fix: definitions for accountLockout and passwordPolicy

Author: dblythy

resources/buildConfigDefinitions.js

@@ -40,21 +40,13 @@ function getCommentValue(comment) {
 }
 
 function getENVPrefix(iface) {
-  if (iface.id.name === 'ParseServerOptions') {
-    return 'PARSE_SERVER_';
-  }
-  if (iface.id.name === 'CustomPagesOptions') {
-    return 'PARSE_SERVER_CUSTOM_PAGES_';
-  }
-  if (iface.id.name === 'LiveQueryServerOptions') {
-    return 'PARSE_LIVE_QUERY_SERVER_';
-  }
-  if (iface.id.name === 'LiveQueryOptions') {
-    return 'PARSE_SERVER_LIVEQUERY_';
-  }
-  if (iface.id.name === 'IdempotencyOptions') {
-    return 'PARSE_SERVER_EXPERIMENTAL_IDEMPOTENCY_';
+  let name = iface.id.name;
+  if (name.indexOf('Options') === -1) {
+    return;
   }
+  name = name.replace('Options','').replace('ParseServer','');
+  const splitName = name.split(/(?=[A-Z])/).map(name => name.toUpperCase());
+  return `PARSE_SERVER_${splitName.join('_')}_`.replace('__','_');
 }
 
