BREAKING CHANGE: Fields in the internal scope of Parse Server (prefixed with underscore `_`) are only returned using the new `maintenanceKey`; previously the `masterKey` allowed reading of internal fields; see [access scopes](https://github.com/parse-community/parse-server#access-scopes) for a comparison of the keys' access permissions (#8212)
BREAKING CHANGE: This release restricts the use of `masterKey` to localhost by default; if you are using Parse Dashboard on a different server to connect to Parse Server you need to add the IP address of the server that hosts Parse Dashboard to this option (#8281)
* added localized pages; added refactored page templates; adapted test cases; introduced localization test cases
* added changelog entry
* fixed test description typo
* fixed bug in PromiseRouter where headers are not added for text reponse
* added page parameters in page headers for programmatic use
* refactored tests for PublicAPIRouter
* added mustache lib for template rendering
* fixed fs.promises module reference
* fixed template placeholder typo
* changed redirect response to provide headers instead of query parameters
* fix lint
* fixed syntax errors and typos in html templates
* removed obsolete URI encoding
* added locale inferring from request body and header
* added end-to-end localizaton test
* added server option validation; refactored pages server option
* fixed invalid redirect URL for no locale matching file
* added end-to-end localizaton tests
* adapted tests to new response content
* re-added PublicAPIRouter; added PagesRouter as experimental feature
* refactored PagesRouter test structure
* added configuration option for custom path to pages
* added configuration option for custom endpoint to pages
* fixed lint
* added tests
* added a distinct page for invalid password reset link
* renamed generic page invalidLink to expiredVerificationLink
* improved HTML files documentation
* improved HTML files documentation
* changed changelog entry for experimental feature
* improved file naming to make it more descriptive
* fixed file naming and env parameter naming
* added readme entry
* fixed readme TOC - hasn't been updated in a while
* added localization with JSON resource
* added JSON localization to feature pages (password reset, email verification)
* updated readme
* updated readme
* optimized JSON localization for feature pages; added e2e test case
* fixed readme typo
* minor refactoring of existing tests
* fixed bug where Object type was not recognized as config key type
* added feature config placeholders
* prettier
* added passing locale to page config placeholder callback
* refactored passing locale to placeholder to pass test
* added config placeholder feature to README
* fixed typo in README
* added fileUpload definition default value
* added undefined and null as invalid
* removed explicit default value reference
* improved test grouping in describes
* Optimize query, fixes some null returns, fix stitched GraphQLUpload
* Fix authData key selection
* Prefer Iso string since other GraphQL solutions use this format
* fix tests
Co-authored-by: Antonio Davi Macedo Coelho de Castro <adavimacedo@gmail.com>
* Set min mongodb to 3.6 in prep for parse-server 4.0
fixes: 6444
* don't use anonymous functions when we can just
pass the function.
Also remove the boolean argument in tests that no longer exists.
* generate the correct lock file. ooops.
* feat: add allowHeaders to Options
This allows developers to use custom headers in their API requests, and they will be accepted by their mounted app.
* refactor: convert allowCrossDomain to generator to add appId in scope
This is necessary as the middleware may run in OPTIONS request that do not contain the appId within the header.
