Merge remote-tracking branch 'upstream/master' into fixSelectExclude

Author: cbaker6

CHANGELOG.md

@@ -95,11 +95,11 @@ ___
 - Removed [parse-server-simple-mailgun-adapter](https://github.com/parse-community/parse-server-simple-mailgun-adapter) dependency; to continue using the adapter it has to be explicitly installed (Manuel Trezza) [#7321](https://github.com/parse-community/parse-server/pull/7321)
 - Remove support for MongoDB 3.6 which has reached its End-of-Life date and PostgreSQL 10 (Manuel Trezza) [#7315](https://github.com/parse-community/parse-server/pull/7315)
 - Remove support for Node 10 which has reached its End-of-Life date (Manuel Trezza) [#7314](https://github.com/parse-community/parse-server/pull/7314)
-- Remove S3 Files Adapter from Parse Server, instead install separately as `@parse/s3-files-adapter` (Manuel Trezza) [#?](https://github.com/parse-community/parse-server/pull/?)
+- Remove S3 Files Adapter from Parse Server, instead install separately as `@parse/s3-files-adapter` (Manuel Trezza) [#7324](https://github.com/parse-community/parse-server/pull/7324)
 ### Notable Changes
 - Added Parse Server Security Check to report weak security settings (Manuel Trezza, dblythy) [#7247](https://github.com/parse-community/parse-server/issues/7247)
-- EXPERIMENTAL: Added new page router with placeholder rendering and localization of custom and feature pages such as password reset and email verification (Manuel Trezza) [#6891](https://github.com/parse-community/parse-server/issues/6891)
-- EXPERIMENTAL: Added custom routes to easily customize flows for password reset, email verification or build entirely new flows (Manuel Trezza) [#7231](https://github.com/parse-community/parse-server/issues/7231)
+- EXPERIMENTAL: Added new page router with placeholder rendering and localization of custom and feature pages such as password reset and email verification (Manuel Trezza) [#7128](https://github.com/parse-community/parse-server/pull/7128)
+- EXPERIMENTAL: Added custom routes to easily customize flows for password reset, email verification or build entirely new flows (Manuel Trezza) [#7231](https://github.com/parse-community/parse-server/pull/7231)
 - Added Deprecation Policy to govern the introduction of braking changes in a phased pattern that is more predictable for developers (Manuel Trezza) [#7199](https://github.com/parse-community/parse-server/pull/7199)
 ### Other Changes
 - Fix error when a not yet inserted job is updated (Antonio Davi Macedo Coelho de Castro) [#7196](https://github.com/parse-community/parse-server/pull/7196)

package-lock.json

@@ -25,18 +25,18 @@
     "@graphql-tools/utils": "6.2.4",
     "@parse/fs-files-adapter": "1.2.0",
     "@parse/push-adapter": "3.4.0",
-    "apollo-server-express": "2.22.2",
+    "apollo-server-express": "2.24.0",
     "bcryptjs": "2.4.3",
     "body-parser": "1.19.0",
     "commander": "5.1.0",
     "cors": "2.8.5",
     "deepcopy": "2.1.0",
     "express": "4.17.1",
-    "follow-redirects": "1.13.3",
+    "follow-redirects": "1.14.1",
     "graphql": "15.5.0",
     "graphql-list-fields": "2.0.2",
     "graphql-relay": "0.6.0",
-    "graphql-tag": "2.12.2",
+    "graphql-tag": "2.12.4",
     "graphql-upload": "11.0.0",
     "intersect": "1.0.1",
     "jsonwebtoken": "8.5.1",
@@ -47,18 +47,18 @@
     "mime": "2.5.2",
     "mongodb": "3.6.6",
     "mustache": "4.2.0",
-    "parse": "3.1.0",
+    "parse": "3.2.0",
     "pg-monitor": "1.4.1",
-    "pg-promise": "10.10.1",
+    "pg-promise": "10.10.2",
     "pluralize": "8.0.0",
-    "redis": "3.1.1",
+    "redis": "3.1.2",
     "semver": "7.3.4",
     "subscriptions-transport-ws": "0.9.18",
     "tv4": "1.3.0",
     "uuid": "8.3.2",
     "winston": "3.3.3",
-    "winston-daily-rotate-file": "4.5.2",
-    "ws": "7.4.4"
+    "winston-daily-rotate-file": "4.5.5",
+    "ws": "7.4.6"
   },
   "devDependencies": {
     "@actions/core": "1.2.6",

package.json

@@ -646,6 +646,28 @@ describe('miscellaneous', function () {
       });
   });
 
