Merge branch 'master' into greenkeeper/parse-server-s3-adapter-1.2.0

Author: Arthur Cinader

spec/AuthenticationAdapters.spec.js

@@ -71,6 +71,10 @@ describe('AuthenticationProviers', function() {
   });
 
   var createOAuthUser = function(callback) {
+    return createOAuthUserWithSessionToken(undefined, callback);
+  }
+
+  var createOAuthUserWithSessionToken = function(token, callback) {
     var jsonBody = {
       authData: {
         myoauth: getMockMyOauthProvider().authData
@@ -81,18 +85,27 @@ describe('AuthenticationProviers', function() {
       headers: {'X-Parse-Application-Id': 'test',
         'X-Parse-REST-API-Key': 'rest',
         'X-Parse-Installation-Id': 'yolo',
+        'X-Parse-Session-Token': token,
         'Content-Type': 'application/json' },
       url: 'http://localhost:8378/1/users',
-      body: JSON.stringify(jsonBody)
+      body: jsonBody,
+      json: true
     };
 
-    return request.post(options, callback);
+    return new Promise((resolve) => {
+      request.post(options, (err, res, body) => {
+        resolve({err, res, body});
+        if (callback) {
+          callback(err, res, body);
+        }
+      });
+    });
   }
 
   it("should create user with REST API", done => {
     createOAuthUser((error, response, body) => {
       expect(error).toBe(null);
-      var b = JSON.parse(body);
+      var b = body;
       ok(b.sessionToken);
       expect(b.objectId).not.toBeNull();
       expect(b.objectId).not.toBeUndefined();
@@ -118,14 +131,14 @@ describe('AuthenticationProviers', function() {
     var objectId;
     createOAuthUser((error, response, body) => {
       expect(error).toBe(null);
-      var b = JSON.parse(body);
+      var b = body
       expect(b.objectId).not.toBeNull();
       expect(b.objectId).not.toBeUndefined();
       objectId = b.objectId;
 
       createOAuthUser((error, response, body) => {
         expect(error).toBe(null);
-        var b = JSON.parse(body);
+        var b = body;
         expect(b.objectId).not.toBeNull();
         expect(b.objectId).not.toBeUndefined();
         expect(b.objectId).toBe(objectId);
@@ -134,6 +147,22 @@ describe('AuthenticationProviers', function() {
     });
   });
 
+  it("should fail to link if session token don't match user", (done) => {
+    Parse.User.signUp('myUser', 'password').then((user) => {
+      return createOAuthUserWithSessionToken(user.getSessionToken());
+    }).then(() => {
+      return Parse.User.logOut();
+    }).then(() => {
+      return Parse.User.signUp('myUser2', 'password');
+    }).then((user) => {
+      return createOAuthUserWithSessionToken(user.getSessionToken());
+    }).then(({ body }) => {
+      expect(body.code).toBe(208);
+      expect(body.error).toBe('this auth is already used');
+      done();
+    }).catch(done.fail);
+  });
+
   it("unlink and link with custom provider", (done) => {
     var provider = getMockMyOauthProvider();
     Parse.User._registerAuthenticationProvider(provider);

spec/CloudCode.spec.js

@@ -1200,6 +1200,61 @@ describe('Cloud Code', () => {
   });
 });
 
+describe('beforeSave hooks', () => {
+  it('should have request headers', (done) => {
+    Parse.Cloud.beforeSave('MyObject', (req, res) => {
+      expect(req.headers).toBeDefined();
+      res.success();
+    });
+
+    const MyObject = Parse.Object.extend('MyObject');
+    const myObject = new MyObject();
+    myObject.save().then(() => done());
+  });
+});
+
+describe('afterSave hooks', () => {
+  it('should have request headers', (done) => {
+    Parse.Cloud.afterSave('MyObject', (req) => {
+      expect(req.headers).toBeDefined();
+    });
+
+    const MyObject = Parse.Object.extend('MyObject');
+    const myObject = new MyObject();
+    myObject.save()
+      .then(() => done());
+  });
+});
+
+describe('beforeDelete hooks', () => {
+  it('should have request headers', (done) => {
+    Parse.Cloud.beforeDelete('MyObject', (req, res) => {
+      expect(req.headers).toBeDefined();
+      res.success();
+    });
+
+    const MyObject = Parse.Object.extend('MyObject');
+    const myObject = new MyObject();
+    myObject.save()
+      .then(myObj => myObj.destroy())
+      .then(() => done());
+  });
+});
+
+describe('afterDelete hooks', () => {
+  it('should have request headers', (done) => {
+    Parse.Cloud.afterDelete('MyObject', (req) => {
+      expect(req.headers).toBeDefined();
+    });
+
+    const MyObject = Parse.Object.extend('MyObject');
+    const myObject = new MyObject();
+    myObject.save()
+      .then(myObj => myObj.destroy())
+      .then(() => done());
+  });
+});
+
 describe('beforeFind hooks', () => {
   it('should add beforeFind trigger', (done) => {
     Parse.Cloud.beforeFind('MyObject', (req) => {
@@ -1334,6 +1389,26 @@ describe('beforeFind hooks', () => {
       });
     });
   });
+
+  it('should have request headers', (done) => {
+    Parse.Cloud.beforeFind('MyObject', (req) => {
+      expect(req.headers).toBeDefined();
+    });
+
+    const MyObject = Parse.Object.extend('MyObject');
+    const myObject = new MyObject();
+    myObject.save()
+      .then((myObj) => {
+        const query = new Parse.Query('MyObject');
+        query.equalTo('objectId', myObj.id);
+        return Promise.all([
+          query.get(myObj.id),
+          query.first(),
+          query.find(),
+        ]);
+      })
+      .then(() => done());
+  });
 });
 
