joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,828 Commits 2 Branches 18 Tags
f49c371c1373d41e68b091e65f33a71ff6fc6dd0
Commit Graph

418 Commits

Author SHA1 Message Date
Daniel
12b5d781dc feat: Add default ACL (#8701) 2025-03-24 15:15:27 +01:00
Daniel
533a60e218 refactor: Add internal method Utils.encodeForUrl for properly encoding email addresses for use in URLs (#9541) 2025-03-06 01:57:37 +01:00
Colin Ulin
e0480dfa8d feat: Upgrade to express 5.0.1 (#9530) 
BREAKING CHANGE: This upgrades the internally used Express framework from version 4 to 5, which may be a breaking change. If Parse Server is set up to be mounted on an Express application, we recommend to also use version 5 of the Express framework to avoid any compatibility issues. Note that even if there are no issues after upgrading, future releases of Parse Server may introduce issues if Parse Server internally relies on Express 5-specific features which are unsupported by the Express version on which it is mounted. See the Express [migration guide](https://expressjs.com/en/guide/migrating-5.html) and [release announcement](https://expressjs.com/2024/10/15/v5-release.html#breaking-changes) for more info.
 2025-03-03 22:11:42 +01:00
Daniel
d21dd97336 fix: Remove username from email verification and password reset process (#8488) 
BREAKING CHANGE: This removes the username from the email verification and password reset process to prevent storing personally identifiable information (PII) in server and infrastructure logs. Customized HTML pages or emails related to email verification and password reset may need to be adapted accordingly. See the new templates that come bundled with Parse Server and the [migration guide](https://github.com/parse-community/parse-server/blob/alpha/8.0.0.md) for more details.
 2025-03-02 02:32:43 +01:00
Antoine Cormouls
3a9442a42f refactor: Upgrade to mime 4.0.4 (#9363) 2024-10-23 20:03:48 +02:00
Manuel
dfd5a8edbf ci: Add lint rule for mandatory curly braces (#9348) 2024-10-16 19:57:42 +02:00
Vahid Sane
1a2da4055a feat: Add support for asynchronous invocation of FilesAdapter.getFileLocation (#9271) 2024-08-27 17:09:19 +02:00
Diamond Lewis
cf4c8807b9 feat: Add support for dot notation on array fields of Parse Object (#9115) 2024-07-08 23:29:58 +02:00
Diamond Lewis
ef1634bf1f feat: Upgrade to @parse/push-adapter 6.4.0 (#9182) 2024-07-08 22:23:57 +02:00
Diamond Lewis
5f81efb429 feat: Add silent log level for Cloud Code (#8803) 2024-03-21 16:19:29 +01:00
Oussama Meglali
2170962a50 feat: Add support for MongoDB query comment (#8928) 2024-03-03 02:27:57 +01:00
Manuel
1eb95aeb41 fix: Incomplete user object in verifyEmail function if both username and email are changed (#8889) 2024-01-15 15:44:49 +01:00
Manuel
e315c137bf fix: Username is undefined in email verification link on email change (#8887) 2024-01-15 00:47:03 +01:00
Manuel
0023ce448a fix: Parse Server option emailVerifyTokenReuseIfValid: true generates new token on every email verification request (#8885) 2024-01-14 01:37:20 +01:00
Manuel
8adcbee112 feat: Add installationId, ip, resendRequest to arguments passed to verifyUserEmails on verification email request (#8873) 
BREAKING CHANGE: The `Parse.User` passed as argument if `verifyUserEmails` is set to a function is renamed from `user` to `object` for consistency with invocations of `verifyUserEmails` on signup or login; the user object is not a plain JavaScript object anymore but an instance of `Parse.User`
 2024-01-06 16:41:13 +01:00
Manuel
8e7a6b1480 fix: Conditional email verification not working in some cases if verifyUserEmails, preventLoginWithUnverifiedEmail set to functions (#8838) 2023-12-26 21:01:27 +01:00
Mattia Faraci
09fbeebba8 feat: Add compatibility for MongoDB Atlas Serverless and AWS Amazon DocumentDB with collation options enableCollationCaseComparison, transformEmailToLowercase, transformUsernameToLowercase (#8805) 2023-11-13 23:32:47 +01:00
Manuel
f630a45aa5 feat: Add $setOnInsert operator to Parse.Server.database.update (#8791) 2023-10-25 19:13:27 +02:00
Manuel
5954f0ffa0 refactor: Parse Pointer allows to access internal Parse Server classes and circumvent beforeFind query trigger (#8735) 2023-09-04 16:01:02 +02:00
Corey
3f03bd3c6f refactor: Remove duplicate user index creation (#8662) 2023-06-30 01:15:58 +02:00
Manuel
31805c96ec refactor: Remote code execution via MongoDB BSON parser through prototype pollution; fixes security vulnerability [GHSA-462x-c3jw-7vr6](https://github.com/parse-community/parse-server/security/advisories/GHSA-462x-c3jw-7vr6) (#8676) 2023-06-28 23:38:14 +02:00
Daniel
44acd6d9ed feat: Add conditional email verification via dynamic Parse Server options verifyUserEmails, sendUserEmailVerification that now accept functions (#8425) 2023-06-20 12:10:25 +02:00
