* 6641: Implement support for user impersonation: master key clients can log in as any user, without access to the user's credentials, and without presuming the user already has a session
* reworded changelog
* rebuilt package lock
* fit test
* using lodash flatMap
* bump to node 12 for postgres test
* revert test fit
* add node version to postgres CI
* revert package-lock
Co-authored-by: gormanfletcher <git@gormanfletcher.com>
Co-authored-by: Manuel <5673677+mtrezza@users.noreply.github.com>
* Optimize query, fixes some null returns, fix stitched GraphQLUpload
* Fix authData key selection
* Prefer Iso string since other GraphQL solutions use this format
* fix tests
Co-authored-by: Antonio Davi Macedo Coelho de Castro <adavimacedo@gmail.com>
* Always delete data after each, even for mongo.
* Add failing simple case test
* run all tests
* 1. when validating username be case insensitive
2. add _auth_data_anonymous to specialQueryKeys...whatever that is!
* More case sensitivity
1. also make email validation case insensitive
2. update comments to reflect what this change does
* wordsmithery and grammar
* first pass at a preformant case insensitive query. mongo only so far.
* change name of parameter from insensitive to
caseInsensitive
* Postgres support
* properly handle auth data null
* wip
* use 'caseInsensitive' instead of 'insensitive' in all places.
* update commenet to reclect current plan
* skip the mystery test for now
* create case insensitive indecies for
mongo to support case insensitive
checks for email and username
* remove unneeded specialKey
* pull collation out to a function.
* not sure what i planned
to do with this test.
removing.
* remove typo
* remove another unused flag
* maintain order
* maintain order of params
* boil the ocean on param sequence
i like having explain last cause it seems
like something you would
change/remove after getting what you want
from the explain?
* add test to verify creation
and use of caseInsensitive index
* add no op func to prostgress
* get collation object from mongocollection
make flow lint happy by declaring things Object.
* fix typo
* add changelog
* kick travis
* properly reference static method
* add a test to confirm that anonymous users with
unique username that do collide when compared
insensitively can still be created.
* minot doc nits
* add a few tests to make sure our spy is working as expected
wordsmith the changelog
Co-authored-by: Diamond Lewis <findlewis@gmail.com>
* added ignore authData field
* add fix for Postgres
* add test for mongoDB
* add test login with provider despite invalid authData
* removed fit
* fixed ignoring authData in postgres
* Fix postgres test
* Throw error instead of ignore
* improve tests
* Add mongo test
* allow authData when not user class
* fix tests
* more tests
* add condition to synthesize authData field only in _User class
it is forbidden to add a custom field name beginning with `_`, so if the object is not `_User` , the transform should throw
* add warning log when ignoring invalid `authData` in `_User`
* add test to throw when custom field begins with underscore
* Add beforeLogin trigger with support for auth providers
* adjust comment that boxed off beforeLogin to a negative use-case only
* add internal error to help future maintainers regarding use of beforeLogin
* let beforeLogin accept className or constructor like other hook types
* add assertions for beforeLogin trigger className validation
* removes from emailverificationtoken spec
* updates winston
* Updates ValidationAndPasswordsReset
* Use local request in schemas
* Removes request in rest.spec
* Removes request from PushRouter0
* removes request from public API
* removes request from index.spec
* Removes request form parse.push spec
* removes request from ParseInstallation spec
* Removes from ParseHooks
* removes request from ParseGlobalConfig.spec
* Removes request from ParseAPI.spec.js
* removes request from LogsRouter
* removes in features
* Filters undefined headers instead of crashing
* Removes request from ParseUser spec
* Removes usage of request in ParseFile.spec.js
* Removes request from AuthAdapters.js
* removes request-promise from ParseGeoPoint.spec
* Removes request-promise from ParseQuery spec
* remove request-promise from UserPII
* removes request-promise from EnableExpressErrorHandler
* Updates RevocableSessionUpgrade spec
* Update RestQuery
* Removes read preferenceOptionM
* ensure we forward auth from URL
* use request in CloudCode.spec.js
* Removes request-promise from JobSchedule.spec
* Removes rp from VerifyUserPassword.spec.js
* Removes rp from PasswordPolicy spec
* Removes rp from ParsePolygon spec
* Removes rp from fullTextSearch spec
* Removes rp from PArseQuery.Aggregate
* Ensure we properly forward errors
* Removes request and request-promise
* Silences warnings from mongodb client
* Update count, delete and finds to recommended implementations
* With new parser, readPref will be null by default
* Update flaky specs wih async/await style
* Adds gridstore adapter spec
* Use GridFSBucketStorage adapter
* WIP: Integrate JS SDK v2
- Removes backbone style callbacks
- Use Promise instead of Parse.Promise
* Fixes ParseObject and ParseRelation
* Updates Parse.Query with promises
* Alls tests should pass
* Ensure a fresh user is used for each test
* Use REST implementation to avoid side effects for username/email duplicates
* Uses js sdk v2
* Various improvements in test name / de-duplications
* Reverts to class by class deletion, introduced fast mode that just delete data for mongo
- Speeds up are incredible Executed 1695 of 1713 specs INCOMPLETE (18 PENDING) in 4 mins 19 secs.
