Allow to save other authData

Author: Moumouls

spec/AuthenticationAdapters.spec.js

@@ -1837,7 +1837,7 @@ describe('Auth Adapter features', () => {
     expect(secondCall[2].auth).toBeDefined();
     expect(secondCall[2].config.headers).toBeDefined();
     expect(secondCall[3] instanceof Parse.User).toBeTruthy();
-    expect(secondCall[3].get('username')).toEqual('test');
+    expect(secondCall[3].id).toEqual(user.id);
   });
   it('should require authData on username/password signup', async () => {
     spyOn(requiredAdapter, 'validateAuthData').and.resolveTo({});
@@ -1999,10 +1999,13 @@ describe('Auth Adapter features', () => {
     });
     expect(user2.getSessionToken()).toBeDefined();
   });
-  it('should return authData response on non username login', async () => {
-    spyOn(requiredAdapter, 'validateAuthData').and.resolveTo({ response: { someData: true } });
+  it('should return authData response and save some info on non username login', async () => {
+    spyOn(requiredAdapter, 'validateAuthData').and.resolveTo({
+      response: { someData: true },
+    });
     spyOn(alwaysValidateAdapter, 'validateAuthData').and.resolveTo({
       response: { someData2: true },
+      save: { otherData: true },
     });
     await reconfigureServer({
       auth: { requiredAdapter, alwaysValidateAdapter },
@@ -2031,11 +2034,23 @@ describe('Auth Adapter features', () => {
     });
 
     expect(user2.get('authDataResponse')).toEqual({ alwaysValidateAdapter: { someData2: true } });
+
+    const userViaMasterKey = new Parse.User();
+    userViaMasterKey.id = user2.id;
+    await userViaMasterKey.fetch({ useMasterKey: true });
+    expect(userViaMasterKey.get('authData')).toEqual({
+      requiredAdapter: { id: 'requiredAdapter' },
+      alwaysValidateAdapter: { otherData: true },
+    });
   });
-  it('should return authData response on username login', async () => {
-    spyOn(requiredAdapter, 'validateAuthData').and.resolveTo({ response: { someData: true } });
+
+  it('should return authData response and save some info on username login', async () => {
+    spyOn(requiredAdapter, 'validateAuthData').and.resolveTo({
+      response: { someData: true },
+    });
     spyOn(alwaysValidateAdapter, 'validateAuthData').and.resolveTo({
       response: { someData2: true },
+      save: { otherData: true },
     });
     await reconfigureServer({
       auth: { requiredAdapter, alwaysValidateAdapter },
@@ -2073,7 +2088,57 @@ describe('Auth Adapter features', () => {
     expect(JSON.parse(res.text).authDataResponse).toEqual({
       alwaysValidateAdapter: { someData2: true },
     });
+
+    const userViaMasterKey = new Parse.User();
+    userViaMasterKey.id = user.id;
+    await userViaMasterKey.fetch({ useMasterKey: true });
+    expect(userViaMasterKey.get('authData')).toEqual({
+      requiredAdapter: { id: 'requiredAdapter' },
+      alwaysValidateAdapter: { otherData: true },
+    });
   });
+
+  it('should pass user to auth adapter on update by matching session', async () => {
+    spyOn(alwaysValidateAdapter, 'validateAuthData').and.resolveTo({});
+    await reconfigureServer({ auth: { alwaysValidateAdapter } });
+
+    const user = new Parse.User();
+
+    const payload = { someData: true };
+
+    await user.save({
+      username: 'test',
+      password: 'password',
+    });
+
+    expect(user.getSessionToken()).toBeDefined();
+
+    await user.save(
+      { authData: { alwaysValidateAdapter: payload } },
+      { sessionToken: user.getSessionToken() }
+    );
+
+    const firstCall = alwaysValidateAdapter.validateAuthData.calls.argsFor(0);
+    expect(firstCall[0]).toEqual(payload);
+    expect(firstCall[1]).toEqual(alwaysValidateAdapter);
+    expect(firstCall[2].config).toBeDefined();
+    expect(firstCall[2].auth).toBeDefined();
+    expect(firstCall[2].config.headers).toBeDefined();
+    expect(firstCall[3] instanceof Parse.User).toBeTruthy();
+    expect(firstCall[3].id).toEqual(user.id);
+
+    await user.save({ authData: { alwaysValidateAdapter: payload } }, { useMasterKey: true });
+
+    const secondCall = alwaysValidateAdapter.validateAuthData.calls.argsFor(1);
+    expect(secondCall[0]).toEqual(payload);
+    expect(secondCall[1]).toEqual(alwaysValidateAdapter);
+    expect(secondCall[2].config).toBeDefined();
+    expect(secondCall[2].auth).toBeDefined();
+    expect(secondCall[2].config.headers).toBeDefined();
+    expect(secondCall[3] instanceof Parse.User).toBeTruthy();
+    expect(secondCall[3].id).toEqual(user.id);
+  });
+
   it('should return challenge with no logged user', async () => {
     spyOn(challengeAdapter, 'challenge').and.resolveTo({ token: 'test' });
 

