From cf9245a4a27c9362a6796348924da276961c898b Mon Sep 17 00:00:00 2001
From: Saimoom Safayet Akash <saimoom.akash@gmail.com>
Date: Sun, 27 Oct 2019 05:12:42 +0600
Subject: [PATCH] Added warning for special URL sensitive characters for appId
 (#6159)

* Added warning for special url sensitive characters for appId

* refactored and added test case
---
 spec/index.spec.js |  8 ++++++++
 src/ParseServer.js | 10 ++++++++++
 2 files changed, 18 insertions(+)

diff --git a/spec/index.spec.js b/spec/index.spec.js
index 345a7e03..07fb59cf 100644
--- a/spec/index.spec.js
+++ b/spec/index.spec.js
@@ -26,6 +26,14 @@ describe('server', () => {
       });
   });
 
+  it('show warning if any reserved characters in appId', done => {
+    spyOn(console, 'warn').and.callThrough();
+    reconfigureServer({ appId: 'test!-^' }).then(() => {
+      expect(console.warn).toHaveBeenCalled();
+      return done();
+    });
+  });
+
   it('support http basic authentication with masterkey', done => {
     reconfigureServer({ appId: 'test' }).then(() => {
       request({
diff --git a/src/ParseServer.js b/src/ParseServer.js
index 4adc8b4a..5611c504 100644
--- a/src/ParseServer.js
+++ b/src/ParseServer.js
@@ -376,6 +376,16 @@ function injectDefaults(options: ParseServerOptions) {
     options.serverURL = `http://localhost:${options.port}${options.mountPath}`;
   }
 
+  // Reserved Characters
+  if (options.appId) {
+    const regex = /[!#$%'()*+&/:;=?@[\]{}^,|<>]/g;
+    if (options.appId.match(regex)) {
+      console.warn(
+        `\nWARNING, appId that contains special characters can cause issues while using with urls.\n`
+      );
+    }
+  }
+
   // Backwards compatibility
   if (options.userSensitiveFields) {
     /* eslint-disable no-console */