joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: joe:9.3.0-alpha.4
Branches Tags
joe:kami2 joe:alpha
joe:9.3.0-alpha.4 joe:9.3.0-alpha.3 joe:9.3.0-alpha.2 joe:9.3.0-alpha.1 joe:9.2.1-alpha.2 joe:9.2.1-alpha.1 joe:9.2.0 joe:9.2.0-alpha.5 joe:9.2.0-alpha.4 joe:9.2.0-alpha.3 joe:9.2.0-alpha.2 joe:9.2.0-alpha.1 joe:9.1.1 joe:9.1.1-alpha.1 joe:9.1.0-alpha.4 joe:9.1.0-alpha.3 joe:9.1.0-alpha.2 joe:9.1.0-alpha.1
..
compare: joe:alpha
Branches Tags
joe:alpha joe:kami2
joe:9.3.0-alpha.4 joe:9.3.0-alpha.3 joe:9.3.0-alpha.2 joe:9.3.0-alpha.1 joe:9.2.1-alpha.2 joe:9.2.1-alpha.1 joe:9.2.0 joe:9.2.0-alpha.5 joe:9.2.0-alpha.4 joe:9.2.0-alpha.3 joe:9.2.0-alpha.2 joe:9.2.0-alpha.1 joe:9.1.1 joe:9.1.1-alpha.1 joe:9.1.0-alpha.4 joe:9.1.0-alpha.3 joe:9.1.0-alpha.2 joe:9.1.0-alpha.1

6 Commits
9.3.0-alph ... alpha

Author SHA1 Message Date
Joe Bain
b93c618bc2 Remove broken app ticket code and add some docs (incomplete)
Some checks failed
ci / Code Analysis (javascript) (push) Has been cancelled
Details
ci / Node Engine Check (push) Has been cancelled
Details
ci / Lint (push) Has been cancelled
Details
ci / Check Definitions (push) Has been cancelled
Details
ci / Circular Dependencies (push) Has been cancelled
Details
ci / Docker Build (push) Has been cancelled
Details
ci / NPM Lock File Version (push) Has been cancelled
Details
ci / Check Types (push) Has been cancelled
Details
ci / MongoDB 7, ReplicaSet (push) Has been cancelled
Details
ci / MongoDB 8, ReplicaSet (push) Has been cancelled
Details
ci / Node 20 (push) Has been cancelled
Details
ci / Node 22 (push) Has been cancelled
Details
ci / Redis Cache (push) Has been cancelled
Details
ci / PostgreSQL 16, PostGIS 3.5 (push) Has been cancelled
Details
ci / PostgreSQL 17, PostGIS 3.5 (push) Has been cancelled
Details
ci / PostgreSQL 18, PostGIS 3.6 (push) Has been cancelled
Details
release-automated / release (push) Has been cancelled
Details
release-automated / docker (push) Has been cancelled
Details
release-automated / docs (push) Has been cancelled
Details
2026-02-12 17:10:25 +00:00
Joe Bain
ce5dde808a Move nintendo and steam auth config to options file 2026-02-10 17:18:46 +00:00
Joe Bain
78b803abe7 Nintendo auth is working 2026-02-10 17:18:46 +00:00
Joe Bain
ef1d5f44e7 first draft of nintendo auth 2026-02-10 17:18:35 +00:00
Joe Bain
ca873bc238 steam auth working with web ticket api 2026-02-10 17:17:29 +00:00
Joe Bain
c0ef385a7b Added steam auth using encrypted application tickets 
Not tested working though yet
 2026-02-10 17:16:53 +00:00
15 changed files with 268 additions and 398 deletions
Expand all files Collapse all files

3
benchmark/performance.js
View File

@@ -8,6 +8,7 @@
* Run with: npm run benchmark
*/
const core = require('@actions/core');
const Parse = require('parse/node');
const { performance } = require('node:perf_hooks');
const { MongoClient } = require('mongodb');
@@ -24,7 +25,6 @@ const LOG_ITERATIONS = false;
// Parse Server instance
let parseServer;
let mongoClient;
let core;
// Logging helpers
const logInfo = message => core.info(message);
@@ -529,7 +529,6 @@ async function benchmarkQueryWithIncludeNested(name) {
* Run all benchmarks
*/
async function runBenchmarks() {
core = await import('@actions/core');
logInfo('Starting Parse Server Performance Benchmarks...');
let server;

7
changelogs/CHANGELOG_alpha.md
View File

@@ -1,10 +1,3 @@
# [9.3.0-alpha.4](https://github.com/parse-community/parse-server/compare/9.3.0-alpha.3...9.3.0-alpha.4) (2026-02-12)
### Bug Fixes
* Unlinking auth provider triggers auth data validation ([#10045](https://github.com/parse-community/parse-server/issues/10045)) ([b6b6327](https://github.com/parse-community/parse-server/commit/b6b632755263417c2a3c3a31381eedc516723740))
# [9.3.0-alpha.3](https://github.com/parse-community/parse-server/compare/9.3.0-alpha.2...9.3.0-alpha.3) (2026-02-07)

