joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,250 Commits 2 Branches 18 Tags
3f03bd3c6f27cc1edb7174d06645f517830790fd
Commit Graph

399 Commits

Author SHA1 Message Date
Corey
3f03bd3c6f refactor: Remove duplicate user index creation (#8662) 2023-06-30 01:15:58 +02:00
Manuel
31805c96ec refactor: Remote code execution via MongoDB BSON parser through prototype pollution; fixes security vulnerability [GHSA-462x-c3jw-7vr6](https://github.com/parse-community/parse-server/security/advisories/GHSA-462x-c3jw-7vr6) (#8676) 2023-06-28 23:38:14 +02:00
Daniel
44acd6d9ed feat: Add conditional email verification via dynamic Parse Server options verifyUserEmails, sendUserEmailVerification that now accept functions (#8425) 2023-06-20 12:10:25 +02:00
Corey
5eb690c1c5 refactor: Incorrect spelling in hooks error message (#8585) 2023-05-28 12:58:16 +02:00
Daniel
b3b76de71b feat: Add option schemaCacheTtl for schema cache pulling as alternative to enableSchemaHooks (#8436) 2023-02-27 01:55:47 +01:00
Diamond Lewis
aa2cd51b70 fix: Schema without class level permissions may cause error (#8409) 2023-01-27 17:57:50 +01:00
Daniel
f3bcc9365c feat: Access the internal scope of Parse Server using the new maintenanceKey; the internal scope contains unofficial and undocumented fields (prefixed with underscore _) which are used internally by Parse Server; you may want to manipulate these fields for out-of-band changes such as data migration or correction tasks; changes within the internal scope of Parse Server may happen at any time without notice or changelog entry, it is therefore recommended to look at the source code of Parse Server to understand the effects of manipulating internal fields before using the key; it is discouraged to use the maintenanceKey for routine operations in a production environment; see [access scopes](https://github.com/parse-community/parse-server#access-scopes) (#8212) 
BREAKING CHANGE: Fields in the internal scope of Parse Server (prefixed with underscore `_`) are only returned using the new `maintenanceKey`; previously the `masterKey` allowed reading of internal fields; see [access scopes](https://github.com/parse-community/parse-server#access-scopes) for a comparison of the keys' access permissions (#8212)
 2023-01-08 22:02:12 +01:00
alljinx
8f3b694e39 feat: Add option to change the log level of the logs emitted by triggers (#8328) 2022-12-07 22:55:45 +01:00
Daniel
b2761fb378 feat: Upgrade Redis 3 to 4 for LiveQuery (#8333) 2022-11-26 17:45:30 +01:00
Manuel