 describe('afterFind hooks', () => {
@@ -1531,4 +1606,25 @@ describe('afterFind hooks', () => {
       done();
     });
   });
+
+  it('should have request headers', (done) => {
+    Parse.Cloud.afterFind('MyObject', (req, res) => {
+      expect(req.headers).toBeDefined();
+      res.success();
+    });
+
+    const MyObject = Parse.Object.extend('MyObject');
+    const myObject = new MyObject();
+    myObject.save()
+      .then((myObj) => {
+        const query = new Parse.Query('MyObject');
+        query.equalTo('objectId', myObj.id);
+        return Promise.all([
+          query.get(myObj.id),
+          query.first(),
+          query.find(),
+        ]);
+      })
+      .then(() => done());
+  });
 });

spec/Middlewares.spec.js

@@ -133,4 +133,161 @@ describe('middlewares', () => {
       });
     });
   });
+
+  it('should not succeed if the ip does not belong to masterKeyIps list', () => {
+    AppCache.put(fakeReq.body._ApplicationId, {
+      masterKey: 'masterKey',
+      masterKeyIps: ['ip1','ip2']
+    });
+    fakeReq.ip = 'ip3';
+    fakeReq.headers['x-parse-master-key'] = 'masterKey';
+    middlewares.handleParseHeaders(fakeReq, fakeRes);
+    expect(fakeRes.status).toHaveBeenCalledWith(403);
+  });
+
+  it('should succeed if the ip does belong to masterKeyIps list', (done) => {
+    AppCache.put(fakeReq.body._ApplicationId, {
+      masterKey: 'masterKey',
+      masterKeyIps: ['ip1','ip2']
+    });
+    fakeReq.ip = 'ip1';
+    fakeReq.headers['x-parse-master-key'] = 'masterKey';
+    middlewares.handleParseHeaders(fakeReq, fakeRes,() => {
+      expect(fakeRes.status).not.toHaveBeenCalled();
+      done();
+    });
+  });
+
+  it('should not succeed if the connection.remoteAddress does not belong to masterKeyIps list', () => {
+    AppCache.put(fakeReq.body._ApplicationId, {
+      masterKey: 'masterKey',
+      masterKeyIps: ['ip1','ip2']
+    });
+    fakeReq.connection = {remoteAddress : 'ip3'};
+    fakeReq.headers['x-parse-master-key'] = 'masterKey';
+    middlewares.handleParseHeaders(fakeReq, fakeRes);
+    expect(fakeRes.status).toHaveBeenCalledWith(403);
+  });
+
+  it('should succeed if the connection.remoteAddress does belong to masterKeyIps list', (done) => {
+    AppCache.put(fakeReq.body._ApplicationId, {
+      masterKey: 'masterKey',
+      masterKeyIps: ['ip1','ip2']
+    });
+    fakeReq.connection = {remoteAddress : 'ip1'};
+    fakeReq.headers['x-parse-master-key'] = 'masterKey';
+    middlewares.handleParseHeaders(fakeReq, fakeRes,() => {
+      expect(fakeRes.status).not.toHaveBeenCalled();
+      done();
+    });
+  });
+
+  it('should not succeed if the socket.remoteAddress does not belong to masterKeyIps list', () => {
+    AppCache.put(fakeReq.body._ApplicationId, {
+      masterKey: 'masterKey',
+      masterKeyIps: ['ip1','ip2']
+    });
+    fakeReq.socket = {remoteAddress : 'ip3'};
+    fakeReq.headers['x-parse-master-key'] = 'masterKey';
+    middlewares.handleParseHeaders(fakeReq, fakeRes);
+    expect(fakeRes.status).toHaveBeenCalledWith(403);
+  });
+
+  it('should succeed if the socket.remoteAddress does belong to masterKeyIps list', (done) => {
+    AppCache.put(fakeReq.body._ApplicationId, {
+      masterKey: 'masterKey',
+      masterKeyIps: ['ip1','ip2']
+    });
+    fakeReq.socket = {remoteAddress : 'ip1'};
+    fakeReq.headers['x-parse-master-key'] = 'masterKey';
+    middlewares.handleParseHeaders(fakeReq, fakeRes,() => {
+      expect(fakeRes.status).not.toHaveBeenCalled();
+      done();
+    });
+  });
+
+  it('should not succeed if the connection.socket.remoteAddress does not belong to masterKeyIps list', () => {
+    AppCache.put(fakeReq.body._ApplicationId, {
+      masterKey: 'masterKey',
+      masterKeyIps: ['ip1','ip2']
+    });
+    fakeReq.connection = { socket : {remoteAddress : 'ip3'}};
+    fakeReq.headers['x-parse-master-key'] = 'masterKey';
