BREAKING CHANGE: The `Parse.User` passed as argument if `verifyUserEmails` is set to a function is renamed from `user` to `object` for consistency with invocations of `verifyUserEmails` on signup or login; the user object is not a plain JavaScript object anymore but an instance of `Parse.User`
BREAKING CHANGE: Fields in the internal scope of Parse Server (prefixed with underscore `_`) are only returned using the new `maintenanceKey`; previously the `masterKey` allowed reading of internal fields; see [access scopes](https://github.com/parse-community/parse-server#access-scopes) for a comparison of the keys' access permissions (#8212)
* Retrieve user concerned by email verification and ser objectId into query
* Linter ok
* Testing live query fired when email validation done
* Setting objectId into query if user exists
* Setting objectId into query if user exists
* adapted public api route for use with ajax
* Elegant error handling
* Fixed error return
* Public API error flow redone, tests
* Fixed code to pre-build form
* Public API change password return params
* Reverted errors in resetPassword
* Fixed querystring call
* Success test on ajax password reset
* Added few more routes to tests for coverage
* More tests and redone error return slightly
* Updated error text
* Console logs removal, renamed test, added {} to if
* Wrong error sent
* Revert changes
* Revert "Revert changes"
This reverts commit 68ee2c44bf2411ca8b56b039a4d490a7e2f99ae9.
* real revert of {}
* nits and test fix
* fix tests
* throw proper error
When user resets his password, he does it by filling his email. But often he could also not remember his username, which he needs for logging in. I think it's better to include the username in the password reset email, what do you think?
* Use RestWrite when verifying emails so hooks are called (as master)
* Fixes tests for postgres
* nit
* Makes rest.update support a full where instead of objectId
* Use rest.update to guaranteed proper beforeSave and liveQuery calls
* -Defines new public API route /apps/:appId/resend_verification_email that will generate a new email verification link and email for a user identified by username in POST body
-Add template and url support for invalidVerificationLink, linkSendSuccess, and linkSendFail pages. The invalidVerificationLink pages includes a button that allows the user to generate a new verification email if their current token has expired, using the new public API route
-All three pages have default html that will be functional out of the box, but they can be customized in the customPages object. The custom page for invalidVerificationLink needs to handle the extraction of the username and appId from the url and the POST to generate the new link (this requires javascript)
-Clicking a link for an email that has already been verified now routes to the emailVerifySuccess page instead of the invalidLink page
* Fix package.json repo url to be parse-server againwq
* Fix js lint issues
* Update unit tests
* Use arrow functions, change html page comments, use qs and a string template to construct location for invalidVerificationLink page, syntax fixes
* Remember to pass result when using arrow function
* Add parseFrameURL for masking user-facing pages.
Allow users to specify a different address which is used to mask parse
requests for verifying email and resetting password. This is how Parse.com
used to allow customers to gain control over page content, styling etc.
On the destination page javascript is used to check the link in the request
and embed the parse server page using IFRAME.
* Fix code indentation
* Rename method for building link and pass config to it.
* Add customPages options to README.md.
* Add tests for parseFrameURL email link building, and parseFrameURL option.
* Add parseFrameURL for masking user-facing pages.
Allow users to specify a different address which is used to mask parse
requests for verifying email and resetting password. This is how Parse.com
used to allow customers to gain control over page content, styling etc.
On the destination page javascript is used to check the link in the request
and embed the parse server page using IFRAME.
* Fix code indentation
* Rename method for building link and pass config to it.
* Add customPages options to README.md.
* Don't Object.assign to defaultConfiguration global
* adds resetTokenValidityDuration setting
* adds a validator to validate password that can be used to enforce strong
passwords
* adds unit tests for passwordPolicy.validator
* adds unit tests to to fail reset password function if password is not in a valid format
* updates README.md for passwordPolicy
* prevents duplicate check for password validator in updateUserPassword
* adds optional setting to disallow username in password
* updates test cases to use fdescribe instead of describe
* updates test cases to use request-promise instead of request
* adds ability to use a RegExp or Callback function or both for a passwordPolicy.validator
* expect username parameter in redirect to password_reset_success
* adds support for _perishable_token_expires_at in postgres
* Lookup for email in username field to match docs if email is undefined
* Adds support for sendMail option to when email is selected
* Proper does not exists clause
* HooksRouter is enabled by default
* Adds middleswares on PromiseRouter, fixes#2410
* Move testing line to helper
* Modernize middlewares.js
* Moves DB uniqueness initialization to DBController, modernize
* Moves testing related code to spec folder
* remove unused _removeHook function
* Adds tests, docs for Analytics and improvements
* nit
* moves back TestUtils
* remove WithoutValidation from config and push
* remove one use of WithoutValidation
* remove another WithoutValidation
* Kill WithoutValidation and skipValidation
* Add unique indexing
* Add unique indexing for username/email
* WIP
* Finish unique indexes
* Notes on how to upgrade to 2.3.0 safely
* index on unique-indexes: c454180 Revert "Log objects rather than JSON stringified objects (#1922)"
* reconfigure username/email tests
* Start dealing with test shittyness
* Remove tests for files that we are removing
* most tests passing
* fix failing test
* Make specific server config for tests async
* Fix more tests
* fix more tests
* Fix another test
* fix more tests
* Fix email validation
* move some stuff around
* Destroy server to ensure all connections are gone
* Fix broken cloud code
* Save callback to variable
* no need to delete non existant cloud
* undo
* Fix all tests where connections are left open after server closes.
* Fix issues caused by missing gridstore adapter
* Update guide for 2.3.0 and fix final tests
* use strict
* don't use features that won't work in node 4
* Fix syntax error
* Fix typos
* Add duplicate finding command
* Update 2.3.0.md
* Moves transform to MongoTransform
- Adds ACL query injection in MongoTransform
* Removes adaptiveCollection from DatabaseController
- All collections manipulations are now handled by a DBController
- Adds optional flags to configure an unsafe databaseController for direct
access
- Adds ability to configure RestWrite with multiple writes
- Moves some transfirmations to MongoTransform as they output specific code
* Renames Unsafe to WithoutValidation
- Drops mailController, centralized in UserController
- Adds views folder for change_password
- Improves PromiseRouter to support text results
- Improves PromiseRouter to support empty responses for redirects
- Adds options to AdaptableController
- UsersController gracefully fails when no adapter is set
- Refactors GlobalConfig into same style for Routers