7cb266b207 refactor: Prototype pollution via Cloud Code Webhooks; fixes security vulnerability [GHSA-93vw-8fm5-p2jf](https://github.com/parse-community/parse-server/security/advisories/GHSA-93vw-8fm5-p2jf) (#8308) 2022-11-10 00:24:42 +01:00
dblythy
28f0d26677 fix: relation constraints in compound queries Parse.Query.or, Parse.Query.and not working (#8203) 2022-10-24 12:45:17 +02:00
dblythy
3b775a1fb8 fix: sorting by non-existing value throws INVALID_SERVER_ERROR on Postgres (#8157) 2022-09-17 20:41:45 +02:00
Manuel
4c0c7c77b7 fix: brute force guessing of user sensitive data via search patterns (GHSA-2m6g-crv8-p3c6) (#8146) [skip release] 2022-09-02 21:43:31 +02:00
Manuel
9fd4516cde fix: protected fields exposed via LiveQuery (GHSA-crrq-vr9j-fxxh) [skip release] (#8076) 2022-06-30 13:01:40 +02:00
dblythy
199dfc1722 fix: live query role cache does not clear when a user is added to a role (#8026) 2022-06-11 10:21:55 +02:00
Antoine Cormouls
0cd902b8c2 refactor: upgrade GraphQL dependencies (#7970) 2022-06-10 14:01:45 +02:00
dblythy
47d796ea58 fix: afterSave trigger removes pointer in Parse object (#7913) 2022-05-20 10:47:38 +02:00
dblythy
b1e5565b22 fix: custom database options are not passed to MongoDB GridFS (#7911) 2022-05-01 04:21:40 +02:00
Manuel
0d6f9e951d fix: sensitive keyword detection may produce false positives (#7881) 2022-03-24 02:54:07 +01:00
Manuel
0c1b75fcbe Merge branch 'beta' into build-release-beta-19837863611 2022-03-15 00:56:54 +01:00
Manuel
e569f402b1 fix: security vulnerability that allows remote code execution (GHSA-p6h4-93qp-jhcm) (#7844) 2022-03-12 14:47:23 +01:00
Manuel
971adb5438 fix: security vulnerability that allows remote code execution (GHSA-p6h4-93qp-jhcm) (#7843) 2022-03-12 13:49:57 +01:00
Corey
a5ffb95022 refactor: remove deprecated url.parse() method (#7751) 2022-01-06 15:26:00 +01:00
Corey
0c3feaaa17 feat: add Idempotency to Postgres (#7750) 2022-01-02 19:25:53 +01:00
Corey
caf4a2341f feat: support postgresql protocol in database URI (#7757) 2022-01-02 15:25:43 +01:00
Ben Devore
6a6248b6cb fix: adding or modifying a nested property requires addField permissions (#7679) 2021-12-07 00:52:59 +01:00
Corey
c789f6c979 refactor: test moved to correct test group (#7717) 2021-11-25 19:16:46 +01:00
Samuel Denis-D'Ortun
25d5c30be2 feat: add user-defined schema and migrations (#7418) 2021-11-01 14:28:49 +01:00
Kingtous
174886e385 fix: combined and query with relational query condition returns incorrect results (#7593) 2021-10-29 19:03:50 +02:00
dblythy
caee281bc5 fix: allow LiveQuery on Parse.Session (#7554) 2021-10-08 17:24:33 +02:00
Manuel
24188a39a7 refactor: remove restricted session field (#7543) 
* add issue bot for prs

