feat: Remove deprecation DEPPS3: Config option enforcePrivateUsers defaults to true (#8283)

BREAKING CHANGE: The Parse Server option `enforcePrivateUsers` is set to `true` by default; in previous releases this option defaults to `false`; this change improves the default security configuration of Parse Server (#8283)
2022-11-17 08:59:44 +11:00
parent 6e66b20e28
commit ed499e32a2
12 changed files with 85 additions and 17 deletions
--- a/spec/ParseGraphQLServer.spec.js
+++ b/spec/ParseGraphQLServer.spec.js
@@ -292,30 +292,37 @@ describe('ParseGraphQLServer', () => {
    let objects = [];

    async function prepareData() {
+      const acl = new Parse.ACL();
+      acl.setPublicReadAccess(true);
      user1 = new Parse.User();
      user1.setUsername('user1');
      user1.setPassword('user1');
      user1.setEmail('user1@user1.user1');
+      user1.setACL(acl);
      await user1.signUp();

      user2 = new Parse.User();
      user2.setUsername('user2');
      user2.setPassword('user2');
+      user2.setACL(acl);
      await user2.signUp();

      user3 = new Parse.User();
      user3.setUsername('user3');
      user3.setPassword('user3');
+      user3.setACL(acl);
      await user3.signUp();

      user4 = new Parse.User();
      user4.setUsername('user4');
      user4.setPassword('user4');
+      user4.setACL(acl);
      await user4.signUp();

      user5 = new Parse.User();
      user5.setUsername('user5');
      user5.setPassword('user5');
+      user5.setACL(acl);
      await user5.signUp();

      const roleACL = new Parse.ACL();
@@ -7066,6 +7073,11 @@ describe('ParseGraphQLServer', () => {
                },
              },
            },
+            context: {
+              headers: {
+                'X-Parse-Master-Key': 'test',
+              },
+            },
          });

          expect(result.data.createUser.clientMutationId).toEqual(clientMutationId);
@@ -7123,6 +7135,7 @@ describe('ParseGraphQLServer', () => {
                      username: 'user2',
                      password: 'user2',
                      someField: 'someValue2',
+                      ACL: { public: { read: true, write: true } },
                    },
                  },
                  someField: 'someValue',
@@ -7195,6 +7208,7 @@ describe('ParseGraphQLServer', () => {
                      username: 'user2',
                      password: 'user2',
                      someField: 'someValue2',
+                      ACL: { public: { read: true, write: true } },
                    },
                  },
                },
@@ -8308,19 +8322,21 @@ describe('ParseGraphQLServer', () => {
          const someClass = new Parse.Object('SomeClass');
          await someClass.save();

+          const roleACL = new Parse.ACL();
+          roleACL.setPublicReadAccess(true);
+
          const user = new Parse.User();
          user.set('username', 'username');
          user.set('password', 'password');
+          user.setACL(roleACL);
          await user.signUp();

          const user2 = new Parse.User();
          user2.set('username', 'username2');
          user2.set('password', 'password2');
+          user2.setACL(roleACL);
          await user2.signUp();

-          const roleACL = new Parse.ACL();
-          roleACL.setPublicReadAccess(true);
-
          const role = new Parse.Role('aRole', roleACL);
          await role.save();

@@ -10597,6 +10613,9 @@ describe('ParseGraphQLServer', () => {
          const user = new Parse.User();
          user.setUsername('user1');
          user.setPassword('user1');
+          const acl = new Parse.ACL();
+          acl.setPublicReadAccess(true);
+          user.setACL(acl);
          await user.signUp();

          await parseGraphQLServer.parseGraphQLSchema.schemaCache.clear();