Corey
5eb690c1c5 refactor: Incorrect spelling in hooks error message (#8585) 2023-05-28 12:58:16 +02:00
Daniel
b3b76de71b feat: Add option schemaCacheTtl for schema cache pulling as alternative to enableSchemaHooks (#8436) 2023-02-27 01:55:47 +01:00
Diamond Lewis
aa2cd51b70 fix: Schema without class level permissions may cause error (#8409) 2023-01-27 17:57:50 +01:00
Daniel
f3bcc9365c feat: Access the internal scope of Parse Server using the new maintenanceKey; the internal scope contains unofficial and undocumented fields (prefixed with underscore _) which are used internally by Parse Server; you may want to manipulate these fields for out-of-band changes such as data migration or correction tasks; changes within the internal scope of Parse Server may happen at any time without notice or changelog entry, it is therefore recommended to look at the source code of Parse Server to understand the effects of manipulating internal fields before using the key; it is discouraged to use the maintenanceKey for routine operations in a production environment; see [access scopes](https://github.com/parse-community/parse-server#access-scopes) (#8212) 
BREAKING CHANGE: Fields in the internal scope of Parse Server (prefixed with underscore `_`) are only returned using the new `maintenanceKey`; previously the `masterKey` allowed reading of internal fields; see [access scopes](https://github.com/parse-community/parse-server#access-scopes) for a comparison of the keys' access permissions (#8212)
 2023-01-08 22:02:12 +01:00
alljinx
8f3b694e39 feat: Add option to change the log level of the logs emitted by triggers (#8328) 2022-12-07 22:55:45 +01:00
Daniel
b2761fb378 feat: Upgrade Redis 3 to 4 for LiveQuery (#8333) 2022-11-26 17:45:30 +01:00
Manuel
7cb266b207 refactor: Prototype pollution via Cloud Code Webhooks; fixes security vulnerability [GHSA-93vw-8fm5-p2jf](https://github.com/parse-community/parse-server/security/advisories/GHSA-93vw-8fm5-p2jf) (#8308) 2022-11-10 00:24:42 +01:00
dblythy
28f0d26677 fix: relation constraints in compound queries Parse.Query.or, Parse.Query.and not working (#8203) 2022-10-24 12:45:17 +02:00
dblythy
3b775a1fb8 fix: sorting by non-existing value throws INVALID_SERVER_ERROR on Postgres (#8157) 2022-09-17 20:41:45 +02:00
Manuel
4c0c7c77b7 fix: brute force guessing of user sensitive data via search patterns (GHSA-2m6g-crv8-p3c6) (#8146) [skip release] 2022-09-02 21:43:31 +02:00
Manuel
9fd4516cde fix: protected fields exposed via LiveQuery (GHSA-crrq-vr9j-fxxh) [skip release] (#8076) 2022-06-30 13:01:40 +02:00
dblythy
199dfc1722 fix: live query role cache does not clear when a user is added to a role (#8026) 2022-06-11 10:21:55 +02:00
Antoine Cormouls
0cd902b8c2 refactor: upgrade GraphQL dependencies (#7970) 2022-06-10 14:01:45 +02:00
dblythy
47d796ea58 fix: afterSave trigger removes pointer in Parse object (#7913) 2022-05-20 10:47:38 +02:00
dblythy
b1e5565b22 fix: custom database options are not passed to MongoDB GridFS (#7911) 2022-05-01 04:21:40 +02:00
Manuel
0d6f9e951d fix: sensitive keyword detection may produce false positives (#7881) 2022-03-24 02:54:07 +01:00
Manuel
0c1b75fcbe Merge branch 'beta' into build-release-beta-19837863611 2022-03-15 00:56:54 +01:00
Manuel
e569f402b1 fix: security vulnerability that allows remote code execution (GHSA-p6h4-93qp-jhcm) (#7844) 2022-03-12 14:47:23 +01:00
Manuel
971adb5438 fix: security vulnerability that allows remote code execution (GHSA-p6h4-93qp-jhcm) (#7843) 2022-03-12 13:49:57 +01:00
Corey
a5ffb95022 refactor: remove deprecated url.parse() method (#7751) 2022-01-06 15:26:00 +01:00
Corey
0c3feaaa17 feat: add Idempotency to Postgres (#7750) 2022-01-02 19:25:53 +01:00
Corey
caf4a2341f feat: support postgresql protocol in database URI (#7757) 2022-01-02 15:25:43 +01:00
Ben Devore
6a6248b6cb fix: adding or modifying a nested property requires addField permissions (#7679) 2021-12-07 00:52:59 +01:00
Corey
c789f6c979 refactor: test moved to correct test group (#7717) 2021-11-25 19:16:46 +01:00
Samuel Denis-D'Ortun
25d5c30be2 feat: add user-defined schema and migrations (#7418) 2021-11-01 14:28:49 +01:00
Kingtous
174886e385 fix: combined and query with relational query condition returns incorrect results (#7593) 2021-10-29 19:03:50 +02:00
dblythy
caee281bc5 fix: allow LiveQuery on Parse.Session (#7554) 2021-10-08 17:24:33 +02:00
Manuel
24188a39a7 refactor: remove restricted session field (#7543) 
* add issue bot for prs

* Update CHANGELOG.md

* Update issue-bot.yml

* remove session restriction artifacts

* Update CHANGELOG.md

* Update CHANGELOG.md
 2021-09-04 03:03:46 +02:00