2
ci/CiVersionCheck.js
View File

@@ -1,3 +1,4 @@
const core = require('@actions/core');
const semver = require('semver');
const yaml = require('yaml');
const fs = require('fs').promises;
@@ -219,7 +220,6 @@ class CiVersionCheck {
* Runs the check.
*/
async check() {
const core = await import('@actions/core');
/* eslint-disable no-console */
try {
console.log(`\nChecking ${this.packageName} versions in CI environments...`);

2
ci/definitionsCheck.js
View File

@@ -1,8 +1,8 @@
const fs = require('fs').promises;
const { exec } = require('child_process');
const core = require('@actions/core');
const util = require('util');
(async () => {
const core = await import('@actions/core');
const [currentDefinitions, currentDocs] = await Promise.all([
fs.readFile('./src/Options/Definitions.js', 'utf8'),
fs.readFile('./src/Options/docs.js', 'utf8'),

3
ci/nodeEngineCheck.js
View File

@@ -1,7 +1,7 @@
const core = require('@actions/core');
const semver = require('semver');
const fs = require('fs').promises;
const path = require('path');
let core;
/**
* This checks whether any package dependency requires a minimum node engine
@@ -137,7 +137,6 @@ class NodeEngineCheck {
}
async function check() {
core = await import('@actions/core');
// Define paths
const nodeModulesPath = path.join(__dirname, '../node_modules');
const packageJsonPath = path.join(__dirname, '../package.json');