+    middlewares.handleParseHeaders(fakeReq, fakeRes);
+    expect(fakeRes.status).toHaveBeenCalledWith(403);
+  });
+
+  it('should succeed if the connection.socket.remoteAddress does belong to masterKeyIps list', (done) => {
+    AppCache.put(fakeReq.body._ApplicationId, {
+      masterKey: 'masterKey',
+      masterKeyIps: ['ip1','ip2']
+    });
+    fakeReq.connection = { socket : {remoteAddress : 'ip1'}};
+    fakeReq.headers['x-parse-master-key'] = 'masterKey';
+    middlewares.handleParseHeaders(fakeReq, fakeRes,() => {
+      expect(fakeRes.status).not.toHaveBeenCalled();
+      done();
+    });
+  });
+
+  it('should allow any ip to use masterKey if masterKeyIps is empty', (done) => {
+    AppCache.put(fakeReq.body._ApplicationId, {
+      masterKey: 'masterKey',
+      masterKeyIps: []
+    });
+    fakeReq.ip = 'ip1';
+    fakeReq.headers['x-parse-master-key'] = 'masterKey';
+    middlewares.handleParseHeaders(fakeReq, fakeRes,() => {
+      expect(fakeRes.status).not.toHaveBeenCalled();
+      done();
+    });
+  });
+
+  it('should succeed if xff header does belong to masterKeyIps', (done) => {
+    AppCache.put(fakeReq.body._ApplicationId, {
+      masterKey: 'masterKey',
+      masterKeyIps: ['ip1']
+    });
+    fakeReq.headers['x-parse-master-key'] = 'masterKey';
+    fakeReq.headers['x-forwarded-for'] = 'ip1, ip2, ip3';
+    middlewares.handleParseHeaders(fakeReq, fakeRes,() => {
+      expect(fakeRes.status).not.toHaveBeenCalled();
+      done();
+    });
+  });
+
+  it('should succeed if xff header with one ip does belong to masterKeyIps', (done) => {
+    AppCache.put(fakeReq.body._ApplicationId, {
+      masterKey: 'masterKey',
+      masterKeyIps: ['ip1']
+    });
+    fakeReq.headers['x-parse-master-key'] = 'masterKey';
+    fakeReq.headers['x-forwarded-for'] = 'ip1';
+    middlewares.handleParseHeaders(fakeReq, fakeRes,() => {
+      expect(fakeRes.status).not.toHaveBeenCalled();
+      done();
+    });
+  });
+
+  it('should not succeed if xff header does not belong to masterKeyIps', () => {
+    AppCache.put(fakeReq.body._ApplicationId, {
+      masterKey: 'masterKey',
+      masterKeyIps: ['ip4']
+    });
+    fakeReq.headers['x-parse-master-key'] = 'masterKey';
+    fakeReq.headers['x-forwarded-for'] = 'ip1, ip2, ip3';
+    middlewares.handleParseHeaders(fakeReq, fakeRes);
+    expect(fakeRes.status).toHaveBeenCalledWith(403);
+  });
+
+  it('should not succeed if xff header is empty and masterKeyIps is set', () => {
+    AppCache.put(fakeReq.body._ApplicationId, {
+      masterKey: 'masterKey',
+      masterKeyIps: ['ip1']
+    });
+    fakeReq.headers['x-parse-master-key'] = 'masterKey';
+    fakeReq.headers['x-forwarded-for'] = '';
+    middlewares.handleParseHeaders(fakeReq, fakeRes);
+    expect(fakeRes.status).toHaveBeenCalledWith(403);
+  });
 });

spec/ParseQuery.spec.js

@@ -274,6 +274,21 @@ describe('Parse.Query testing', () => {
     });
   });
 
+  it('containedIn null array', (done) => {
+    const emails = ['[email protected]', '[email protected]', null];
+    const user = new Parse.User();
+    user.setUsername(emails[0]);
+    user.setPassword('asdf');
+    user.signUp().then(() => {
+      const query = new Parse.Query(Parse.User);
+      query.containedIn('username', emails);
+      return query.find({ useMasterKey: true });
+    }).then((results) => {
+      equal(results.length, 1);
+      done();
+    }, done.fail);
+  });
+
   it("containsAll number array queries", function(done) {
     var NumberSet = Parse.Object.extend({ className: "NumberSet" });
 

spec/ParseUser.spec.js

@@ -1185,10 +1185,7 @@ describe('Parse.User testing', () => {
       expect(fileAgain.url()).toMatch(/yolo.txt$/);
     }).then(() => {
       done();
-    }, error => {
-      jfail(error);
-      done();
-    });
+    }).catch(done.fail);
   });
 
   it("log in with provider twice", (done) => {