Skip to content

Commit b4d173b

Browse files
flovilmartflovilmart
committed
Adds test to reproduce issue #4790 
1 parent f4422c4 commit b4d173b

File tree

2 files changed

+38
-1
lines changed

2 files changed

+38
-1
lines changed

spec/ParseUser.spec.js

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@
77

88
"use strict";
99

10+
import MongoStorageAdapter from '../src/Adapters/Storage/Mongo/MongoStorageAdapter';
1011
const request = require('request');
1112
const passwordCrypto = require('../src/password');
1213
const Config = require('../src/Config');
@@ -239,6 +240,41 @@ describe('Parse.User testing', () => {
239240
});
240241
});
241242

243+
it_only_db('mongo')('should let legacy users without ACL login', async() => {
244+
const databaseURI = 'mongodb://localhost:27017/parseServerMongoAdapterTestDatabase';
245+
const adapter = new MongoStorageAdapter({ collectionPrefix: 'test_', uri: databaseURI });
246+
await adapter.connect();
247+
await adapter.database.dropDatabase();
248+
delete adapter.connectionPromise;
249+
250+
const user = new Parse.User();
251+
await user.signUp({
252+
username: 'newUser',
253+
password: 'password',
254+
});
255+
256+
const collection = await adapter._adaptiveCollection('_User');
257+
await collection.insertOne({
258+
// the hashed password is 'password' hashed
259+
"_hashed_password": "$2b$10$mJ2ca2UbCM9hlojYHZxkQe8pyEXe5YMg0nMdvP4AJBeqlTEZJ6/Uu",
260+
"_session_token": "xxx",
261+
"email": "[email protected]",
262+
"username": "oldUser",
263+
"emailVerified": true,
264+
"_email_verify_token": "yyy",
265+
});
266+
267+
// get the 2 users
268+
const users = await collection.find();
269+
expect(users.length).toBe(2);
270+
271+
const aUser = await Parse.User.logIn('oldUser', 'password');
272+
expect(aUser).not.toBeUndefined();
273+
274+
const newUser = await Parse.User.logIn('newUser', 'password');
275+
expect(newUser).not.toBeUndefined();
276+
});
277+
242278
it('should be let masterKey lock user out with authData', (done) => {
243279
let objectId;
244280
let sessionToken;

src/Routers/UsersRouter.js

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -117,7 +117,8 @@ export class UsersRouter extends ClassesRouter {
117117
// Ensure the user isn't locked out
118118
// A locked out user won't be able to login
119119
// To lock a user out, just set the ACL to `masterKey` only ({}).
120-
if (!req.auth.isMaster && (!user.ACL || Object.keys(user.ACL).length == 0)) {
120+
// Empty ACL is OK
121+
if (!req.auth.isMaster && user.ACL && Object.keys(user.ACL).length == 0) {
121122
throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Invalid username/password.');
122123
}
123124
if (req.config.verifyUserEmails && req.config.preventLoginWithUnverifiedEmail && !user.emailVerified) {

0 commit comments

Comments
 (0)