joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix beforeLogin for users logging in with AuthData (#6872)

Browse Source 
* fix beforeLogin

* Remove Facebook AccountKit auth (#6870)

* Remove Facebook AccountKit auth

Account Kit services are no longer available.

https://developers.facebook.com/blog/post/2019/09/09/account-kit-services-no-longer-available-starting-march/

https://www.sinch.com/blog/facebook-account-kit-is-closing-down-are-your-apps-covered/

* remove flaky test

* fix: upgrade uuid from 8.2.0 to 8.3.0 (#6865)

Snyk has created this PR to upgrade uuid from 8.2.0 to 8.3.0.

See this package in npm:
https://www.npmjs.com/package/uuid

See this project in Snyk:
https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr

Co-authored-by: Diamond Lewis <findlewis@gmail.com>

* fix: package.json & package-lock.json to reduce vulnerabilities (#6864)

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-LODASH-590103

Co-authored-by: Diamond Lewis <findlewis@gmail.com>

* fix: upgrade ldapjs from 2.0.0 to 2.1.0 (#6857)

Snyk has created this PR to upgrade ldapjs from 2.0.0 to 2.1.0.

See this package in npm:
https://www.npmjs.com/package/ldapjs

See this project in Snyk:
https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr

Co-authored-by: Diamond Lewis <findlewis@gmail.com>

* fix: upgrade apollo-server-express from 2.15.1 to 2.16.0 (#6851)

Snyk has created this PR to upgrade apollo-server-express from 2.15.1 to 2.16.0.

See this package in npm:
https://www.npmjs.com/package/apollo-server-express

See this project in Snyk:
https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr

Co-authored-by: Diamond Lewis <findlewis@gmail.com>

* fix: upgrade @graphql-tools/stitch from 6.0.12 to 6.0.13 (#6845)

Snyk has created this PR to upgrade @graphql-tools/stitch from 6.0.12 to 6.0.13.

See this package in npm:
https://www.npmjs.com/package/@graphql-tools/stitch

See this project in Snyk:
https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr

Co-authored-by: Diamond Lewis <findlewis@gmail.com>

* fix: upgrade @graphql-tools/utils from 6.0.12 to 6.0.13 (#6846)

Snyk has created this PR to upgrade @graphql-tools/utils from 6.0.12 to 6.0.13.

See this package in npm:
https://www.npmjs.com/package/@graphql-tools/utils

See this project in Snyk:
https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr

Co-authored-by: Diamond Lewis <findlewis@gmail.com>

* [Snyk] Upgrade winston from 3.2.1 to 3.3.2 (#6799)

* fix: upgrade winston from 3.2.1 to 3.3.2

Snyk has created this PR to upgrade winston from 3.2.1 to 3.3.2.

See this package in NPM:
https://www.npmjs.com/package/winston

See this project in Snyk:
https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr

* fix tests

Co-authored-by: Diamond Lewis <findlewis@gmail.com>

* fix beforeLogin

* add test case

Co-authored-by: Diamond Lewis <findlewis@gmail.com>
Co-authored-by: Snyk bot <snyk-bot@snyk.io>
This commit is contained in:
Kevin Kuang
2020-08-25 10:34:26 -04:00
committed by GitHub
parent 7b13661d08
commit dfa22391ad
2 changed files with 34 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
spec/ParseUser.spec.js
View File

@@ -1524,6 +1524,36 @@ describe('Parse.User testing', () => {
done();
});
it('login with provider should be blockable by beforeLogin even when the user has a attached file', async done => {
const provider = getMockFacebookProvider();
Parse.User._registerAuthenticationProvider(provider);
let hit = 0;
Parse.Cloud.beforeLogin(req => {
hit++;
if (req.object.get('isBanned')) {
throw new Error('banned account');
}
});
const user = await Parse.User._logInWith('facebook');
const base64 = 'aHR0cHM6Ly9naXRodWIuY29tL2t2bmt1YW5n';
const file = new Parse.File('myfile.txt', { base64 });
await file.save();
await user.save({ isBanned: true, file });
await Parse.User.logOut();
try {
await Parse.User._logInWith('facebook');
throw new Error('should not have continued login.');
} catch (e) {
expect(e.message).toBe('banned account');
}
expect(hit).toBe(1);
done();
});
it('logout with provider should call afterLogout trigger', async done => {
const provider = getMockFacebookProvider();
Parse.User._registerAuthenticationProvider(provider);