137
package-lock.json generated
View File

@@ -1,12 +1,12 @@
{
"name": "parse-server",
"version": "9.3.0-alpha.4",
"version": "9.3.0-alpha.3",
"lockfileVersion": 2,
"requires": true,
"packages": {
"": {
"name": "parse-server",
"version": "9.3.0-alpha.4",
"version": "9.3.0-alpha.3",
"hasInstallScript": true,
"license": "Apache-2.0",
"dependencies": {
@@ -22,7 +22,7 @@
"cors": "2.8.6",
"deepcopy": "2.1.0",
"express": "5.2.1",
"express-rate-limit": "8.2.1",
"express-rate-limit": "7.5.1",
"follow-redirects": "1.15.9",
"graphql": "16.11.0",
"graphql-list-fields": "2.0.4",
@@ -58,7 +58,7 @@
"parse-server": "bin/parse-server"
},
"devDependencies": {
"@actions/core": "3.0.0",
"@actions/core": "1.11.1",
"@apollo/client": "3.13.8",
"@babel/cli": "7.27.0",
"@babel/core": "7.29.0",
@@ -83,7 +83,7 @@
"eslint-plugin-expect-type": "0.6.2",
"eslint-plugin-unused-imports": "4.4.1",
"form-data": "4.0.5",
"globals": "17.3.0",
"globals": "16.2.0",
"graphql-tag": "2.12.6",
"jasmine": "5.7.1",
"jasmine-spec-reporter": "7.0.0",
@@ -116,38 +116,37 @@
}
},
"node_modules/@actions/core": {
"version": "3.0.0",
"resolved": "https://registry.npmjs.org/@actions/core/-/core-3.0.0.tgz",
"integrity": "sha512-zYt6cz+ivnTmiT/ksRVriMBOiuoUpDCJJlZ5KPl2/FRdvwU3f7MPh9qftvbkXJThragzUZieit2nyHUyw53Seg==",
"version": "1.11.1",
"resolved": "https://registry.npmjs.org/@actions/core/-/core-1.11.1.tgz",
"integrity": "sha512-hXJCSrkwfA46Vd9Z3q4cpEpHB1rL5NG04+/rbqW9d3+CSvtB1tYe8UTpAlixa1vj0m/ULglfEK2UKxMGxCxv5A==",
"dev": true,
"dependencies": {
"@actions/exec": "^3.0.0",
"@actions/http-client": "^4.0.0"
"@actions/exec": "^1.1.1",
"@actions/http-client": "^2.0.1"
}
},
"node_modules/@actions/exec": {
"version": "3.0.0",
"resolved": "https://registry.npmjs.org/@actions/exec/-/exec-3.0.0.tgz",
"integrity": "sha512-6xH/puSoNBXb72VPlZVm7vQ+svQpFyA96qdDBvhB8eNZOE8LtPf9L4oAsfzK/crCL8YZ+19fKYVnM63Sl+Xzlw==",
"version": "1.1.1",
"resolved": "https://registry.npmjs.org/@actions/exec/-/exec-1.1.1.tgz",
"integrity": "sha512-+sCcHHbVdk93a0XT19ECtO/gIXoxvdsgQLzb2fE2/5sIZmWQuluYyjPQtrtTHdU1YzTZ7bAPN4sITq2xi1679w==",
"dev": true,
"dependencies": {
"@actions/io": "^3.0.2"
"@actions/io": "^1.0.1"
}
},
"node_modules/@actions/http-client": {
"version": "4.0.0",
"resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-4.0.0.tgz",
"integrity": "sha512-QuwPsgVMsD6qaPD57GLZi9sqzAZCtiJT8kVBCDpLtxhL5MydQ4gS+DrejtZZPdIYyB1e95uCK9Luyds7ybHI3g==",
"version": "2.0.1",
"resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.0.1.tgz",
"integrity": "sha512-PIXiMVtz6VvyaRsGY268qvj57hXQEpsYogYOu2nrQhlf+XCGmZstmuZBbAybUl1nQGnvS1k1eEsQ69ZoD7xlSw==",
"dev": true,
"dependencies": {
"tunnel": "^0.0.6",
"undici": "^6.23.0"
"tunnel": "^0.0.6"
}
},
"node_modules/@actions/io": {
"version": "3.0.2",
"resolved": "https://registry.npmjs.org/@actions/io/-/io-3.0.2.tgz",
"integrity": "sha512-nRBchcMM+QK1pdjO7/idu86rbJI5YHUKCvKs0KxnSYbVe3F51UfGxuZX4Qy/fWlp6l7gWFwIkrOzN+oUK03kfw==",
"version": "1.1.3",
"resolved": "https://registry.npmjs.org/@actions/io/-/io-1.1.3.tgz",
"integrity": "sha512-wi9JjgKLYS7U/z8PPbco+PvTb/nRWjeoFlJ1Qer83k/3C5PHQi28hiVdeE2kHXmIL99mQFawx8qt/JPjZilJ8Q==",
