Add beforeLogin trigger with support for auth providers (#5445)

* Add beforeLogin trigger with support for auth providers * adjust comment that boxed off beforeLogin to a negative use-case only * add internal error to help future maintainers regarding use of beforeLogin * let beforeLogin accept className or constructor like other hook types * add assertions for beforeLogin trigger className validation
2019-04-23 16:24:20 +01:00
parent 3e003ee9f4
commit a1e1cef6d2
6 changed files with 340 additions and 60 deletions
--- a/spec/CloudCode.spec.js
+++ b/spec/CloudCode.spec.js
@@ -2021,6 +2021,24 @@ describe('afterFind hooks', () => {
    expect(() => {
      Parse.Cloud.afterSave('_PushStatus', () => {});
    }).not.toThrow();
+    expect(() => {
+      Parse.Cloud.beforeLogin(() => {});
+    }).not.toThrow(
+      'Only the _User class is allowed for the beforeLogin trigger'
+    );
+    expect(() => {
+      Parse.Cloud.beforeLogin('_User', () => {});
+    }).not.toThrow(
+      'Only the _User class is allowed for the beforeLogin trigger'
+    );
+    expect(() => {
+      Parse.Cloud.beforeLogin(Parse.User, () => {});
+    }).not.toThrow(
+      'Only the _User class is allowed for the beforeLogin trigger'
+    );
+    expect(() => {
+      Parse.Cloud.beforeLogin('SomeClass', () => {});
+    }).toThrow('Only the _User class is allowed for the beforeLogin trigger');
  });

  it('should skip afterFind hooks for aggregate', done => {
@@ -2115,3 +2133,88 @@ describe('afterFind hooks', () => {
    expect(calledAfter).toBe(true);
  });
 });
+
+describe('beforeLogin hook', () => {
+  it('should run beforeLogin with correct credentials', async done => {
+    let hit = 0;
+    Parse.Cloud.beforeLogin(req => {
+      hit++;
+      expect(req.object.get('username')).toEqual('tupac');
+    });
+
+    await Parse.User.signUp('tupac', 'shakur');
+    const user = await Parse.User.logIn('tupac', 'shakur');
+    expect(hit).toBe(1);
+    expect(user).toBeDefined();
+    expect(user.getUsername()).toBe('tupac');
+    expect(user.getSessionToken()).toBeDefined();
+    done();
+  });
+
+  it('should be able to block login if an error is thrown', async done => {
+    let hit = 0;
+    Parse.Cloud.beforeLogin(req => {
+      hit++;
+      if (req.object.get('isBanned')) {
+        throw new Error('banned account');
+      }
+    });
+
+    const user = await Parse.User.signUp('tupac', 'shakur');
+    await user.save({ isBanned: true });
+
+    try {
+      await Parse.User.logIn('tupac', 'shakur');
+      throw new Error('should not have been logged in.');
+    } catch (e) {
+      expect(e.message).toBe('banned account');
+    }
+    expect(hit).toBe(1);
+    done();
+  });
+
+  it('should not run beforeLogin with incorrect credentials', async done => {
+    let hit = 0;
+    Parse.Cloud.beforeLogin(req => {
+      hit++;
+      expect(req.object.get('username')).toEqual('tupac');
+    });
+
+    await Parse.User.signUp('tupac', 'shakur');
+    try {
+      await Parse.User.logIn('tony', 'shakur');
+    } catch (e) {
+      expect(e.code).toBe(Parse.Error.OBJECT_NOT_FOUND);
+    }
+    expect(hit).toBe(0);
+    done();
+  });
+
+  it('should not run beforeLogin on sign up', async done => {
+    let hit = 0;
+    Parse.Cloud.beforeLogin(req => {
+      hit++;
+      expect(req.object.get('username')).toEqual('tupac');
+    });
+
+    const user = await Parse.User.signUp('tupac', 'shakur');
+    expect(user).toBeDefined();
+    expect(hit).toBe(0);
+    done();
+  });
+
+  it('should have expected data in request', async done => {
+    Parse.Cloud.beforeLogin(req => {
+      expect(req.object).toBeDefined();
+      expect(req.user).toBeUndefined();
+      expect(req.headers).toBeDefined();
+      expect(req.ip).toBeDefined();
+      expect(req.installationId).toBeDefined();
+      expect(req.context).toBeUndefined();
+    });
+
+    await Parse.User.signUp('tupac', 'shakur');
+    await Parse.User.logIn('tupac', 'shakur');
+    done();
+  });
+});