* Fixes an issue that would let the beforeDelete be called when user has no access to the object
* Ensure we properly lock user
- Improves find method so we can attempt to read for a write poking the right ACL instead of using masterKey
- This ensure we do not run beforeDelete/beforeFind/beforeSave in the wrong scenarios
* nits
* Caps insufficient
* Added verify password to users router and tests.
* Added more tests to support more coverage.
* Added additional tests to spec. Removed condition from verifyPassword function where authData null keys condition wasn't necessary.
* Removed POST handling from verifyPassword.
* Refactored handleLogin and handleVerifyPassword to use shared helper function to validate the password provided in the request.
* Refactored verifyPassword and login to not use try/catch. Parent promise returns the error. Moved login specific functions to login handler.
* Added account lockout policy to verify password function. Added test spec for account lockout in verify password.
* no message
* Merged new changes from master. Made changes as requested from comments.
* We cannot remove hidden properties from the helper before returning to the login function. The password expiration check in the login function is dependent on some hidden properties, otherwise three password policy tests fail.
* Allows masterKey to lock _User object and prevent login with email / password
* Ensure the authData based auth can be locked out as well when accounts is masterKey only
* Fix "undefined property '__op'" in postgres update
This causes a TypeError which becomes a regular Error,
before the update can be issued. (I think)
This happens when there is an object schema,
and there is also an unrelated field in originalUpdate
which is null or undefined.
e.g. when 'location' is a mandatory object in postgres,
and 'middleName' is an optional string,
PostgresStorageAdapter would throw when a query similar
to the below was performed:
(Object.keys(originalUpdate) would include "middleName" as a value of `k`)
query.set('location', {'country': 'US'})
query.set('middleName', undefined);
* Fix lint error
* Add Indexes to Schema API
* error handling
* ci errors
* postgres support
* full text compound indexes
* pg clean up
* get indexes on startup
* test compound index on startup
* add default _id to index, full Text index on startup
* lint
* fix test
* let travis build against 3.x
* Cleanup dependencies and bump min version to current LTS
* Makes npm-git push all branches to -preview
* restores releases
* Bumps mime to 2.0.3 (requires node 6+)
* Bumps express to latest version
* Fixes linting issue after upgrade
* Use travis-branch for partial releases
* Support for Aggregate Queries
* improve pg and coverage
* Mongo 3.4 aggregates and tests
* replace _id with objectId
* improve tests for objectId
* project with group query
* typo
* Fix for unhandled undefined config
When an invalid application id is passed either for reset/change password or email verification, config.get returns undefined. This causes internal server.
* Throwing a 403 exception instead of returning a 404 for an invalid app id
Also, added a missing semicolon
* Fix indent issues
* Fix invalid colon to semicolon
* Fix space and indent issues
* Tests for the fix for unhandled undefined config
* Adds flow types / Configuration interfaces
* Lets call it options
* Use a single interface to generate the configurations
* Translates options to definitions only if comments are set
* improves logic
* Moves objects around
* Fixes issue affecting logging of circular objects
* fixes undefined env
* Moves all defaults to defaults
* Adds back CLI defaults
* Restored defaults in commander.js
* Merge provided defaults and platform defaults
* Addresses visual nits
* Improves Config.js code
* Adds ability to pass the default value in trailing comments
* Load platform defaults from the definitions file
* proper default values on various options
* Adds ParseServer.start and server.start(options) as quick startup methods
* Moves creating liveQueryServer http into ParseServer.js
* removes dead code
* Adds tests to guarantee we can start a LQ Server from main module
* Fixes incorrect code regading liveQuery init port
* Start a http server for LQ if port is specified
* ensure we dont fail if config.port is not set
* Specify port
* ignore other path skipped in tests
* Adds test for custom middleware setting
* Refactors new Config into Config.get
- Hides AppCache from ParseServer.js, use Config.put which validates
* Extracts controller creation into Controllers/index.js
- This makes the ParseServer init way simpler
* Move serverURL inference into ParseServer
* review nits
* add the client ip to the request config object
* add the config ip to the trigger request object
* add the config ip to the functions request object
* add tests
* remove log
* remove log
* Makes InstallationRouter like others
* Adds testing for Range file requests
- Fixes issue with small requests (0-2)
* Revert "Makes InstallationRouter like others"
This reverts commit e2d2a16ebf2757db6138c7b5b33c97c56c69ead6.
* Better handling of errors in FilesRouter
* Fix incorrectness in range requests
* Better/simpler logic
* Only on mongo at it requires Gridstore
* Open file streaming to all adapters supporting it
* Improves coverage of parsers
* Ensures depreciation warning is effective
* Removes unused function
* de-duplicate logic
* Removes necessity of overriding req.params.className on subclasses routers
* Use babel-preset-env to ensure min-version compatible code
* removes dead code
* Leverage indexes in order to infer which field is duplicated upon signup
- A note mentioned that it would be possible to leverage using the indexes on username/email to infer which is duplicated
* Small nit
* Better template to match column name
* Restores original implementation for safety
* nits
* Adds support for localized push data keys
- passign alert-[lang|locale] or title-[lang|locale] will inject the
proper locale on the push body based on the installation
* Better handling of the default cases
* Updates changelog
* nits
* nits
* Adds back _JobSchedule as volatile class
* wip
* Restores jobs endpoints for creation, update and deletion
* Adds tests
* Fixes postgres tests
* Enforce jobName exists before creating a schedule
* Use RestWrite when verifying emails so hooks are called (as master)
* Fixes tests for postgres
* nit
* Makes rest.update support a full where instead of objectId
* Use rest.update to guaranteed proper beforeSave and liveQuery calls
* -Defines new public API route /apps/:appId/resend_verification_email that will generate a new email verification link and email for a user identified by username in POST body
-Add template and url support for invalidVerificationLink, linkSendSuccess, and linkSendFail pages. The invalidVerificationLink pages includes a button that allows the user to generate a new verification email if their current token has expired, using the new public API route
-All three pages have default html that will be functional out of the box, but they can be customized in the customPages object. The custom page for invalidVerificationLink needs to handle the extraction of the username and appId from the url and the POST to generate the new link (this requires javascript)
-Clicking a link for an email that has already been verified now routes to the emailVerifySuccess page instead of the invalidLink page
* Fix package.json repo url to be parse-server againwq
* Fix js lint issues
* Update unit tests
* Use arrow functions, change html page comments, use qs and a string template to construct location for invalidVerificationLink page, syntax fixes
* Remember to pass result when using arrow function
* Add support for push scheduling
Add a configuration flag on the server to handle the availability of
push scheduling.
* Update push controller to skip sending only if scheduling is configured
Only skip push sending if scheduling is configured
* Update bad conventions
* Add CLI definitions for push scheduling
* Adds tests for pushTime
* Adds test for scheduling
* nits
* Test for not scheduled
* Update status through increment
* adds support for incrementing nested keys
* fix issue when having spaces in keys for ordering
* Refactors PushController to use worker
* Adds tests for custom push queue config
* Makes PushController adapter independant
* Better logging of _PushStatus in VERBOSE
1. Add no space in paren rule
2. fix spec/eslintrc.json so it allow for inheriting from root rc.
Because the spce rc specified reccomended, it "turned off" all of the
rule tweaks in the root. This fixes that.