"dev": true
},
"node_modules/@apollo/cache-control-types": {
@@ -10342,12 +10341,10 @@
}
},
"node_modules/express-rate-limit": {
"version": "8.2.1",
"resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-8.2.1.tgz",
"integrity": "sha512-PCZEIEIxqwhzw4KF0n7QF4QqruVTcF73O5kFKUnGOyjbCCgizBBiFaYpd/fnBLUMPw/BWw9OsiN7GgrNYr7j6g==",
"dependencies": {
"ip-address": "10.0.1"
},
"version": "7.5.1",
"resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-7.5.1.tgz",
"integrity": "sha512-7iN8iPMDzOMHPUYllBEsQdWVB6fPDMPqwjBaFrgr4Jgr/+okjvzAy+UHlYYL/Vs0OsOrMkwS6PJDkFlJwoxUnw==",
"license": "MIT",
"engines": {
"node": ">= 16"
},
@@ -11465,10 +11462,11 @@
}
},
"node_modules/globals": {
"version": "17.3.0",
"resolved": "https://registry.npmjs.org/globals/-/globals-17.3.0.tgz",
"integrity": "sha512-yMqGUQVVCkD4tqjOJf3TnrvaaHDMYp4VlUSObbkIiuCPe/ofdMBFIAcBbCSRFWOnos6qRiTVStDwqPLUclaxIw==",
"version": "16.2.0",
"resolved": "https://registry.npmjs.org/globals/-/globals-16.2.0.tgz",
"integrity": "sha512-O+7l9tPdHCU320IigZZPj5zmRCFG9xHmx9cU8FqU2Rp+JN714seHV+2S9+JslCpY4gJwU2vOGox0wzgae/MCEg==",
"dev": true,
"license": "MIT",
"engines": {
"node": ">=18"
},
@@ -12275,14 +12273,6 @@
"url": "https://github.com/sponsors/sindresorhus"
}
},
"node_modules/ip-address": {
"version": "10.0.1",
"resolved": "https://registry.npmjs.org/ip-address/-/ip-address-10.0.1.tgz",
"integrity": "sha512-NWv9YLW4PoW2B7xtzaS3NCot75m6nK7Icdv0o3lfMceJVRfSoQwqD4wEH5rLwoKJwUiZ/rfpiVBhnaF0FK4HoA==",
"engines": {
"node": ">= 12"
}
},
"node_modules/ipaddr.js": {
"version": "1.9.1",
"resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz",
@@ -21711,15 +21701,6 @@
"integrity": "sha512-+A5Sja4HP1M08MaXya7p5LvjuM7K6q/2EaC0+iovj/wOcMsTzMvDFbasi/oSapiwOlt252IqsKqPjCl7huKS0A==",
"dev": true
},
"node_modules/undici": {
"version": "6.23.0",
"resolved": "https://registry.npmjs.org/undici/-/undici-6.23.0.tgz",
"integrity": "sha512-VfQPToRA5FZs/qJxLIinmU59u0r7LXqoJkCzinq3ckNJp3vKEh7jTWN589YQ5+aoAC/TGRLyJLCPKcLQbM8r9g==",
"dev": true,
"engines": {
"node": ">=18.17"
}
},
"node_modules/undici-types": {
"version": "6.19.8",
"resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.19.8.tgz",
@@ -22580,38 +22561,37 @@
},
"dependencies": {
"@actions/core": {
"version": "3.0.0",
"resolved": "https://registry.npmjs.org/@actions/core/-/core-3.0.0.tgz",
"integrity": "sha512-zYt6cz+ivnTmiT/ksRVriMBOiuoUpDCJJlZ5KPl2/FRdvwU3f7MPh9qftvbkXJThragzUZieit2nyHUyw53Seg==",
"version": "1.11.1",
"resolved": "https://registry.npmjs.org/@actions/core/-/core-1.11.1.tgz",
"integrity": "sha512-hXJCSrkwfA46Vd9Z3q4cpEpHB1rL5NG04+/rbqW9d3+CSvtB1tYe8UTpAlixa1vj0m/ULglfEK2UKxMGxCxv5A==",
"dev": true,
"requires": {
"@actions/exec": "^3.0.0",
"@actions/http-client": "^4.0.0"
"@actions/exec": "^1.1.1",
"@actions/http-client": "^2.0.1"
}
},
"@actions/exec": {
"version": "3.0.0",
"resolved": "https://registry.npmjs.org/@actions/exec/-/exec-3.0.0.tgz",
"integrity": "sha512-6xH/puSoNBXb72VPlZVm7vQ+svQpFyA96qdDBvhB8eNZOE8LtPf9L4oAsfzK/crCL8YZ+19fKYVnM63Sl+Xzlw==",
"version": "1.1.1",
