joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,388 Commits 2 Branches 18 Tags
dbe8b72d8ab0c5f1ba191ef844a3ce5cf9fd6249
Commit Graph

1344 Commits

Author SHA1 Message Date
Onur
105ae7c8a5 feat: Switch GraphQL server from Yoga v2 to Apollo v4 (#8959) 2024-03-02 02:06:47 +01:00
EhsanParsania
a7b5b38418 fix: Deny request if master key is not set in Parse Server option masterKeyIps regardless of ACL and CLP (#8957) 
BREAKING CHANGE: A request using the master key will now be rejected as unauthorized if the IP from which the request originates is not set in the Parse Server option `masterKeyIps`, even if the request does not require the master key permission, for example for a public object in a public class class.
 2024-03-01 18:37:07 +01:00
Manuel
cbefe770a7 fix: Improve PostgreSQL injection detection; fixes security vulnerability [GHSA-6927-3vr9-fxf2](https://github.com/parse-community/parse-server/security/advisories/GHSA-6927-3vr9-fxf2) which affects Parse Server deployments using a Postgres database (#8961) 2024-03-01 16:52:05 +01:00
Corey
5202212b0b refactor: Remove deprecated bcrypt-nodejs package (#8902) 2024-02-15 12:08:39 +01:00
Onur
0cf58eb8d6 feat: Deprecation DEPPS6: Authentication adapters disabled by default (#8858) 
BREAKING CHANGE: Authentication adapters are disabled by default; to use an authentication adapter it needs to be explicitly enabled in the Parse Server authentication adapter option `auth.<provider>.enabled: true`
 2024-02-15 01:28:09 +01:00
Onur
e29845f8da feat: Deprecation DEPPS8: Parse Server option allowExpiredAuthDataToken defaults to false (#8860) 
BREAKING CHANGE: Parse Server option `allowExpiredAuthDataToken` defaults to `false`; a 3rd party authentication token will be validated every time the user tries to log in and the login will fail if the token has expired; the effect of this change may differ for different authentication adapters, depending on the token lifetime and the token refresh logic of the adapter
 2024-02-15 01:07:35 +01:00
Onur
38983e8e9b feat: Deprecation DEPPS9: LiveQuery fields option is renamed to keys (#8852) 
BREAKING CHANGE: LiveQuery `fields` option is renamed to `keys`
 2024-02-15 00:31:15 +01:00
Onur
4e6a375b51 feat: Deprecation DEPPS7: Remove deprecated Cloud Code file trigger syntax (#8855) 
BREAKING CHANGE: Cloud Code file trigger syntax has been aligned with object trigger syntax, for example `Parse.Cloud.beforeDeleteFile'` has been changed to `Parse.Cloud.beforeDelete(Parse.File, (request) => {})'`
 2024-02-14 22:54:30 +01:00
Antoine Cormouls
1aba6382c8 fix: GraphQL file upload fails in case of use of pointer or relation (#8721) 2024-02-14 21:44:42 +01:00
Manuel
633a9d25e4 feat: Add password validation via POST request for user with unverified email using master key and option ignoreEmailVerification (#8895) 2024-01-17 17:43:04 +01:00
Ziv Chen
66e36039d8 fix: Server crashes when receiving an array of Parse.Pointer in the request body (#8784) 2024-01-15 16:02:57 +01:00
Manuel
1eb95aeb41 fix: Incomplete user object in verifyEmail function if both username and email are changed (#8889) 2024-01-15 15:44:49 +01:00
Manuel
e315c137bf fix: Username is undefined in email verification link on email change (#8887) 2024-01-15 00:47:03 +01:00
Manuel
0023ce448a fix: Parse Server option emailVerifyTokenReuseIfValid: true generates new token on every email verification request (#8885) 2024-01-14 01:37:20 +01:00
Manuel
8adcbee112 feat: Add installationId, ip, resendRequest to arguments passed to verifyUserEmails on verification email request (#8873) 
BREAKING CHANGE: The `Parse.User` passed as argument if `verifyUserEmails` is set to a function is renamed from `user` to `object` for consistency with invocations of `verifyUserEmails` on signup or login; the user object is not a plain JavaScript object anymore but an instance of `Parse.User`
 2024-01-06 16:41:13 +01:00
Manuel
972f630016 feat: Add Parse.User as function parameter to Parse Server options verifyUserEmails, preventLoginWithUnverifiedEmail on login (#8850) 2023-12-28 00:34:58 +01:00
Manuel
8e7a6b1480 fix: Conditional email verification not working in some cases if verifyUserEmails, preventLoginWithUnverifiedEmail set to functions (#8838) 2023-12-26 21:01:27 +01:00
