feat: Deprecation DEPPS8: Parse Server option allowExpiredAuthDataToken defaults to false (#8860)

BREAKING CHANGE: Parse Server option `allowExpiredAuthDataToken` defaults to `false`; a 3rd party authentication token will be validated every time the user tries to log in and the login will fail if the token has expired; the effect of this change may differ for different authentication adapters, depending on the token lifetime and the token refresh logic of the adapter
2024-02-15 03:07:35 +03:00
parent bbda8d2ed6
commit e29845f8da
6 changed files with 10 additions and 74 deletions
--- a/spec/ParseUser.spec.js
+++ b/spec/ParseUser.spec.js
@@ -15,51 +15,18 @@ const cryptoUtils = require('../lib/cryptoUtils');

 describe('allowExpiredAuthDataToken option', () => {
  it('should accept true value', async () => {
-    const logger = require('../lib/logger').logger;
-    const logSpy = spyOn(logger, 'warn').and.callFake(() => {});
    await reconfigureServer({ allowExpiredAuthDataToken: true });
    expect(Config.get(Parse.applicationId).allowExpiredAuthDataToken).toBe(true);
-    expect(
-      logSpy.calls
-        .all()
-        .filter(
-          log =>
-            log.args[0] ===
-            `DeprecationWarning: The Parse Server option 'allowExpiredAuthDataToken' default will change to 'false' in a future version.`
-        ).length
-    ).toEqual(0);
  });

  it('should accept false value', async () => {
-    const logger = require('../lib/logger').logger;
-    const logSpy = spyOn(logger, 'warn').and.callFake(() => {});
    await reconfigureServer({ allowExpiredAuthDataToken: false });
    expect(Config.get(Parse.applicationId).allowExpiredAuthDataToken).toBe(false);
-    expect(
-      logSpy.calls
-        .all()
-        .filter(
-          log =>
-            log.args[0] ===
-            `DeprecationWarning: The Parse Server option 'allowExpiredAuthDataToken' default will change to 'false' in a future version.`
-        ).length
-    ).toEqual(0);
  });

-  it('should default true', async () => {
-    const logger = require('../lib/logger').logger;
-    const logSpy = spyOn(logger, 'warn').and.callFake(() => {});
+  it('should default false', async () => {
    await reconfigureServer({});
-    expect(Config.get(Parse.applicationId).allowExpiredAuthDataToken).toBe(true);
-    expect(
-      logSpy.calls
-        .all()
-        .filter(
-          log =>
-            log.args[0] ===
-            `DeprecationWarning: The Parse Server option 'allowExpiredAuthDataToken' default will change to 'false' in a future version.`
-        ).length
-    ).toEqual(1);
+    expect(Config.get(Parse.applicationId).allowExpiredAuthDataToken).toBe(false);
  });

  it('should enforce boolean values', async () => {
@@ -1878,7 +1845,7 @@ describe('Parse.User testing', () => {
    });
  });

-  it('should allow login with expired authData token by default', async () => {
+  it('should not allow login with expired authData token since allowExpiredAuthDataToken is set to false by default', async () => {
    const provider = {
      authData: {
        id: '12345',
@@ -1904,37 +1871,7 @@ describe('Parse.User testing', () => {
    // In this case, we want success as it was valid once.
    // If the client needs an updated token, do lock the user out
    defaultConfiguration.auth.shortLivedAuth.setValidAccessToken('otherToken');
-    await Parse.User._logInWith('shortLivedAuth', {});
-  });
-
-  it('should not allow login with expired authData token when allowExpiredAuthDataToken is set to false', async () => {
-    await reconfigureServer({ allowExpiredAuthDataToken: false });
-    const provider = {
-      authData: {
-        id: '12345',
-        access_token: 'token',
-      },
-      restoreAuthentication() {
-        return true;
-      },
-      deauthenticate() {
-        provider.authData = {};
-      },
-      authenticate(options) {
-        options.success(this, provider.authData);
-      },
-      getAuthType() {
-        return 'shortLivedAuth';
-      },
-    };
-    defaultConfiguration.auth.shortLivedAuth.setValidAccessToken('token');
-    Parse.User._registerAuthenticationProvider(provider);
-    await Parse.User._logInWith('shortLivedAuth', {});
-    // Simulate a remotely expired token (like a short lived one)
-    // In this case, we want success as it was valid once.
-    // If the client needs an updated token, do lock the user out
-    defaultConfiguration.auth.shortLivedAuth.setValidAccessToken('otherToken');
-    expectAsync(Parse.User._logInWith('shortLivedAuth', {})).toBeRejected();
+    await expectAsync(Parse.User._logInWith('shortLivedAuth', {})).toBeRejected();
  });

  it('should allow PUT request with stale auth Data', done => {