* Auth module refactoring in order to be reusable
* Ensure cache controller is properly forwarded from helpers
* Nits
* Adds support for static validation
* Adds support for CLP in Live query (no support for roles yet)
* Adds e2e test to validate liveQuery hooks is properly called
* Adds tests over LiveQueryController to ensure data is correctly transmitted
* nits
* Fixes for flow types
* Removes usage of Parse.Promise
* Use the Auth module for authentication and caches
* Cleaner implementation of getting auth
* Adds authCache that stores auth promises
* Proper testing of the caching
* nits
* Fixes an issue that would let the beforeDelete be called when user has no access to the object
* Ensure we properly lock user
- Improves find method so we can attempt to read for a write poking the right ACL instead of using masterKey
- This ensure we do not run beforeDelete/beforeFind/beforeSave in the wrong scenarios
* nits
* Caps insufficient
* Added verify password to users router and tests.
* Added more tests to support more coverage.
* Added additional tests to spec. Removed condition from verifyPassword function where authData null keys condition wasn't necessary.
* Removed POST handling from verifyPassword.
* Refactored handleLogin and handleVerifyPassword to use shared helper function to validate the password provided in the request.
* Refactored verifyPassword and login to not use try/catch. Parent promise returns the error. Moved login specific functions to login handler.
* Added account lockout policy to verify password function. Added test spec for account lockout in verify password.
* no message
* Merged new changes from master. Made changes as requested from comments.
* We cannot remove hidden properties from the helper before returning to the login function. The password expiration check in the login function is dependent on some hidden properties, otherwise three password policy tests fail.
* Allows masterKey to lock _User object and prevent login with email / password
* Ensure the authData based auth can be locked out as well when accounts is masterKey only
* Fix "undefined property '__op'" in postgres update
This causes a TypeError which becomes a regular Error,
before the update can be issued. (I think)
This happens when there is an object schema,
and there is also an unrelated field in originalUpdate
which is null or undefined.
e.g. when 'location' is a mandatory object in postgres,
and 'middleName' is an optional string,
PostgresStorageAdapter would throw when a query similar
to the below was performed:
(Object.keys(originalUpdate) would include "middleName" as a value of `k`)
query.set('location', {'country': 'US'})
query.set('middleName', undefined);
* Fix lint error
* Makes InstallationRouter like others
* Adds testing for Range file requests
- Fixes issue with small requests (0-2)
* Revert "Makes InstallationRouter like others"
This reverts commit e2d2a16ebf2757db6138c7b5b33c97c56c69ead6.
* Better handling of errors in FilesRouter
* Fix incorrectness in range requests
* Better/simpler logic
* Only on mongo at it requires Gridstore
* Open file streaming to all adapters supporting it
* Improves coverage of parsers
* Ensures depreciation warning is effective
* Removes unused function
* de-duplicate logic
* Removes necessity of overriding req.params.className on subclasses routers
* Use babel-preset-env to ensure min-version compatible code
* removes dead code
* Leverage indexes in order to infer which field is duplicated upon signup
- A note mentioned that it would be possible to leverage using the indexes on username/email to infer which is duplicated
* Small nit
* Better template to match column name
* Restores original implementation for safety
* nits
* Cache users by objectID, and clear cache when updated via master key
* Go back to caching by session token. Clear out cache by querying _Session when user is modified with Master Key (ew, hopefully that can be improved later)
* Fix issue with user updates from different sessions causing stale reads
* Tests aren't transpiled...
* Still not transpiled
- Drops mailController, centralized in UserController
- Adds views folder for change_password
- Improves PromiseRouter to support text results
- Improves PromiseRouter to support empty responses for redirects
- Adds options to AdaptableController
- UsersController gracefully fails when no adapter is set
- Refactors GlobalConfig into same style for Routers
Move object ID, token, and random string generation into their own
module, cryptoUtils.
Remove hat dependency, which was used to generate session and some other
tokens, because it used non-cryptographic random number generator.
Replace it with the cryptographically secure one. The result has the
same format (32-character hex string, 128 bits of entropy).
Remove randomstring dependency, as we already have this functionality.
Add tests.