"resolved": "https://registry.npmjs.org/@actions/exec/-/exec-1.1.1.tgz",
"integrity": "sha512-+sCcHHbVdk93a0XT19ECtO/gIXoxvdsgQLzb2fE2/5sIZmWQuluYyjPQtrtTHdU1YzTZ7bAPN4sITq2xi1679w==",
"dev": true,
"requires": {
"@actions/io": "^3.0.2"
"@actions/io": "^1.0.1"
}
},
"@actions/http-client": {
"version": "4.0.0",
"resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-4.0.0.tgz",
"integrity": "sha512-QuwPsgVMsD6qaPD57GLZi9sqzAZCtiJT8kVBCDpLtxhL5MydQ4gS+DrejtZZPdIYyB1e95uCK9Luyds7ybHI3g==",
"version": "2.0.1",
"resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.0.1.tgz",
"integrity": "sha512-PIXiMVtz6VvyaRsGY268qvj57hXQEpsYogYOu2nrQhlf+XCGmZstmuZBbAybUl1nQGnvS1k1eEsQ69ZoD7xlSw==",
"dev": true,
"requires": {
"tunnel": "^0.0.6",
"undici": "^6.23.0"
"tunnel": "^0.0.6"
}
},
"@actions/io": {
"version": "3.0.2",
"resolved": "https://registry.npmjs.org/@actions/io/-/io-3.0.2.tgz",
"integrity": "sha512-nRBchcMM+QK1pdjO7/idu86rbJI5YHUKCvKs0KxnSYbVe3F51UfGxuZX4Qy/fWlp6l7gWFwIkrOzN+oUK03kfw==",
"version": "1.1.3",
"resolved": "https://registry.npmjs.org/@actions/io/-/io-1.1.3.tgz",
"integrity": "sha512-wi9JjgKLYS7U/z8PPbco+PvTb/nRWjeoFlJ1Qer83k/3C5PHQi28hiVdeE2kHXmIL99mQFawx8qt/JPjZilJ8Q==",
"dev": true
},
"@apollo/cache-control-types": {
@@ -29699,12 +29679,10 @@
}
},
"express-rate-limit": {
"version": "8.2.1",
"resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-8.2.1.tgz",
"integrity": "sha512-PCZEIEIxqwhzw4KF0n7QF4QqruVTcF73O5kFKUnGOyjbCCgizBBiFaYpd/fnBLUMPw/BWw9OsiN7GgrNYr7j6g==",
"requires": {
"ip-address": "10.0.1"
}
"version": "7.5.1",
"resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-7.5.1.tgz",
"integrity": "sha512-7iN8iPMDzOMHPUYllBEsQdWVB6fPDMPqwjBaFrgr4Jgr/+okjvzAy+UHlYYL/Vs0OsOrMkwS6PJDkFlJwoxUnw==",
"requires": {}
},
"extend": {
"version": "3.0.2",
@@ -30460,9 +30438,9 @@
}
},
"globals": {
"version": "17.3.0",
"resolved": "https://registry.npmjs.org/globals/-/globals-17.3.0.tgz",
"integrity": "sha512-yMqGUQVVCkD4tqjOJf3TnrvaaHDMYp4VlUSObbkIiuCPe/ofdMBFIAcBbCSRFWOnos6qRiTVStDwqPLUclaxIw==",
"version": "16.2.0",
"resolved": "https://registry.npmjs.org/globals/-/globals-16.2.0.tgz",
"integrity": "sha512-O+7l9tPdHCU320IigZZPj5zmRCFG9xHmx9cU8FqU2Rp+JN714seHV+2S9+JslCpY4gJwU2vOGox0wzgae/MCEg==",
"dev": true
},
"globby": {
@@ -31019,11 +30997,6 @@
"p-is-promise": "^3.0.0"
}
},
"ip-address": {
"version": "10.0.1",
"resolved": "https://registry.npmjs.org/ip-address/-/ip-address-10.0.1.tgz",
"integrity": "sha512-NWv9YLW4PoW2B7xtzaS3NCot75m6nK7Icdv0o3lfMceJVRfSoQwqD4wEH5rLwoKJwUiZ/rfpiVBhnaF0FK4HoA=="
},
"ipaddr.js": {
"version": "1.9.1",
"resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz",
@@ -37554,12 +37527,6 @@
"integrity": "sha512-+A5Sja4HP1M08MaXya7p5LvjuM7K6q/2EaC0+iovj/wOcMsTzMvDFbasi/oSapiwOlt252IqsKqPjCl7huKS0A==",
"dev": true
},
"undici": {
"version": "6.23.0",
"resolved": "https://registry.npmjs.org/undici/-/undici-6.23.0.tgz",
"integrity": "sha512-VfQPToRA5FZs/qJxLIinmU59u0r7LXqoJkCzinq3ckNJp3vKEh7jTWN589YQ5+aoAC/TGRLyJLCPKcLQbM8r9g==",
"dev": true
},
"undici-types": {
"version": "6.19.8",
"resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.19.8.tgz",