Diamond Lewis
f9dde4a9f8 feat: Allow Parse.Session.current on expired session token instead of throwing error (#8722) 
BREAKING CHANGE: `Parse.Session.current()` no longer throws an error if the session token is expired, but instead returns the session token with its expiration date to allow checking its validity
 2023-12-25 20:40:49 +01:00
Manuel
a22dbe16d5 feat: Add installationId to arguments for verifyUserEmails, preventLoginWithUnverifiedEmail (#8836) 2023-12-17 01:50:19 +01:00
Lucas Coratger
3de8494a22 feat: Add support for MongoDB 7 (#8761) 
BREAKING CHANGE: `Parse.Query` no longer supports the BSON type `code`; although this feature was never officially documented, its removal is announced as a breaking change to protect deployments where it might be in use.
 2023-12-10 02:42:40 +01:00
Antoine Cormouls
b87daba067 perf: Improved IP validation performance for masterKeyIPs, maintenanceKeyIPs (#8510) 2023-11-19 23:13:16 +01:00
Mattia Faraci
09fbeebba8 feat: Add compatibility for MongoDB Atlas Serverless and AWS Amazon DocumentDB with collation options enableCollationCaseComparison, transformEmailToLowercase, transformUsernameToLowercase (#8805) 2023-11-13 23:32:47 +01:00
Manuel
80b987d00d test: Improve test for $setOnInsert (#8793) 2023-10-25 20:32:58 +02:00
Manuel
f630a45aa5 feat: Add $setOnInsert operator to Parse.Server.database.update (#8791) 2023-10-25 19:13:27 +02:00
Manuel
fe02d3e8aa refactor: Server crash when uploading file without extension; fixes security vulnerability [GHSA-792q-q67h-w579](https://github.com/parse-community/parse-server/security/advisories/GHSA-792q-q67h-w579) (#8779) 2023-10-21 01:03:02 +02:00
Doug Drechsel
93af48a8b4 ci: Add ability to exclude tests via ID in testExclusionList.json (#8774) 2023-10-18 22:39:41 +02:00
Rikard Teodorsson
7d32d8934f fix: Context not passed to Cloud Code Trigger beforeFind when using Parse.Query.include (#8765) 2023-10-14 02:57:47 +02:00
Wes
77bbfb3f18 feat: Allow setting createdAt and updatedAt during Parse.Object creation with maintenance key (#8696) 2023-09-29 22:17:48 +02:00
Marc Derhammer
3d6d50e0af fix: Parse Server option fileUpload.fileExtensions fails to determine file extension if filename contains multiple dots (#8754) 2023-09-23 22:43:34 +02:00
Diamond Lewis
a9c34ef1e2 feat: Add context to Cloud Code Triggers beforeLogin and afterLogin (#8724) 2023-09-20 10:47:35 +02:00
Manuel
977edeaf28 test: Add tests for isGet parameter in Cloud Code trigger beforeFind (#8738) 2023-09-06 02:42:50 +02:00
Manuel
5954f0ffa0 refactor: Parse Pointer allows to access internal Parse Server classes and circumvent beforeFind query trigger (#8735) 2023-09-04 16:01:02 +02:00
Bartosz Marganiec
6a4a00ca7a fix: Parse Server option fileUpload.fileExtensions does not work with an array of extensions (#8688) 2023-07-18 00:34:46 +02:00
Daniel
c9b59719ec refactor: Change response types of TOTP adapter to match existing adapters (#8661) 2023-07-06 17:22:18 +02:00
Daniel
a9d376b61f feat: Add property Parse.Server.version to determine current version of Parse Server in Cloud Code (#8670) 2023-07-05 22:11:35 +02:00
Daniel
4e2000bc56 fix: Server does not start via CLI when auth option is set (#8666) 2023-07-04 13:16:55 +02:00
Corey
3f03bd3c6f refactor: Remove duplicate user index creation (#8662) 2023-06-30 01:15:58 +02:00
Manuel
31805c96ec refactor: Remote code execution via MongoDB BSON parser through prototype pollution; fixes security vulnerability [GHSA-462x-c3jw-7vr6](https://github.com/parse-community/parse-server/security/advisories/GHSA-462x-c3jw-7vr6) (#8676) 2023-06-28 23:38:14 +02:00
Daniel
cc079a40f6 feat: Add TOTP authentication adapter (#8457) 2023-06-23 17:57:57 +02:00
Daniel
068fb9e777 refactor: Add option to convert Parse.Object to instance in Cloud Function payload (#8646) 2023-06-23 16:29:54 +02:00
Daniel
44acd6d9ed feat: Add conditional email verification via dynamic Parse Server options verifyUserEmails, sendUserEmailVerification that now accept functions (#8425) 2023-06-20 12:10:25 +02:00
Manuel Trezza
24c0b03f5e Squashed commit of the following: 
commit 150627328f
Author: semantic-release-bot <semantic-release-bot@martynus.net>
Date:   Sat May 20 23:24:03 2023 +0000

