In a prior commit, improvements were made to the addition of `_rperm`
in the case of `$or` queries, to avoid MongoDB bug SERVER-13732.
As the vast majority of $or queries previously hit this bug due to the
presence of `_rperm` on most Parse queries), the present solution
avoids the bug and improves query performance in most cases.
However, it's still possible for clients to supply their own queries
which hit that bug, such as those with `_created_at` or `_updated_at`
filters, or their own properties from their data model.
This commit makes the logic currently present for `_rperm` available
to all top level filters that exist alongside an $or query, meaning
SERVER-13732 should be avoided in all cases where keys at the top and
inner levels do not have name clashes.
- https://github.com/ParsePlatform/parse-server/pull/3476
- https://jira.mongodb.org/browse/SERVER-13732
The problem this pr is trying to solve:
When an error occurs on the server, a message should
be returned to the client, and a message should be logged.
Currently, on the server, the log is just [object, object]
This pr will stop calling the default express error handler
which causes two problems: 1. it writes to console instead of log file
2. the output is completely useless! :)
Instead, we'll log the error ourselves using the ParseServer's logger.
fixes: #661
* Update status through increment
* adds support for incrementing nested keys
* fix issue when having spaces in keys for ordering
* Refactors PushController to use worker
* Adds tests for custom push queue config
* Makes PushController adapter independant
* Better logging of _PushStatus in VERBOSE
* Add parseFrameURL for masking user-facing pages.
Allow users to specify a different address which is used to mask parse
requests for verifying email and resetting password. This is how Parse.com
used to allow customers to gain control over page content, styling etc.
On the destination page javascript is used to check the link in the request
and embed the parse server page using IFRAME.
* Fix code indentation
* Rename method for building link and pass config to it.
* Add customPages options to README.md.
* Add tests for parseFrameURL email link building, and parseFrameURL option.
* Add parseFrameURL for masking user-facing pages.
Allow users to specify a different address which is used to mask parse
requests for verifying email and resetting password. This is how Parse.com
used to allow customers to gain control over page content, styling etc.
On the destination page javascript is used to check the link in the request
and embed the parse server page using IFRAME.
* Fix code indentation
* Rename method for building link and pass config to it.
* Add customPages options to README.md.
* Don't Object.assign to defaultConfiguration global
* Adds error reproduction
* Fix transform in order to accept nested array results in $in/$nin
The error originated by the nesting of 2 array in $in [["..."]], using _.flatMap with those will guarantee at the lower level
that the query is properly resolved
* nits
* _.flatMap the $in/$nin values
* Moves all authentication providers to Adapter/Auth
* refactors specs
* Deprecates oauth option in favor of auth option
- Deprecates facebookAppIds option (in favor of auth.facebook.appIds)
- Adds warnings about the deprecated options
* nits
- add a config option to explicitly enumerate pii fields beyond email
- in query controller, strip pii of user table results before sending out the door.
1. Add no space in paren rule
2. fix spec/eslintrc.json so it allow for inheriting from root rc.
Because the spce rc specified reccomended, it "turned off" all of the
rule tweaks in the root. This fixes that.
* adds resetTokenValidityDuration setting
* adds a validator to validate password that can be used to enforce strong
passwords
* adds unit tests for passwordPolicy.validator
* adds unit tests to to fail reset password function if password is not in a valid format
* updates README.md for passwordPolicy
* prevents duplicate check for password validator in updateUserPassword
* adds optional setting to disallow username in password
* updates test cases to use fdescribe instead of describe
* updates test cases to use request-promise instead of request
* adds ability to use a RegExp or Callback function or both for a passwordPolicy.validator
* expect username parameter in redirect to password_reset_success
* adds support for _perishable_token_expires_at in postgres