8
package.json
View File

@@ -1,6 +1,6 @@
{
"name": "parse-server",
"version": "9.3.0-alpha.4",
"version": "9.3.0-alpha.3",
"description": "An express module providing a Parse-compatible API server",
"main": "lib/index.js",
"repository": {
@@ -32,7 +32,7 @@
"cors": "2.8.6",
"deepcopy": "2.1.0",
"express": "5.2.1",
"express-rate-limit": "8.2.1",
"express-rate-limit": "7.5.1",
"follow-redirects": "1.15.9",
"graphql": "16.11.0",
"graphql-list-fields": "2.0.4",
@@ -65,7 +65,7 @@
"ws": "8.18.2"
},
"devDependencies": {
"@actions/core": "3.0.0",
"@actions/core": "1.11.1",
"@apollo/client": "3.13.8",
"@babel/cli": "7.27.0",
"@babel/core": "7.29.0",
@@ -90,7 +90,7 @@
"eslint-plugin-expect-type": "0.6.2",
"eslint-plugin-unused-imports": "4.4.1",
"form-data": "4.0.5",
"globals": "17.3.0",
"globals": "16.2.0",
"graphql-tag": "2.12.6",
"jasmine": "5.7.1",
"jasmine-spec-reporter": "7.0.0",

238
spec/AuthenticationAdaptersV2.spec.js
View File

@@ -1338,244 +1338,6 @@ describe('Auth Adapter features', () => {
expect(user.get('authData')).toEqual({ adapterB: { id: 'test' } });
});
it('should unlink a code-based auth provider without triggering adapter validation', async () => {
const mockUserId = 'gpgamesUser123';
const mockAccessToken = 'mockAccessToken';
const otherAdapter = {
validateAppId: () => Promise.resolve(),
validateAuthData: () => Promise.resolve(),
};
mockFetch([
{
url: 'https://oauth2.googleapis.com/token',
method: 'POST',
response: {
ok: true,
json: () => Promise.resolve({ access_token: mockAccessToken }),
},
},
{
url: `https://www.googleapis.com/games/v1/players/${mockUserId}`,
method: 'GET',
response: {
ok: true,
json: () => Promise.resolve({ playerId: mockUserId }),
},
},
]);
await reconfigureServer({
auth: {
gpgames: {
clientId: 'testClientId',
clientSecret: 'testClientSecret',
},
otherAdapter,
},
});
// Sign up with username/password, then link providers
const user = new Parse.User();
await user.signUp({ username: 'gpgamesTestUser', password: 'password123' });
// Link gpgames code-based provider
await user.save({
authData: {
gpgames: { id: mockUserId, code: 'authCode123', redirect_uri: 'https://example.com/callback' },
},
});
// Link a second provider
await user.save({ authData: { otherAdapter: { id: 'other1' } } });
// Reset fetch spy to track calls during unlink
global.fetch.calls.reset();
// Unlink gpgames by setting authData to null; should not call beforeFind / external APIs
const sessionToken = user.getSessionToken();
await user.save({ authData: { gpgames: null } }, { sessionToken });
// No external HTTP calls should have been made during unlink
expect(global.fetch.calls.count()).toBe(0);
// Verify gpgames was removed while the other provider remains
await user.fetch({ useMasterKey: true });
const authData = user.get('authData');
expect(authData).toBeDefined();
expect(authData.gpgames).toBeUndefined();
expect(authData.otherAdapter).toEqual({ id: 'other1' });
});
it('should unlink one code-based provider while echoing back another unchanged', async () => {
const gpgamesUserId = 'gpgamesUser1';
const instagramUserId = 'igUser1';
// Mock gpgames API for initial login
mockFetch([
{
url: 'https://oauth2.googleapis.com/token',
method: 'POST',
response: {
ok: true,
json: () => Promise.resolve({ access_token: 'gpgamesToken' }),
},
},
{
url: `https://www.googleapis.com/games/v1/players/${gpgamesUserId}`,
method: 'GET',
response: {
ok: true,
json: () => Promise.resolve({ playerId: gpgamesUserId }),
},
},
]);
await reconfigureServer({
auth: {
gpgames: {
clientId: 'testClientId',
clientSecret: 'testClientSecret',
},
instagram: {
clientId: 'testClientId',
clientSecret: 'testClientSecret',
redirectUri: 'https://example.com/callback',
},
},
});
// Login with gpgames
const user = await Parse.User.logInWith('gpgames', {
authData: { id: gpgamesUserId, code: 'gpCode1', redirect_uri: 'https://example.com/callback' },
});
const sessionToken = user.getSessionToken();
// Mock instagram API for linking
mockFetch([
{
url: 'https://api.instagram.com/oauth/access_token',
method: 'POST',
response: {
ok: true,
json: () => Promise.resolve({ access_token: 'igToken' }),
},
},
{
url: `https://graph.instagram.com/me?fields=id&access_token=igToken`,
method: 'GET',
response: {
ok: true,
json: () => Promise.resolve({ id: instagramUserId }),
},
},
]);
// Link instagram as second provider
await user.save(
{ authData: { instagram: { id: instagramUserId, code: 'igCode1' } } },
{ sessionToken }
);
// Fetch to get current authData (afterFind strips credentials, leaving only { id })
await user.fetch({ sessionToken });
const currentAuthData = user.get('authData');
expect(currentAuthData.gpgames).toBeDefined();
expect(currentAuthData.instagram).toBeDefined();
// Reset fetch spy
global.fetch.calls.reset();
// Unlink gpgames while echoing back instagram unchanged — the common client pattern:
// fetch current state, spread it, set the one to unlink to null
user.set('authData', { ...currentAuthData, gpgames: null });
await user.save(null, { sessionToken });
// No external HTTP calls during unlink (no code exchange for unchanged instagram)
expect(global.fetch.calls.count()).toBe(0);
// Verify gpgames removed, instagram preserved
await user.fetch({ useMasterKey: true });
const finalAuthData = user.get('authData');
expect(finalAuthData).toBeDefined();
expect(finalAuthData.gpgames).toBeUndefined();
expect(finalAuthData.instagram).toBeDefined();
expect(finalAuthData.instagram.id).toBe(instagramUserId);
});
it('should reject changing an existing code-based provider id without credentials', async () => {
const mockUserId = 'gpgamesUser123';
const mockAccessToken = 'mockAccessToken';
mockFetch([
{
url: 'https://oauth2.googleapis.com/token',
method: 'POST',
response: {
ok: true,
json: () => Promise.resolve({ access_token: mockAccessToken }),
},
},
{
url: `https://www.googleapis.com/games/v1/players/${mockUserId}`,
method: 'GET',
response: {
ok: true,
json: () => Promise.resolve({ playerId: mockUserId }),
},
},
]);
await reconfigureServer({
auth: {
gpgames: {
clientId: 'testClientId',
clientSecret: 'testClientSecret',
},
},
});
// Sign up and link gpgames with valid credentials
const user = new Parse.User();
await user.save({
authData: {
gpgames: { id: mockUserId, code: 'authCode123', redirect_uri: 'https://example.com/callback' },
},
});
const sessionToken = user.getSessionToken();
// Attempt to change gpgames id without credentials (no code or access_token)
await expectAsync(
user.save({ authData: { gpgames: { id: 'differentUserId' } } }, { sessionToken })
).toBeRejectedWith(
jasmine.objectContaining({ message: jasmine.stringContaining('code is required') })
);
});
it('should reject linking a new code-based provider with only an id and no credentials', async () => {
await reconfigureServer({
auth: {
gpgames: {
clientId: 'testClientId',
clientSecret: 'testClientSecret',
},
},
});
// Sign up with username/password (no gpgames linked)
const user = new Parse.User();
await user.signUp({ username: 'linkTestUser', password: 'password123' });
const sessionToken = user.getSessionToken();
// Attempt to link gpgames with only { id } — no code or access_token
await expectAsync(
user.save({ authData: { gpgames: { id: 'victimUserId' } } }, { sessionToken })
).toBeRejectedWith(
jasmine.objectContaining({ message: jasmine.stringContaining('code is required') })
);
});
it('should handle multiple providers: add one while another remains unchanged (code-based)', async () => {
await reconfigureServer({
auth: {

