diff --git a/spec/ParseRole.spec.js b/spec/ParseRole.spec.js index 02166ddd..8b4f989f 100644 --- a/spec/ParseRole.spec.js +++ b/spec/ParseRole.spec.js @@ -86,7 +86,7 @@ describe('Parse Role testing', () => { return createRole(rolesNames[2], anotherRole, user); }).then( (lastRole) => { roleIds[lastRole.get("name")] = lastRole.id; - var auth = new Auth(new Config("test") , true, user); + var auth = new Auth({ config: new Config("test"), isMaster: true, user: user }); return auth._loadRoles(); }) }).then( (roles) => { diff --git a/src/Auth.js b/src/Auth.js index f64480c8..0b285789 100644 --- a/src/Auth.js +++ b/src/Auth.js @@ -7,10 +7,11 @@ import cache from './cache'; // An Auth object tells you who is requesting something and whether // the master key was used. // userObject is a Parse.User and can be null if there's no user. -function Auth(config, isMaster, userObject) { +function Auth({ config, isMaster = false, user, installationId } = {}) { this.config = config; + this.installationId = installationId; this.isMaster = isMaster; - this.user = userObject; + this.user = user; // Assuming a users roles won't change during a single request, we'll // only load them once. @@ -33,19 +34,19 @@ Auth.prototype.couldUpdateUserId = function(userId) { // A helper to get a master-level Auth object function master(config) { - return new Auth(config, true, null); + return new Auth({ config, isMaster: true }); } // A helper to get a nobody-level Auth object function nobody(config) { - return new Auth(config, false, null); + return new Auth({ config, isMaster: false }); } // Returns a promise that resolves to an Auth object -var getAuthForSessionToken = function(config, sessionToken) { +var getAuthForSessionToken = function({ config, sessionToken, installationId } = {}) { var cachedUser = cache.users.get(sessionToken); if (cachedUser) { - return Promise.resolve(new Auth(config, false, cachedUser)); + return Promise.resolve(new Auth({ config, isMaster: false, installationId, user: cachedUser })); } var restOptions = { limit: 1, @@ -67,7 +68,7 @@ var getAuthForSessionToken = function(config, sessionToken) { obj['sessionToken'] = sessionToken; let userObject = Parse.Object.fromJSON(obj); cache.users.set(sessionToken, userObject); - return new Auth(config, false, userObject); + return new Auth({ config, isMaster: false, installationId, user: userObject }); }); }; diff --git a/src/Controllers/UserController.js b/src/Controllers/UserController.js index 019f71c1..1581a659 100644 --- a/src/Controllers/UserController.js +++ b/src/Controllers/UserController.js @@ -22,23 +22,22 @@ export class UserController extends AdaptableController { } super.validateAdapter(adapter); } - + expectedAdapterType() { return MailAdapter; } - + get shouldVerifyEmails() { return this.options.verifyUserEmails; } - + setEmailVerifyToken(user) { if (this.shouldVerifyEmails) { user._email_verify_token = randomString(25); user.emailVerified = false; } } - - + verifyEmail(username, token) { if (!this.shouldVerifyEmails) { // Trying to verify email when not enabled @@ -62,7 +61,7 @@ export class UserController extends AdaptableController { return document; }); } - + checkResetTokenValidity(username, token) { return this.config.database.adaptiveCollection('_User') .then(collection => { @@ -78,7 +77,7 @@ export class UserController extends AdaptableController { return results[0]; }); } - + getUserIfNeeded(user) { if (user.username && user.email) { return Promise.resolve(user); @@ -90,7 +89,7 @@ export class UserController extends AdaptableController { if (user.email) { where.email = user.email; } - + var query = new RestQuery(this.config, Auth.master(this.config), '_User', where); return query.execute().then(function(result){ if (result.results.length != 1) { @@ -99,7 +98,7 @@ export class UserController extends AdaptableController { return result.results[0]; }) } - + sendVerificationEmail(user) { if (!this.shouldVerifyEmails) { @@ -122,7 +121,7 @@ export class UserController extends AdaptableController { } }); } - + setPasswordResetToken(email) { let token = randomString(25); return this.config.database @@ -142,11 +141,11 @@ export class UserController extends AdaptableController { // TODO: No adapter? return; } - + return this.setPasswordResetToken(email).then((user) => { const token = encodeURIComponent(user._perishable_token); - const username = encodeURIComponent(user.username); + const username = encodeURIComponent(user.username); let link = `${this.config.requestResetPasswordURL}?token=${token}&username=${username}` let options = { @@ -154,7 +153,7 @@ export class UserController extends AdaptableController { link: link, user: inflate('_User', user), }; - + if (this.adapter.sendPasswordResetEmail) { this.adapter.sendPasswordResetEmail(options); } else { @@ -164,13 +163,13 @@ export class UserController extends AdaptableController { return Promise.resolve(user); }); } - + updatePassword(username, token, password, config) { return this.checkResetTokenValidity(username, token).then(() => { return updateUserPassword(username, token, password, this.config); }); } - + defaultVerificationEmail({link, user, appName, }) { let text = "Hi,\n\n" + "You are being asked to confirm the e-mail address " + user.email + " with " + appName + "\n\n" + @@ -180,9 +179,9 @@ export class UserController extends AdaptableController { let subject = 'Please verify your e-mail for ' + appName; return { text, to, subject }; } - + defaultResetPasswordEmail({link, user, appName, }) { - let text = "Hi,\n\n" + + let text = "Hi,\n\n" + "You requested to reset your password for " + appName + ".\n\n" + "" + "Click here to reset it:\n" + link; @@ -193,9 +192,9 @@ export class UserController extends AdaptableController { } // Mark this private -function updateUserPassword(username, token, password, config) { +function updateUserPassword(username, token, password, config) { var write = new RestWrite(config, Auth.master(config), '_User', { - username: username, + username: username, _perishable_token: token }, {password: password, _perishable_token: null }, undefined); return write.execute(); diff --git a/src/middlewares.js b/src/middlewares.js index 56ebdc1d..b3c2bf17 100644 --- a/src/middlewares.js +++ b/src/middlewares.js @@ -89,7 +89,7 @@ function handleParseHeaders(req, res, next) { var isMaster = (info.masterKey === req.config.masterKey); if (isMaster) { - req.auth = new auth.Auth(req.config, true); + req.auth = new auth.Auth({ config: req.config, installationId: info.installationId, isMaster: true }); next(); return; } @@ -114,23 +114,23 @@ function handleParseHeaders(req, res, next) { } if (!info.sessionToken) { - req.auth = new auth.Auth(req.config, false); + req.auth = new auth.Auth({ config: req.config, installationId: info.installationId, isMaster: false }); next(); return; } - return auth.getAuthForSessionToken( - req.config, info.sessionToken).then((auth) => { + return auth.getAuthForSessionToken({ config: req.config, installationId: info.installationId, sessionToken: info.sessionToken }) + .then((auth) => { if (auth) { req.auth = auth; next(); } - }).catch((error) => { + }) + .catch((error) => { // TODO: Determine the correct error scenario. console.log(error); throw new Parse.Error(Parse.Error.UNKNOWN_ERROR, error); }); - } var allowCrossDomain = function(req, res, next) { diff --git a/src/triggers.js b/src/triggers.js index 5220ce79..8622df87 100644 --- a/src/triggers.js +++ b/src/triggers.js @@ -110,12 +110,11 @@ export function getRequestObject(triggerType, auth, parseObject, originalParseOb if (auth.user) { request['user'] = auth.user; } - // TODO: Add installation to Auth? if (auth.installationId) { request['installationId'] = auth.installationId; } return request; -}; +} // Creates the response object, and uses the request object to pass data // The API will call this with REST API formatted objects, this will