joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: Security upgrade to parse 7.0.1 (#9877)

Browse Source
This commit is contained in:
Antoine Cormouls
2025-10-15 18:39:37 +02:00
committed by GitHub
parent 84cebd439e
commit abfa94cd6d
10 changed files with 230 additions and 91 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
spec/Adapters/Auth/linkedIn.spec.js
View File

@@ -89,12 +89,16 @@ describe('LinkedInAdapter', function () {
describe('Test getUserFromAccessToken', function () {
it('should fetch user successfully', async function () {
global.fetch = jasmine.createSpy().and.returnValue(
Promise.resolve({
ok: true,
json: () => Promise.resolve({ id: 'validUserId' }),
})
);
mockFetch([
{
url: 'https://api.linkedin.com/v2/me',
method: 'GET',
response: {
ok: true,
json: () => Promise.resolve({ id: 'validUserId' }),
},
},
]);
const user = await adapter.getUserFromAccessToken('validToken', false);
@@ -104,14 +108,21 @@ describe('LinkedInAdapter', function () {
'x-li-format': 'json',
'x-li-src': undefined,
},
method: 'GET',
});
expect(user).toEqual({ id: 'validUserId' });
});
it('should throw error for invalid response', async function () {
global.fetch = jasmine.createSpy().and.returnValue(
Promise.resolve({ ok: false })
);
mockFetch([
{
url: 'https://api.linkedin.com/v2/me',
method: 'GET',
response: {
ok: false,
},
},
]);
await expectAsync(adapter.getUserFromAccessToken('invalidToken', false)).toBeRejectedWith(
new Error('LinkedIn API request failed.')
@@ -121,12 +132,16 @@ describe('LinkedInAdapter', function () {
describe('Test getAccessTokenFromCode', function () {
it('should fetch token successfully', async function () {
global.fetch = jasmine.createSpy().and.returnValue(
Promise.resolve({
ok: true,
json: () => Promise.resolve({ access_token: 'validToken' }),
})
);
mockFetch([
{
url: 'https://www.linkedin.com/oauth/v2/accessToken',
method: 'POST',
response: {
ok: true,
json: () => Promise.resolve({ access_token: 'validToken' }),
},
},
]);
const tokenResponse = await adapter.getAccessTokenFromCode('validCode', 'http://example.com');
@@ -139,9 +154,15 @@ describe('LinkedInAdapter', function () {
});
it('should throw error for invalid response', async function () {
global.fetch = jasmine.createSpy().and.returnValue(
Promise.resolve({ ok: false })
);
mockFetch([
{
url: 'https://www.linkedin.com/oauth/v2/accessToken',
method: 'POST',
response: {
ok: false,
},
},
]);
await expectAsync(
adapter.getAccessTokenFromCode('invalidCode', 'http://example.com')

6
spec/Adapters/Auth/wechat.spec.js
View File

@@ -23,7 +23,8 @@ describe('WeChatAdapter', function () {
const user = await adapter.getUserFromAccessToken('validToken', { id: 'validOpenId' });
expect(global.fetch).toHaveBeenCalledWith(
'https://api.weixin.qq.com/sns/auth?access_token=validToken&openid=validOpenId'
'https://api.weixin.qq.com/sns/auth?access_token=validToken&openid=validOpenId',
jasmine.any(Object)
);
expect(user).toEqual({ errcode: 0, id: 'validUserId' });
});
@@ -64,7 +65,8 @@ describe('WeChatAdapter', function () {
const token = await adapter.getAccessTokenFromCode(authData);
expect(global.fetch).toHaveBeenCalledWith(
'https://api.weixin.qq.com/sns/oauth2/access_token?appid=validAppId&secret=validAppSecret&code=validCode&grant_type=authorization_code'
'https://api.weixin.qq.com/sns/oauth2/access_token?appid=validAppId&secret=validAppSecret&code=validCode&grant_type=authorization_code',
jasmine.any(Object)
);
expect(token).toEqual('validToken');
});