src/Adapters/Auth/AuthAdapter.js

@@ -40,7 +40,8 @@ export class AuthAdapter {
   @returns a promise that resolves, the resolved value will be handled by the server like:
   - resolve undefined|void|{} parse server will save authData
   - resolve { doNotSave: boolean, response: Object} parse server will do not save provided authData and send response to the client under authDataResponse
-  - resolve { response: Object} parse server will save authData and send response to the client under authDataResponse
+  - resolve { response: Object } parse server will save authData and send response to the client under authDataResponse
+  - resolve { response: Object, save: Object } parse server will save the object provided into `save` key and send response to the client under authDataResponse
    */
   validateAuthData(authData, options, req) {
     return Promise.resolve({});

src/Auth.js

@@ -444,7 +444,22 @@ const getRequiredProviders = config => {
 // Validate each authData step by step and return the provider responses
 const handleAuthDataValidation = (authData, req, foundUser) => {
   let user;
-  if (foundUser) user = Parse.User.fromJSON({ className: '_User', ...foundUser });
+  if (foundUser) {
+    user = Parse.User.fromJSON({ className: '_User', ...foundUser });
+    // Find the user by session and current object id
+    // Only pass user if it's the current one or master key
+  } else if (
+    (req.auth &&
+      req.auth.user &&
+      typeof req.getUserId === 'function' &&
+      req.getUserId() === req.auth.user.id) ||
+    (req.auth && req.auth.isMaster)
+  ) {
+    user = new Parse.User();
+    user.id = req.auth.isMaster ? req.getUserId() : req.auth.user.id;
+    user.fetch({ useMasterKey: true });
+  }
+
   // Perform validation as step by step pipeline
   // for better error consistency and also to avoid to trigger a provider (like OTP SMS)
   // if another one fail
@@ -476,9 +491,11 @@ const handleAuthDataValidation = (authData, req, foundUser) => {
         // Some auth providers after initialization will avoid
         // to replace authData already stored
         if (!validationResult.doNotSave) {
-          acc.authData[provider] = authData[provider];
+          acc.authData[provider] = validationResult.save || authData[provider];
         }
       } else {
+        // Support current authData behavior
+        // no result store the new AuthData
         acc.authData[provider] = authData[provider];
       }
       return acc;

src/RestWrite.js

@@ -424,10 +424,16 @@ RestWrite.prototype.validateAuthData = function () {
       var hasToken = providerAuthData && providerAuthData.id;
       return hasToken || providerAuthData == null;
     });
-    if (canHandleAuthData || hasUsernameAndPassword) {
+    if (
+      canHandleAuthData ||
+      hasUsernameAndPassword ||
+      this.auth.isMaster ||
+      (this.auth.user && this.auth.user.id === this.getUserId())
+    ) {
       return this.handleAuthData(authData);
     }
   }
+  console.log('Je throw ici', this.auth);
   throw new Parse.Error(
     Parse.Error.UNSUPPORTED_SERVICE,
     'This authentication method is unsupported.'