    chore(release): 6.2.0 [skip ci]

    # [6.2.0](https://github.com/parse-community/parse-server/compare/6.1.0...6.2.0) (2023-05-20)

    ### Features

    * Add new Parse Server option `fileUpload.fileExtensions` to restrict file upload by file extension; this fixes a security vulnerability in which a phishing attack could be performed using an uploaded HTML file; by default the new option only allows file extensions matching the regex pattern `^[^hH][^tT][^mM][^lL]?$`, which excludes HTML files; if your app currently depends on uploading files with HTML file extensions then this may be a breaking change and you could allow HTML file upload by setting the option to `['.*']` ([#8538](https://github.com/parse-community/parse-server/issues/8538)) ([a318e7b](a318e7bbaf))

commit a318e7bbaf
Author: Manuel <5673677+mtrezza@users.noreply.github.com>
Date:   Sun May 21 01:23:00 2023 +0200

    feat: Add new Parse Server option `fileUpload.fileExtensions` to restrict file upload by file extension; this fixes a security vulnerability in which a phishing attack could be performed using an uploaded HTML file; by default the new option only allows file extensions matching the regex pattern `^[^hH][^tT][^mM][^lL]?$`, which excludes HTML files; if your app currently depends on uploading files with HTML file extensions then this may be a breaking change and you could allow HTML file upload by setting the option to `['.*']` (#8538)

commit 832702dffd
Author: semantic-release-bot <semantic-release-bot@martynus.net>
Date:   Mon May 1 21:50:23 2023 +0000

    chore(release): 6.1.0 [skip ci]

    # [6.1.0](https://github.com/parse-community/parse-server/compare/6.0.0...6.1.0) (2023-05-01)

    ### Bug Fixes

    * LiveQuery can return incorrectly formatted date ([#8456](https://github.com/parse-community/parse-server/issues/8456)) ([4ce135a](4ce135a4fe))
    * Nested date is incorrectly decoded as empty object `{}` when fetching a Parse Object ([#8446](https://github.com/parse-community/parse-server/issues/8446)) ([22d2446](22d2446dfe))
    * Parameters missing in `afterFind` trigger of authentication adapters ([#8458](https://github.com/parse-community/parse-server/issues/8458)) ([ce34747](ce34747e8a))
    * Rate limiting across multiple servers via Redis not working ([#8469](https://github.com/parse-community/parse-server/issues/8469)) ([d9e347d](d9e347d741))
    * Security upgrade jsonwebtoken to 9.0.0 ([#8420](https://github.com/parse-community/parse-server/issues/8420)) ([f5bfe45](f5bfe4571e))

    ### Features

    * Add `afterFind` trigger to authentication adapters ([#8444](https://github.com/parse-community/parse-server/issues/8444)) ([c793bb8](c793bb88e7))
    * Add option `schemaCacheTtl` for schema cache pulling as alternative to `enableSchemaHooks` ([#8436](https://github.com/parse-community/parse-server/issues/8436)) ([b3b76de](b3b76de71b))
    * Add Parse Server option `resetPasswordSuccessOnInvalidEmail` to choose success or error response on password reset with invalid email ([#7551](https://github.com/parse-community/parse-server/issues/7551)) ([e5d610e](e5d610e5e4))
    * Add rate limiting across multiple servers via Redis ([#8394](https://github.com/parse-community/parse-server/issues/8394)) ([34833e4](34833e42ee))
    * Allow multiple origins for header `Access-Control-Allow-Origin` ([#8517](https://github.com/parse-community/parse-server/issues/8517)) ([4f15539](4f15539ac2))
    * Deprecate LiveQuery `fields` option in favor of `keys` for semantic consistency ([#8388](https://github.com/parse-community/parse-server/issues/8388)) ([a49e323](a49e323d5a))
    * Export `AuthAdapter` to make it available for extension with custom authentication adapters ([#8443](https://github.com/parse-community/parse-server/issues/8443)) ([40c1961](40c196153b))

commit 18b63d1da7
Merge: f7eee19d f59d46c9
Author: Manuel <5673677+mtrezza@users.noreply.github.com>
Date:   Mon May 1 23:49:22 2023 +0200

    build: Release (#8526)
 2023-06-10 23:11:12 +02:00
Daniel
03fba97e05 feat: Add zones for rate limiting by ip, user, session, global (#8508) 2023-06-09 13:27:56 +02:00
Daniel
967700bdbc fix: LiveQuery server is not shut down properly when handleShutdown is called (#8491) 2023-06-08 11:04:49 +02:00
Corey
656d673cf5 feat: Add support for $eq query constraint in LiveQuery (#8614) 2023-06-08 04:04:58 +02:00
Daniel
82da30842a feat: Add new Parse Server option preventSignupWithUnverifiedEmail to prevent returning a user without session token on sign-up with unverified email address (#8451) 2023-06-07 21:51:53 +02:00
Corey
5eb690c1c5 refactor: Incorrect spelling in hooks error message (#8585) 2023-05-28 12:58:16 +02:00
Daniel
c2e4f8369b refactor: Upgrade lru-cache from 7.12.0 to 9.1.1 (#8559) 2023-05-25 23:59:42 +02:00
Daniel
28aeda3f16 feat: Allow Parse.Object pointers in Cloud Code arguments (#8490) 2023-05-25 22:02:33 +02:00
Daniel
a005874776 refactor: Upgrade commander from 5.1.0 to 10.0.1 (#8557) 2023-05-22 17:11:50 +02:00