+  it_only_db('mongo')('pointer reassign on nested fields is working properly (#7391)', async () => {
+    const obj = new Parse.Object('GameScore'); // This object will include nested pointers
+    const ptr1 = new Parse.Object('GameScore');
+    await ptr1.save(); // Obtain a unique id
+    const ptr2 = new Parse.Object('GameScore');
+    await ptr2.save(); // Obtain a unique id
+    obj.set('data', { ptr: ptr1 });
+    await obj.save();
+
+    obj.set('data.ptr', ptr2);
+    await obj.save();
+
+    const obj2 = await new Parse.Query('GameScore').get(obj.id);
+    expect(obj2.get('data').ptr.id).toBe(ptr2.id);
+
+    const query = new Parse.Query('GameScore');
+    query.equalTo('data.ptr', ptr2);
+    const res = await query.find();
+    expect(res.length).toBe(1);
+    expect(res[0].get('data').ptr.id).toBe(ptr2.id);
+  });
+
   it('test afterSave get full object on create and update', function (done) {
     let triggerTime = 0;
     // Register a mock beforeSave hook

spec/ParseAPI.spec.js

@@ -645,6 +645,69 @@ describe('ParseLiveQuery', function () {
     await object.save();
   });
 
+  it('LiveQuery with ACL', async () => {
+    await reconfigureServer({
+      liveQuery: {
+        classNames: ['Chat'],
+      },
+      startLiveQueryServer: true,
+      verbose: false,
+      silent: true,
+    });
+    const user = new Parse.User();
+    user.setUsername('username');
+    user.setPassword('password');
+    await user.signUp();
+
+    const calls = {
+      beforeConnect(req) {
+        expect(req.event).toBe('connect');
+        expect(req.clients).toBe(0);
+        expect(req.subscriptions).toBe(0);
+        expect(req.useMasterKey).toBe(false);
+        expect(req.installationId).toBeDefined();
+        expect(req.client).toBeDefined();
+      },
+      beforeSubscribe(req) {
+        expect(req.op).toBe('subscribe');
+        expect(req.requestId).toBe(1);
+        expect(req.query).toBeDefined();
+        expect(req.user).toBeDefined();
+      },
+      afterLiveQueryEvent(req) {
+        expect(req.user).toBeDefined();
+        expect(req.object.get('foo')).toBe('bar');
+      },
+      create(object) {
+        expect(object.get('foo')).toBe('bar');
+      },
+      delete(object) {
+        expect(object.get('foo')).toBe('bar');
+      },
+    };
+    for (const key in calls) {
+      spyOn(calls, key).and.callThrough();
+    }
+    Parse.Cloud.beforeConnect(calls.beforeConnect);
+    Parse.Cloud.beforeSubscribe('Chat', calls.beforeSubscribe);
+    Parse.Cloud.afterLiveQueryEvent('Chat', calls.afterLiveQueryEvent);
+
+    const chatQuery = new Parse.Query('Chat');
+    const subscription = await chatQuery.subscribe();
+    subscription.on('create', calls.create);
+    subscription.on('delete', calls.delete);
+    const object = new Parse.Object('Chat');
+    const acl = new Parse.ACL(user);
+    object.setACL(acl);
+    object.set({ foo: 'bar' });
+    await object.save();
+    await object.destroy();
+    await new Promise(resolve => setTimeout(resolve, 200));
+    for (const key in calls) {
+      expect(calls[key]).toHaveBeenCalled();
+    }
+  });
+
   it('handle invalid websocket payload length', async done => {
     await reconfigureServer({
       liveQuery: {

spec/ParseLiveQuery.spec.js

@@ -99,7 +99,10 @@ const transformKeyValueForUpdate = (className, restKey, restValue, parseFormatSc
 
   if (
     (parseFormatSchema.fields[key] && parseFormatSchema.fields[key].type === 'Pointer') ||
-    (!parseFormatSchema.fields[key] && restValue && restValue.__type == 'Pointer')
+    (!key.includes('.') &&
+      !parseFormatSchema.fields[key] &&
+      restValue &&
+      restValue.__type == 'Pointer') // Do not use the _p_ prefix for pointers inside nested documents
   ) {
     key = '_p_' + key;
   }
@@ -305,7 +308,10 @@ function transformQueryKeyValue(className, key, value, schema, count = false) {
     schema && schema.fields[key] && schema.fields[key].type === 'Pointer';
 
   const field = schema && schema.fields[key];
-  if (expectedTypeIsPointer || (!schema && value && value.__type === 'Pointer')) {
+  if (
+    expectedTypeIsPointer ||
+    (!schema && !key.includes('.') && value && value.__type === 'Pointer')
+  ) {
     key = '_p_' + key;
   }
 