* Adds documentation about the deleteEverything
* Removes need to use babel-register
- Adds watch to watch changes when running the test to regenerate
- Tests are now pure node 8
* Adds timing to helper.js
* Update contribution guide
* Adds inline sourcemaps generation to restore coverage
* nits
* Fixes an issue that would let the beforeDelete be called when user has no access to the object
* Ensure we properly lock user
- Improves find method so we can attempt to read for a write poking the right ACL instead of using masterKey
- This ensure we do not run beforeDelete/beforeFind/beforeSave in the wrong scenarios
* nits
* Caps insufficient
* Use node 8 as development environment
* fixup! Use node 8 as development environment
* bump node to 8.10
* Targets node 8 for everything
* Run npm install so lock file is up to date
* Use push adapter v3
* Deflake a test on ParseUser
* Adds slight delay after logout
* Ensure we wait even if call fails
* Use node carbon
* Allows masterKey to lock _User object and prevent login with email / password
* Ensure the authData based auth can be locked out as well when accounts is masterKey only
* chore(package): update jasmine to version 3.0.0
Closes#4547
* Fixes failing tests for jasmine 3.0
Starting 3.0, done(something) will fail
* Update tests so they dont leverage var, but let and const
With jasmine 3.0, the randomization engine was making the test fails because of the scope of `var`
* Remove randomizer
* Use same adapter for PG tests, drop table to ensure the tests dont side effect
* Adds flow types / Configuration interfaces
* Lets call it options
* Use a single interface to generate the configurations
* Translates options to definitions only if comments are set
* improves logic
* Moves objects around
* Fixes issue affecting logging of circular objects
* fixes undefined env
* Moves all defaults to defaults
* Adds back CLI defaults
* Restored defaults in commander.js
* Merge provided defaults and platform defaults
* Addresses visual nits
* Improves Config.js code
* Adds ability to pass the default value in trailing comments
* Load platform defaults from the definitions file
* proper default values on various options
* Adds ParseServer.start and server.start(options) as quick startup methods
* Moves creating liveQueryServer http into ParseServer.js
* removes dead code
* Adds tests to guarantee we can start a LQ Server from main module
* Fixes incorrect code regading liveQuery init port
* Start a http server for LQ if port is specified
* ensure we dont fail if config.port is not set
* Specify port
* ignore other path skipped in tests
* Adds test for custom middleware setting
* Refactors new Config into Config.get
- Hides AppCache from ParseServer.js, use Config.put which validates
* Extracts controller creation into Controllers/index.js
- This makes the ParseServer init way simpler
* Move serverURL inference into ParseServer
* review nits
* Adds test to repro the issue
* Improved test
* Destroy duplicate sessions for User/Installation-id pair
- Sessions will also be created with action login instead of signup when using 3rd party auth
* Adds failing test,
the _User object is not updated as soon as you pass some authData part of the PUT
* Do not run the DB call when updating the user with new auth data, just part of the rest
