joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(GraphQL): Remove "password" output field from _User class (#5889)

Browse Source
This commit is contained in:
Douglas Muraoka
2019-08-06 21:21:33 -03:00
committed by Antonio Davi Macedo Coelho de Castro
parent ef14ca530d
commit f81da11b84
2 changed files with 21 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
spec/ParseGraphQLServer.spec.js
View File

@@ -765,6 +765,21 @@ describe('ParseGraphQLServer', () => {
})).data['__type'].fields.map(field => field.name); })).data['__type'].fields.map(field => field.name);
expect(userFields.indexOf('foo') !== -1).toBeTruthy(); expect(userFields.indexOf('foo') !== -1).toBeTruthy();
}); });
it('should not contain password field from _User class', async () => {
const userFields = (await apolloClient.query({
query: gql`
query UserType {
__type(name: "_UserClass") {
fields {
name
}
}
}
`,
})).data['__type'].fields.map(field => field.name);
expect(userFields.includes('password')).toBeFalsy();
});
}); });
describe('Configuration', function() { describe('Configuration', function() {

6
src/GraphQL/loaders/parseClassTypes.js
View File

@@ -213,6 +213,12 @@ const getInputFieldsAndConstraints = function(
} else { } else {
classOutputFields = classCustomFields; classOutputFields = classCustomFields;
} }
// Filters the "password" field from class _User
if (parseClass.className === '_User') {
classOutputFields = classOutputFields.filter(
outputField => outputField !== 'password'
);
}
if (allowedConstraintFields) { if (allowedConstraintFields) {
classConstraintFields = classCustomFields.filter(field => { classConstraintFields = classCustomFields.filter(field => {