); done();
}); });
}); });
}).pend('this test fails. See: https://github.com/parse-community/parse-server/issues/5097'); }).pend(
'this test fails. See: https://github.com/parse-community/parse-server/issues/5097'
);
it('should be able to update user with authData passed', done => { it('should be able to update user with authData passed', done => {
let objectId; let objectId;
@@ -3686,6 +3688,35 @@ describe('Parse.User testing', () => {
.then(done, done.fail); .then(done, done.fail);
}); });
it('should throw OBJECT_NOT_FOUND instead of SESSION_MISSING when using masterKey', async () => {
// create a fake user (just so we simulate an object not found)
const non_existent_user = Parse.User.createWithoutData('fake_id');
try {
await non_existent_user.destroy({ useMasterKey: true });
throw '';
} catch (e) {
expect(e.code).toBe(Parse.Error.OBJECT_NOT_FOUND);
}
try {
await non_existent_user.save({}, { useMasterKey: true });
throw '';
} catch (e) {
expect(e.code).toBe(Parse.Error.OBJECT_NOT_FOUND);
}
try {
await non_existent_user.save();
throw '';
} catch (e) {
expect(e.code).toBe(Parse.Error.SESSION_MISSING);
}
try {
await non_existent_user.destroy();
throw '';
} catch (e) {
expect(e.code).toBe(Parse.Error.SESSION_MISSING);
}
});
describe('issue #4897', () => { describe('issue #4897', () => {
it_only_db('mongo')( it_only_db('mongo')(
'should be able to login with a legacy user (no ACL)', 'should be able to login with a legacy user (no ACL)',

8
src/rest.js
View File

@@ -250,9 +250,13 @@ function update(config, auth, className, restWhere, restObject, clientSDK) {
}); });
} }
function handleSessionMissingError(error, className) { function handleSessionMissingError(error, className, auth) {
// If we're trying to update a user without / with bad session token // If we're trying to update a user without / with bad session token
if (className === '_User' && error.code === Parse.Error.OBJECT_NOT_FOUND) { if (
className === '_User' &&
error.code === Parse.Error.OBJECT_NOT_FOUND &&
!auth.isMaster
) {
throw new Parse.Error(Parse.Error.SESSION_MISSING, 'Insufficient auth.'); throw new Parse.Error(Parse.Error.SESSION_MISSING, 'Insufficient auth.');
} }
throw error; throw error;