* Update CHANGELOG.md

* Update issue-bot.yml

* remove session restriction artifacts

* Update CHANGELOG.md

* Update CHANGELOG.md
 2021-09-04 03:03:46 +02:00
Manuel
c56d326b17 Add circular dependency detection to CI (#7316) 
* add circular dependency detection to CI

* fixed Auth-RestWrite circular dependency

* updated package lock

* fixed Logger circular dependency

* fix lint
 2021-04-07 20:47:57 -05:00
Diamond Lewis
a02014f557 Improve single schema cache (#7214) 
* Initial Commit

* fix flaky test

* temporary set ci timeout

* turn off ci check

* fix postgres tests

* fix tests

* node flaky test

* remove improvements

* Update SchemaPerformance.spec.js

* fix tests

* revert ci

* Create Singleton Object

* properly clear cache testing

* Cleanup

* remove fit

* try PushController.spec

* try push test rewrite

* try push enqueue time

* Increase test timeout

* remove pg server creation test

* xit push tests

* more xit

* remove skipped tests

* Fix conflicts

* reduce ci timeout

* fix push tests

* Revert "fix push tests"

This reverts commit 05aba62f1cbbca7d5d3e80b9444529f59407cb56.

* improve initialization

* fix flaky tests

* xit flaky test

* Update CHANGELOG.md

* enable debug logs

* Update LogsRouter.spec.js

* create initial indexes in series

* lint

* horizontal scaling documentation

* Update Changelog

* change horizontalScaling db option

* Add enableSchemaHooks option

* move enableSchemaHooks to databaseOptions
 2021-03-16 16:05:36 -05:00
Diamond Lewis
1666c3e382 [WIP] Enable test suite to be randomized (#7265) 
* initial run

* Update ParseGraphQLServer.spec.js

* temporarily enable reporter

* Bump retry limit

* fix undefined database

* try to catch error

* Handle LiveQueryServers

* Update Config.js

* fast-fail false

* Remove usage of AppCache

* oops

* Update contributing guide

* enable debugger, try network retry attempt 1

* Fix ldap unbinding

* move non specs to support

* add missing mock adapter

* fix Parse.Push

* RestController should match batch.spec.js

* Remove request attempt limit

* handle index.spec.js

* Update CHANGELOG.md

* Handle error: tuple concurrently updated

* test transactions

* Clear RedisCache after every test

* LoggerController.spec.js

* Update schemas.spec.js

* finally fix transactions

* fix geopoint deadlock

* transaction with clean database

* batch.spec.js
 2021-03-15 02:04:09 -05:00
Diamond Lewis
39fa17f914 Postgres: Properly initialize database on startup and debugger (#7255) 
* PG: Properly initialize database

* fix flaky tests

* flaky test

* correct test

* no idea

* clean up debugger
 2021-03-10 11:31:35 -08:00
dblythy
e53b6c2f87 run prettier (#7172) 2021-02-12 10:18:49 +01:00
Manuel
08b2ea45b0 Add account unlock on password reset (#7146) 
* added account unlock on password reset

* added account policy option

* added changelog entry

* Added docs entry

* moved changelog entry to correct position

* improved tests to ensure requesting password reset email does not unlock account

* run prettier
 2021-02-01 01:07:04 +01:00
jack092123
f846deaae3 Fix schemaCacheTTL ParseServerOption is not working (#7138) 
* Add Test case for checking SchemaCacheTTL

* Fix schemaCacheTTL not working issue

* Add Test case for TTL expires

Co-authored-by: Roach Chang <roach.chang@aoitek.com>
 2021-01-25 11:04:19 -06:00
Nikita
e592212b97 Supporting patterns in classNames for Live Queries (#7131) 
* Parse LiveQuery Server. Supporting patterns in classNames.

* Parse LiveQuery Server. Supporting patterns in classNames. Small optimisation.

* Parse LiveQuery Server. Supporting patterns in classNames. Adding info to changelog.

* Parse LiveQuery Server. Supporting patterns in classNames. Test case.
 2021-01-19 17:19:11 -05:00
Pedro Diaz
c46e8a525d Optimize redundant logic used in queries (#7061) 
* Optimize redundant logic used in queries

* Added CHANGELOG

* Fixed comments and code style after recommendations.

* Fixed code style after recommendation.

* Improved explanation in comments

* Added tests to for logic optimizations

* Added two test cases more and some comments

* Added extra test cases and fixed issue found with them.

* Removed empty lines as requested.

Co-authored-by: Pedro Diaz <p.diaz@wemersive.com>
 2020-12-15 23:41:14 -06:00
Diamond Lewis
ca1b78220f Prevent invalid column names (className and length) (#7053) 
* Prevent invalid column names

* remove className as invalid

* remove className from beforeSave hook response

* improve tests
 2020-12-09 12:19:15 -06:00
dblythy
e88f2e38f9 Feature: Reuse tokens if they haven't expired (#7017) 
* Reuse tokens if they haven't expired

* Fix failing tests

* Update UserController.js

* Update tests

* Tests for invalid config

* restart tests
 2020-11-25 09:30:52 -08:00
Diamond Lewis
e6ac3b6932 fix(prettier): Properly handle lint-stage files (#6970) 
Now handles top level files and recursive files in folders.