23
src/Adapters/Auth/BaseCodeAuthAdapter.js
View File

@@ -72,47 +72,32 @@ export default class BaseAuthCodeAdapter extends AuthAdapter {
throw new Error('getAccessTokenFromCode is not implemented');
}
/**
* Validates auth data on login. In the standard auth flows (login, signup,
* update), `beforeFind` runs first and validates credentials, so no
* additional credential check is needed here.
*/
validateLogin(authData) {
// User validation is already done in beforeFind
return {
id: authData.id,
}
}
/**
* Validates auth data on first setup or when linking a new provider.
* In the standard auth flows, `beforeFind` runs first and validates
* credentials, so no additional credential check is needed here.
*/
validateSetUp(authData) {
// User validation is already done in beforeFind
return {
id: authData.id,
}
}
/**
* Returns the auth data to expose to the client after a query.
*/
afterFind(authData) {
return {
id: authData.id,
}
}
/**
* Validates auth data on update. In the standard auth flows, `beforeFind`
* runs first for any changed auth data and validates credentials, so no
* additional credential check is needed here. Unchanged (echoed-back) data
* skips both `beforeFind` and validation entirely.
*/
validateUpdate(authData) {
// User validation is already done in beforeFind
return {
id: authData.id,
}
}
parseResponseData(data) {

4
src/Adapters/Auth/index.js
View File

@@ -19,10 +19,12 @@ import linkedin from './linkedin';
const meetup = require('./meetup');
import mfa from './mfa';
import microsoft from './microsoft';
const nintendo = require("./nintendo");
import oauth2 from './oauth2';
const phantauth = require('./phantauth');
import qq from './qq';
import spotify from './spotify';
const steam = require("./steam");
import twitter from './twitter';
const vkontakte = require('./vkontakte');
import wechat from './wechat';
@@ -47,9 +49,11 @@ const providers = {
linkedin,
meetup,
mfa,
nintendo,
google,
github,
twitter,
steam,
spotify,
anonymous,
digits,

99
src/Adapters/Auth/nintendo.js Normal file
View File

@@ -0,0 +1,99 @@
var Parse = require('parse/node').Parse;
const { URL } = require('url');
var jwt = require('jsonwebtoken');
var jwksClient = require('jwks-rsa');
// Returns a promise that fulfills iff this nsa id token is valid
function validateAuthData(authData, authOptions) {
//console.log("going to validate for nintendo");
//console.log(authData);
if ("token" in authData) {
try {
var token = authData["token"];
var decoded = jwt.decode(token, {complete: true});
var header = decoded.header;
// console.log("got nsa id token, header is:");
// console.log(header);
// console.log("full decoded token is:");
// console.log(decoded);
if (!('alg' in header) || header['alg'] != "RS256") {
error("No algorithm specified or it didn't match expected value 'RS256'");
}
if (!('kid' in header) || !('jku' in header)) {
error("Either 'kid' or 'jku' value not present in token.");
}
var jwk_name = header['kid'];
var jku = header['jku'];
if (!isValidJKU(jku)) {
error("JKU url in token isn't valid");
}
return new Promise(function(resolve, reject) {
var client = jwksClient({
jwksUri: jku
});
function getKey(header, callback) {
client.getSigningKey(header.kid, function (err, key) {
var signingKey = key.publicKey || key.rsaPublicKey;
callback(null, signingKey);
});
}
var options = {};
jwt.verify(token, getKey, options, function(err, decoded) {
// console.log("verfied jwt, decoded value is:");
// console.log(decoded);
if (err != null) {
reject("Error verifying jwt: " + err.message);
return;
}
if (!new URL(decoded.iss).hostname.endsWith("nintendo.com")) {
reject("iss claim in token is not a nintendo server");
return;
}
var now = Math.floor(Date.now() / 1000);
if (Number.parseInt(decoded.iat) > (now + 10000)) {
reject("iat value is not in the past");
return;
}
if (Number.parseInt(decoded.exp) < (now - 10000)) {
reject("exp value is not in the future");
return;
}
if (decoded.nintendo.ai != authOptions.serverId) {
reject("application id does not match our id");
return;
}
resolve(decoded);
});
});
} catch (e) {
error('Error authenticating NSA id token: ' + e);
}
}
else {
error('No token found in the request');
}
}
// steam auth bundles the app id in the auth data so don't validate seperately
function validateAppId() {
return Promise.resolve();
}
function isValidJKU(jku) {
// todo - validate this properly?
return new URL(jku).hostname.endsWith("nintendo.com");
}
function error(message) {
throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, message);
}
module.exports = {
validateAppId,
validateAuthData
};

