Fix beforeLogin for users logging in with AuthData (#6872)
* fix beforeLogin * Remove Facebook AccountKit auth (#6870) * Remove Facebook AccountKit auth Account Kit services are no longer available. https://developers.facebook.com/blog/post/2019/09/09/account-kit-services-no-longer-available-starting-march/ https://www.sinch.com/blog/facebook-account-kit-is-closing-down-are-your-apps-covered/ * remove flaky test * fix: upgrade uuid from 8.2.0 to 8.3.0 (#6865) Snyk has created this PR to upgrade uuid from 8.2.0 to 8.3.0. See this package in npm: https://www.npmjs.com/package/uuid See this project in Snyk: https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr Co-authored-by: Diamond Lewis <findlewis@gmail.com> * fix: package.json & package-lock.json to reduce vulnerabilities (#6864) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-LODASH-590103 Co-authored-by: Diamond Lewis <findlewis@gmail.com> * fix: upgrade ldapjs from 2.0.0 to 2.1.0 (#6857) Snyk has created this PR to upgrade ldapjs from 2.0.0 to 2.1.0. See this package in npm: https://www.npmjs.com/package/ldapjs See this project in Snyk: https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr Co-authored-by: Diamond Lewis <findlewis@gmail.com> * fix: upgrade apollo-server-express from 2.15.1 to 2.16.0 (#6851) Snyk has created this PR to upgrade apollo-server-express from 2.15.1 to 2.16.0. See this package in npm: https://www.npmjs.com/package/apollo-server-express See this project in Snyk: https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr Co-authored-by: Diamond Lewis <findlewis@gmail.com> * fix: upgrade @graphql-tools/stitch from 6.0.12 to 6.0.13 (#6845) Snyk has created this PR to upgrade @graphql-tools/stitch from 6.0.12 to 6.0.13. See this package in npm: https://www.npmjs.com/package/@graphql-tools/stitch See this project in Snyk: https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr Co-authored-by: Diamond Lewis <findlewis@gmail.com> * fix: upgrade @graphql-tools/utils from 6.0.12 to 6.0.13 (#6846) Snyk has created this PR to upgrade @graphql-tools/utils from 6.0.12 to 6.0.13. See this package in npm: https://www.npmjs.com/package/@graphql-tools/utils See this project in Snyk: https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr Co-authored-by: Diamond Lewis <findlewis@gmail.com> * [Snyk] Upgrade winston from 3.2.1 to 3.3.2 (#6799) * fix: upgrade winston from 3.2.1 to 3.3.2 Snyk has created this PR to upgrade winston from 3.2.1 to 3.3.2. See this package in NPM: https://www.npmjs.com/package/winston See this project in Snyk: https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr * fix tests Co-authored-by: Diamond Lewis <findlewis@gmail.com> * fix beforeLogin * add test case Co-authored-by: Diamond Lewis <findlewis@gmail.com> Co-authored-by: Snyk bot <snyk-bot@snyk.io>
This commit is contained in:
Kevin Kuang
GitHub
@@ -1524,6 +1524,36 @@ describe('Parse.User testing', () => {
|
|||||||
done();
|
done();
|
||||||
});
|
});
|
||||||
|
|
||||||
|
it('login with provider should be blockable by beforeLogin even when the user has a attached file', async done => {
|
||||||
|
const provider = getMockFacebookProvider();
|
||||||
|
Parse.User._registerAuthenticationProvider(provider);
|
||||||
|
|
||||||
|
let hit = 0;
|
||||||
|
Parse.Cloud.beforeLogin(req => {
|
||||||
|
hit++;
|
||||||
|
if (req.object.get('isBanned')) {
|
||||||
|
throw new Error('banned account');
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
const user = await Parse.User._logInWith('facebook');
|
||||||
|
const base64 = 'aHR0cHM6Ly9naXRodWIuY29tL2t2bmt1YW5n';
|
||||||
|
const file = new Parse.File('myfile.txt', { base64 });
|
||||||
|
await file.save();
|
||||||
|
await user.save({ isBanned: true, file });
|
||||||
|
await Parse.User.logOut();
|
||||||
|
|
||||||
|
try {
|
||||||
|
await Parse.User._logInWith('facebook');
|
||||||
|
throw new Error('should not have continued login.');
|
||||||
|
} catch (e) {
|
||||||
|
expect(e.message).toBe('banned account');
|
||||||
|
}
|
||||||
|
|
||||||
|
expect(hit).toBe(1);
|
||||||
|
done();
|
||||||
|
});
|
||||||
|
|
||||||
it('logout with provider should call afterLogout trigger', async done => {
|
it('logout with provider should call afterLogout trigger', async done => {
|
||||||
const provider = getMockFacebookProvider();
|
const provider = getMockFacebookProvider();
|
||||||
Parse.User._registerAuthenticationProvider(provider);
|
Parse.User._registerAuthenticationProvider(provider);
|
||||||
|
|||||||
@@ -329,6 +329,10 @@ RestWrite.prototype.runBeforeLoginTrigger = async function(userData) {
|
|||||||
|
|
||||||
// Cloud code gets a bit of extra data for its objects
|
// Cloud code gets a bit of extra data for its objects
|
||||||
const extraData = { className: this.className };
|
const extraData = { className: this.className };
|
||||||
|
|
||||||
|
// Expand file objects
|
||||||
|
this.config.filesController.expandFilesInObject(this.config, userData);
|
||||||
|
|
||||||
const user = triggers.inflate(extraData, userData);
|
const user = triggers.inflate(extraData, userData);
|
||||||
|
|
||||||
// no need to return a response
|
// no need to return a response
|
||||||
|
|||||||
Reference in New Issue
Block a user