Set max line length to be 100
 2020-10-25 15:06:58 -05:00
Danaru
84896dbeec Set objectId into query for Email Validation (#6930) 
* Retrieve user concerned by email verification and ser objectId into query

* Linter ok

* Testing live query fired when email validation done

* Setting objectId into query if user exists

* Setting objectId into query if user exists
 2020-10-09 08:21:34 -07:00
Antoine Cormouls
62048260c9 GraphQL: Optimize queries, fixes some null returns (on object), fix stitched GraphQLUpload (#6709) 
* Optimize query, fixes some null returns, fix stitched GraphQLUpload

* Fix authData key selection

* Prefer Iso string since other GraphQL solutions use this format

* fix tests

Co-authored-by: Antonio Davi Macedo Coelho de Castro <adavimacedo@gmail.com>
 2020-10-01 15:19:26 -07:00
Antonio Davi Macedo Coelho de Castro
6f060e0909 Release 4.3.0 (#6811) 
* Release version 4.3.0

* Update CHANGELOG.md

Co-authored-by: Tom Fox <13188249+TomWFox@users.noreply.github.com>

* Update CHANGELOG.md

Co-authored-by: Tom Fox <13188249+TomWFox@users.noreply.github.com>

* Update CHANGELOG.md

Co-authored-by: Tom Fox <13188249+TomWFox@users.noreply.github.com>

* Update CHANGELOG.md

Co-authored-by: Tom Fox <13188249+TomWFox@users.noreply.github.com>

Co-authored-by: Tom Fox <13188249+TomWFox@users.noreply.github.com>
 2020-07-19 10:37:36 -07:00
mess-lelouch
d69833332c Optimizing pointer CLP query decoration done by DatabaseController#addPointerPermissions (#6747) 
* Optimize CLP pointer query

* remove console log

* Update changelog

* Fix flow type checker issues

* Remove unused properties

* Fix typo, add one more test case for coverage

* Add support for CLP entry of type Object

Co-authored-by: Musa Yassin-Fort <musa.yassin@bureapr.com>
Co-authored-by: Diamond Lewis <findlewis@gmail.com>
 2020-07-17 13:14:43 -05:00
Manuel
3bd5684f67 Add idempotency (#6748) 
* added idempotency router and middleware

* added idempotency rules for routes classes, functions, jobs, installaions, users

* fixed typo

* ignore requests without header

* removed unused var

* enabled feature only for MongoDB

* changed code comment

* fixed inconsistend storage adapter specification

* Trigger notification

* Travis CI trigger

* Travis CI trigger

* Travis CI trigger

* rebuilt option definitions

* fixed incorrect import path

* added new request ID header to allowed headers

* fixed typescript typos

* add new system class to spec helper

* fixed typescript typos

* re-added postgres conn parameter

* removed postgres conn parameter

* fixed incorrect schema for index creation

* temporarily disabling index creation to fix postgres issue

* temporarily disabling index creation to fix postgres issue

* temporarily disabling index creation to fix postgres issue

* temporarily disabling index creation to fix postgres issue

* temporarily disabling index creation to fix postgres issue

* temporarily disabling index creation to fix postgres issue

* temporarily disabling index creation to fix postgres issue

* trying to fix postgres issue

* fixed incorrect auth when writing to _Idempotency

* trying to fix postgres issue

* Travis CI trigger

* added test cases

* removed number grouping

* fixed test description

* trying to fix postgres issue

* added Github readme docs

* added change log

* refactored tests; fixed some typos

* fixed test case

* fixed default TTL value

* Travis CI Trigger

* Travis CI Trigger

* Travis CI Trigger

* added test case to increase coverage

* Trigger Travis CI

* changed configuration syntax to use regex; added test cases

* removed unused vars

* removed IdempotencyRouter

* Trigger Travis CI

* updated docs

* updated docs

* updated docs

* updated docs

* update docs

* Trigger Travis CI

* fixed coverage

* removed code comments
 2020-07-15 13:10:33 -05:00
Diamond Lewis
142eaa71bd Run Prettier JS #2 (#6796) 2020-07-13 15:13:08 -07:00
Diamond Lewis
e6a6354b29 Run Prettier JS (#6795) 2020-07-13 13:06:52 -05:00