92
src/Adapters/Auth/steam.js Normal file
View File

@@ -0,0 +1,92 @@
/**
* Parse Server authentication adapter for Steam.
*
* @class SteamAdapter
* @param {Object} options - The adapter configuration options.
*
* @description
* ## Parse Server Configuration
* To configure Parse Server for Steam authentication, use the following structure:
* ```json
* {
* "auth": {
* "steam": {
* "appId": "your-app-id",
* "webApiKey": "your-web-api-key"
* }
* }
* }
* ```
*
* The adapter requires the following `authData` fields:
*
* ## Auth Payloads
* ```json
* {
* "steam": {
* "??": "??"
* }
* }
* ```
*
* @see {@link https://partner.steamgames.com/doc/api/ISteamUser#GetAuthTicketForWebApi Steam Web API docs}
*/
var Parse = require('parse/node').Parse;
const https = require('https');
const querystring = require('querystring');
// Returns a promise that fulfills iff this application ticket is valid
function validateAuthData(authData, authOptions) {
if ("auth_ticket" in authData) {
//console.log("Authenticate steam user using web api and auth ticket");
return callSteamWebApi(authData.auth_ticket, authOptions);
}
}
// steam auth bundles the app id in the auth data so don't validate seperately
function validateAppId() {
return Promise.resolve();
}
function callSteamWebApi(auth_ticket, authOptions) {
return new Promise(function(resolve, reject) {
// GET parameters
const parameters = {
key: authOptions.webApiKey,
appid: authOptions.appId, // could try the demo id too, but we know that doesn't allow online play so don't worry for now
ticket: auth_ticket,
identity: authOptions.serverId
}
const get_request_args = querystring.stringify(parameters);
const options = {
host: "partner.steam-api.com",
path: "/ISteamUserAuth/AuthenticateUserTicket/v1/?" + get_request_args,
headers : {
'Content-Type': 'application/x-www-form-urlencoded'
}
}
var request = https.request(options, (response) => {
//console.log("Steam web auth sucess");
resolve();
});
request.on('error', (error) => {
//console.log(error.message);
reject('The Steam web api could not authenticate the user with the given auth ticket');
});
request.end();
});
}
module.exports = {
validateAppId,
validateAuthData
};

20
src/Adapters/Storage/Postgres/PostgresStorageAdapter.js
View File

@@ -1607,28 +1607,20 @@ export class PostgresStorageAdapter implements StorageAdapter {
const generate = (jsonb: string, key: string, value: any) => {
return `json_object_set_key(COALESCE(${jsonb}, '{}'::jsonb), ${key}, ${value})::jsonb`;
};
const generateRemove = (jsonb: string, key: string) => {
return `(COALESCE(${jsonb}, '{}'::jsonb) - ${key})`;
};
const lastKey = `$${index}:name`;
const fieldNameIndex = index;
index += 1;
values.push(fieldName);
const update = Object.keys(fieldValue).reduce((lastKey: string, key: string) => {
let value = fieldValue[key];
if (value && value.__op === 'Delete') {
value = null;
}
if (value === null) {
const str = generateRemove(lastKey, `$${index}::text`);
values.push(key);
index += 1;
return str;
}
const str = generate(lastKey, `$${index}::text`, `$${index + 1}::jsonb`);
index += 2;
let value = fieldValue[key];
if (value) {
value = JSON.stringify(value);
if (value.__op === 'Delete') {
value = null;
} else {
value = JSON.stringify(value);
}
}
values.push(key, value);
return str;

18
src/Auth.js
View File

@@ -417,29 +417,15 @@ Auth.prototype._getAllRolesNamesForRoleIds = function (roleIDs, names = [], quer
});
};
const findUsersWithAuthData = async (config, authData, beforeFind, currentUserAuthData) => {
const findUsersWithAuthData = async (config, authData, beforeFind) => {
const providers = Object.keys(authData);
const queries = await Promise.all(
providers.map(async provider => {
const providerAuthData = authData[provider];
// Skip providers being unlinked (null value)
if (providerAuthData === null) {
return null;
}
// Skip beforeFind only when incoming data is confirmed unchanged from stored data.
// This handles echoed-back authData from afterFind (e.g. client sends back { id: 'x' }
// alongside a provider unlink). On login/signup, currentUserAuthData is undefined so
// beforeFind always runs, preserving it as the security gate for missing credentials.
const storedProviderData = currentUserAuthData?.[provider];
const incomingKeys = Object.keys(providerAuthData || {});
const isUnchanged = storedProviderData && incomingKeys.length > 0 &&
!incomingKeys.some(key => !isDeepStrictEqual(providerAuthData[key], storedProviderData[key]));
const adapter = config.authDataManager.getValidatorForProvider(provider)?.adapter;
if (beforeFind && typeof adapter?.beforeFind === 'function' && !isUnchanged) {
if (beforeFind && typeof adapter?.beforeFind === 'function') {
await adapter.beforeFind(providerAuthData);
}

10
src/RestWrite.js
View File

@@ -541,15 +541,7 @@ RestWrite.prototype.ensureUniqueAuthDataId = async function () {
};
RestWrite.prototype.handleAuthData = async function (authData) {
let currentUserAuthData;
if (this.query?.objectId) {
const [currentUser] = await this.config.database.find(
'_User',
{ objectId: this.query.objectId }
);
currentUserAuthData = currentUser?.authData;
}
const r = await Auth.findUsersWithAuthData(this.config, authData, true, currentUserAuthData);
const r = await Auth.findUsersWithAuthData(this.config, authData, true);
const results = this.filteredObjectsByACL(r);
const userId = this.getUserId();