* chore: update Definitions and docs
* fix: update test to use new allowCrossDomain params
* chore: add tests for allowCustomDomain middleware re: allowHeadrs
* Adds flow types / Configuration interfaces
* Lets call it options
* Use a single interface to generate the configurations
* Translates options to definitions only if comments are set
* improves logic
* Moves objects around
* Fixes issue affecting logging of circular objects
* fixes undefined env
* Moves all defaults to defaults
* Adds back CLI defaults
* Restored defaults in commander.js
* Merge provided defaults and platform defaults
* Addresses visual nits
* Improves Config.js code
* Adds ability to pass the default value in trailing comments
* Load platform defaults from the definitions file
* proper default values on various options
* Adds ParseServer.start and server.start(options) as quick startup methods
* Moves creating liveQueryServer http into ParseServer.js
* removes dead code
* Adds tests to guarantee we can start a LQ Server from main module
* Fixes incorrect code regading liveQuery init port
* Start a http server for LQ if port is specified
* ensure we dont fail if config.port is not set
* Specify port
* ignore other path skipped in tests
* Adds test for custom middleware setting
* Refactors new Config into Config.get
- Hides AppCache from ParseServer.js, use Config.put which validates
* Extracts controller creation into Controllers/index.js
- This makes the ParseServer init way simpler
* Move serverURL inference into ParseServer
* review nits
* update choose_password to have the confirmation
* add comment mark
* First version, no test
* throw error right away instead of just use masterKey false
* fix the logic
* move it up before the masterKey check
* adding some test
* typo
* remove the choose_password
* newline
* add cli options
* remove trailing space
* handle in case the server is behind proxy
* add getting the first ip in the ip list of xff
* sanity check the ip in config if it is a valid ip address
* split ip extraction to another function
* trailing spaces
* -Defines new public API route /apps/:appId/resend_verification_email that will generate a new email verification link and email for a user identified by username in POST body
-Add template and url support for invalidVerificationLink, linkSendSuccess, and linkSendFail pages. The invalidVerificationLink pages includes a button that allows the user to generate a new verification email if their current token has expired, using the new public API route
-All three pages have default html that will be functional out of the box, but they can be customized in the customPages object. The custom page for invalidVerificationLink needs to handle the extraction of the username and appId from the url and the POST to generate the new link (this requires javascript)
-Clicking a link for an email that has already been verified now routes to the emailVerifySuccess page instead of the invalidLink page
* Fix package.json repo url to be parse-server againwq
* Fix js lint issues
* Update unit tests
* Use arrow functions, change html page comments, use qs and a string template to construct location for invalidVerificationLink page, syntax fixes
* Remember to pass result when using arrow function
* Add support for push scheduling
Add a configuration flag on the server to handle the availability of
push scheduling.
* Update push controller to skip sending only if scheduling is configured
Only skip push sending if scheduling is configured
* Update bad conventions
* Add CLI definitions for push scheduling
* Adds tests for pushTime
* Adds test for scheduling
* nits
* Test for not scheduled
* Update status through increment
* adds support for incrementing nested keys
* fix issue when having spaces in keys for ordering
* Refactors PushController to use worker
* Adds tests for custom push queue config
* Makes PushController adapter independant
* Better logging of _PushStatus in VERBOSE
* Add parseFrameURL for masking user-facing pages.
Allow users to specify a different address which is used to mask parse
requests for verifying email and resetting password. This is how Parse.com
used to allow customers to gain control over page content, styling etc.
On the destination page javascript is used to check the link in the request
and embed the parse server page using IFRAME.
* Fix code indentation
* Rename method for building link and pass config to it.
* Add customPages options to README.md.
* Add tests for parseFrameURL email link building, and parseFrameURL option.
* Add parseFrameURL for masking user-facing pages.
Allow users to specify a different address which is used to mask parse
requests for verifying email and resetting password. This is how Parse.com
used to allow customers to gain control over page content, styling etc.
On the destination page javascript is used to check the link in the request
and embed the parse server page using IFRAME.
* Fix code indentation
* Rename method for building link and pass config to it.
* Add customPages options to README.md.
* Don't Object.assign to defaultConfiguration global
* Moves all authentication providers to Adapter/Auth
* refactors specs
* Deprecates oauth option in favor of auth option
- Deprecates facebookAppIds option (in favor of auth.facebook.appIds)
- Adds warnings about the deprecated options
* nits
- add a config option to explicitly enumerate pii fields beyond email
- in query controller, strip pii of user table results before sending out the door.
1. Add no space in paren rule
2. fix spec/eslintrc.json so it allow for inheriting from root rc.
Because the spce rc specified reccomended, it "turned off" all of the
rule tweaks in the root. This fixes that.