@@ -326,8 +332,11 @@ function transformQueryKeyValue(className, key, value, schema, count = false) {
   }
 
   // Handle atomic values
-  if (transformTopLevelAtom(value) !== CannotTransform) {
-    return { key, value: transformTopLevelAtom(value) };
+  const transformRes = key.includes('.')
+    ? transformInteriorAtom(value)
+    : transformTopLevelAtom(value);
+  if (transformRes !== CannotTransform) {
+    return { key, value: transformRes };
   } else {
     throw new Parse.Error(
       Parse.Error.INVALID_JSON,

src/Adapters/Storage/Mongo/MongoTransform.js

@@ -170,8 +170,10 @@ class ParseLiveQueryServer {
             };
             const trigger = getTrigger(className, 'afterEvent', Parse.applicationId);
             if (trigger) {
-              const auth = await this.getAuthForSessionToken(res.sessionToken);
-              res.user = auth.user;
+              const auth = await this.getAuthFromClient(client, requestId);
+              if (auth && auth.user) {
+                res.user = auth.user;
+              }
               if (res.object) {
                 res.object = Parse.Object.fromJSON(res.object);
               }
@@ -317,8 +319,10 @@ class ParseLiveQueryServer {
               if (res.original) {
                 res.original = Parse.Object.fromJSON(res.original);
               }
-              const auth = await this.getAuthForSessionToken(res.sessionToken);
-              res.user = auth.user;
+              const auth = await this.getAuthFromClient(client, requestId);
+              if (auth && auth.user) {
+                res.user = auth.user;
+              }
               await runTrigger(trigger, `afterEvent.${className}`, res, auth);
             }
             if (!res.sendEvent) {
@@ -579,6 +583,24 @@ class ParseLiveQueryServer {
       });
   }
 
+  async getAuthFromClient(client: any, requestId: number, sessionToken: string) {
+    const getSessionFromClient = () => {
+      const subscriptionInfo = client.getSubscriptionInfo(requestId);
+      if (typeof subscriptionInfo === 'undefined') {
+        return client.sessionToken;
+      }
+      return subscriptionInfo.sessionToken || client.sessionToken;
+    };
+    if (!sessionToken) {
+      sessionToken = getSessionFromClient();
+    }
+    if (!sessionToken) {
+      return;
+    }
+    const { auth } = await this.getAuthForSessionToken(sessionToken);
+    return auth;
+  }
+
   async _matchesACL(acl: any, client: any, requestId: number): Promise<boolean> {
     // Return true directly if ACL isn't present, ACL is public read, or client has master key
     if (!acl || acl.getPublicReadAccess() || client.hasMasterKey) {
@@ -631,8 +653,10 @@ class ParseLiveQueryServer {
       };
       const trigger = getTrigger('@Connect', 'beforeConnect', Parse.applicationId);
       if (trigger) {
-        const auth = await this.getAuthForSessionToken(req.sessionToken);
-        req.user = auth.user;
+        const auth = await this.getAuthFromClient(client, request.requestId, req.sessionToken);
+        if (auth && auth.user) {
+          req.user = auth.user;
+        }
         await runTrigger(trigger, `beforeConnect.@Connect`, req, auth);
       }
       parseWebsocket.clientId = clientId;
@@ -690,8 +714,10 @@ class ParseLiveQueryServer {
     try {
       const trigger = getTrigger(className, 'beforeSubscribe', Parse.applicationId);
       if (trigger) {
-        const auth = await this.getAuthForSessionToken(request.sessionToken);
-        request.user = auth.user;
+        const auth = await this.getAuthFromClient(client, request.requestId, request.sessionToken);
+        if (auth && auth.user) {
+          request.user = auth.user;
+        }
 
         const parseQuery = new Parse.Query(className);
         parseQuery.withJSON(request.query);