 function processProperty(property, iface) {

src/Options/Definitions.js

@@ -127,7 +127,7 @@ module.exports.ParseServerOptions = {
   },
   emailVerifyTokenReuseIfValid: {
     env: 'PARSE_SERVER_EMAIL_VERIFY_TOKEN_REUSE_IF_VALID',
-    help: 'an existing password reset token should be reused when a password reset is requested',
+    help: 'an existing password reset token should be reused when resend verification is requested',
     action: parsers.booleanParser,
     default: false,
   },
@@ -451,103 +451,151 @@ module.exports.LiveQueryOptions = {
     action: parsers.arrayParser,
   },
   pubSubAdapter: {
-    env: 'PARSE_SERVER_LIVEQUERY_PUB_SUB_ADAPTER',
+    env: 'PARSE_SERVER_LIVE_QUERY_PUB_SUB_ADAPTER',
     help: 'LiveQuery pubsub adapter',
     action: parsers.moduleOrObjectParser,
   },
   redisOptions: {
-    env: 'PARSE_SERVER_LIVEQUERY_REDIS_OPTIONS',
+    env: 'PARSE_SERVER_LIVE_QUERY_REDIS_OPTIONS',
     help: "parse-server's LiveQuery redisOptions",
     action: parsers.objectParser,
   },
   redisURL: {
-    env: 'PARSE_SERVER_LIVEQUERY_REDIS_URL',
+    env: 'PARSE_SERVER_LIVE_QUERY_REDIS_URL',
     help: "parse-server's LiveQuery redisURL",
   },
   wssAdapter: {
-    env: 'PARSE_SERVER_LIVEQUERY_WSS_ADAPTER',
+    env: 'PARSE_SERVER_LIVE_QUERY_WSS_ADAPTER',
     help: 'Adapter module for the WebSocketServer',
     action: parsers.moduleOrObjectParser,
   },
 };
 module.exports.LiveQueryServerOptions = {
   appId: {
-    env: 'PARSE_LIVE_QUERY_SERVER_APP_ID',
+    env: 'PARSE_SERVER_LIVE_QUERY_SERVER_APP_ID',
     help:
       'This string should match the appId in use by your Parse Server. If you deploy the LiveQuery server alongside Parse Server, the LiveQuery server will try to use the same appId.',
   },
   cacheTimeout: {
-    env: 'PARSE_LIVE_QUERY_SERVER_CACHE_TIMEOUT',
+    env: 'PARSE_SERVER_LIVE_QUERY_SERVER_CACHE_TIMEOUT',
     help:
       "Number in milliseconds. When clients provide the sessionToken to the LiveQuery server, the LiveQuery server will try to fetch its ParseUser's objectId from parse server and store it in the cache. The value defines the duration of the cache. Check the following Security section and our protocol specification for details, defaults to 5 * 1000 ms (5 seconds).",
     action: parsers.numberParser('cacheTimeout'),
   },
   keyPairs: {
-    env: 'PARSE_LIVE_QUERY_SERVER_KEY_PAIRS',
+    env: 'PARSE_SERVER_LIVE_QUERY_SERVER_KEY_PAIRS',
     help:
       'A JSON object that serves as a whitelist of keys. It is used for validating clients when they try to connect to the LiveQuery server. Check the following Security section and our protocol specification for details.',
     action: parsers.objectParser,
   },
   logLevel: {
-    env: 'PARSE_LIVE_QUERY_SERVER_LOG_LEVEL',
+    env: 'PARSE_SERVER_LIVE_QUERY_SERVER_LOG_LEVEL',
     help:
       'This string defines the log level of the LiveQuery server. We support VERBOSE, INFO, ERROR, NONE, defaults to INFO.',
   },
   masterKey: {
-    env: 'PARSE_LIVE_QUERY_SERVER_MASTER_KEY',
+    env: 'PARSE_SERVER_LIVE_QUERY_SERVER_MASTER_KEY',
     help:
       'This string should match the masterKey in use by your Parse Server. If you deploy the LiveQuery server alongside Parse Server, the LiveQuery server will try to use the same masterKey.',
   },
   port: {
-    env: 'PARSE_LIVE_QUERY_SERVER_PORT',
+    env: 'PARSE_SERVER_LIVE_QUERY_SERVER_PORT',
     help: 'The port to run the LiveQuery server, defaults to 1337.',
     action: parsers.numberParser('port'),
     default: 1337,
   },
   pubSubAdapter: {
-    env: 'PARSE_LIVE_QUERY_SERVER_PUB_SUB_ADAPTER',
+    env: 'PARSE_SERVER_LIVE_QUERY_SERVER_PUB_SUB_ADAPTER',
     help: 'LiveQuery pubsub adapter',
     action: parsers.moduleOrObjectParser,
   },
   redisOptions: {
-    env: 'PARSE_LIVE_QUERY_SERVER_REDIS_OPTIONS',
+    env: 'PARSE_SERVER_LIVE_QUERY_SERVER_REDIS_OPTIONS',
     help: "parse-server's LiveQuery redisOptions",
     action: parsers.objectParser,
   },
   redisURL: {
-    env: 'PARSE_LIVE_QUERY_SERVER_REDIS_URL',
+    env: 'PARSE_SERVER_LIVE_QUERY_SERVER_REDIS_URL',
     help: "parse-server's LiveQuery redisURL",
   },
   serverURL: {
-    env: 'PARSE_LIVE_QUERY_SERVER_SERVER_URL',
+    env: 'PARSE_SERVER_LIVE_QUERY_SERVER_SERVER_URL',
     help:
       'This string should match the serverURL in use by your Parse Server. If you deploy the LiveQuery server alongside Parse Server, the LiveQuery server will try to use the same serverURL.',
   },
   websocketTimeout: {
-    env: 'PARSE_LIVE_QUERY_SERVER_WEBSOCKET_TIMEOUT',
+    env: 'PARSE_SERVER_LIVE_QUERY_SERVER_WEBSOCKET_TIMEOUT',
     help:
       'Number of milliseconds between ping/pong frames. The WebSocket server sends ping/pong frames to the clients to keep the WebSocket alive. This value defines the interval of the ping/pong frame from the server to clients, defaults to 10 * 1000 ms (10 s).',
     action: parsers.numberParser('websocketTimeout'),
   },
   wssAdapter: {
-    env: 'PARSE_LIVE_QUERY_SERVER_WSS_ADAPTER',
+    env: 'PARSE_SERVER_LIVE_QUERY_SERVER_WSS_ADAPTER',
     help: 'Adapter module for the WebSocketServer',
     action: parsers.moduleOrObjectParser,
   },
 };
 module.exports.IdempotencyOptions = {
   paths: {
-    env: 'PARSE_SERVER_EXPERIMENTAL_IDEMPOTENCY_PATHS',
+    env: 'PARSE_SERVER_IDEMPOTENCY_PATHS',
     help:
       'An array of paths for which the feature should be enabled. The mount path must not be included, for example instead of `/parse/functions/myFunction` specifiy `functions/myFunction`. The entries are interpreted as regular expression, for example `functions/.*` matches all functions, `jobs/.*` matches all jobs, `classes/.*` matches all classes, `.*` matches all paths.',
     action: parsers.arrayParser,
     default: [],
   },
   ttl: {
-    env: 'PARSE_SERVER_EXPERIMENTAL_IDEMPOTENCY_TTL',
+    env: 'PARSE_SERVER_IDEMPOTENCY_TTL',
     help:
       'The duration in seconds after which a request record is discarded from the database, defaults to 300s.',
     action: parsers.numberParser('ttl'),
     default: 300,
   },
 };
+module.exports.AccountLockoutOptions = {
+  duration: {
+    env: 'PARSE_SERVER_ACCOUNT_LOCKOUT_DURATION',
+    help:
+      'number of minutes that a locked-out account remains locked out before automatically becoming unlocked.',
+    action: parsers.numberParser('duration'),
+  },
+  threshold: {
+    env: 'PARSE_SERVER_ACCOUNT_LOCKOUT_THRESHOLD',
+    help: 'number of failed sign-in attempts that will cause a user account to be locked',
+    action: parsers.numberParser('threshold'),
+  },
+};
+module.exports.PasswordPolicyOptions = {
+  doNotAllowUsername: {
+    env: 'PARSE_SERVER_PASSWORD_POLICY_DO_NOT_ALLOW_USERNAME',
+    help: 'disallow username in passwords',
+    action: parsers.booleanParser,
+  },
+  maxPasswordAge: {
+    env: 'PARSE_SERVER_PASSWORD_POLICY_MAX_PASSWORD_AGE',
+    help: 'days for password expiry',
+    action: parsers.numberParser('maxPasswordAge'),
+  },
+  maxPasswordHistory: {
+    env: 'PARSE_SERVER_PASSWORD_POLICY_MAX_PASSWORD_HISTORY',
+    help: 'setting to prevent reuse of previous n passwords',
+    action: parsers.numberParser('maxPasswordHistory'),
+  },
+  resetTokenReuseIfValid: {
+    env: 'PARSE_SERVER_PASSWORD_POLICY_RESET_TOKEN_REUSE_IF_VALID',
+    help: "resend token if it's still valid",
+    action: parsers.booleanParser,
+  },
+  resetTokenValidityDuration: {
+    env: 'PARSE_SERVER_PASSWORD_POLICY_RESET_TOKEN_VALIDITY_DURATION',
+    help: 'time for token to expire',
+    action: parsers.numberParser('resetTokenValidityDuration'),
+  },
+  validatorCallback: {
+    env: 'PARSE_SERVER_PASSWORD_POLICY_VALIDATOR_CALLBACK',
+    help: 'a callback function to be invoked to validate the password',
+  },
+  validatorPattern: {
+    env: 'PARSE_SERVER_PASSWORD_POLICY_VALIDATOR_PATTERN',
+    help: 'a RegExp object or a regex string representing the pattern to enforce',
+  },
+};

src/Options/docs.js

@@ -1,6 +1,6 @@
 /**
  * @interface ParseServerOptions
- * @property {Any} accountLockout account lockout policy for failed login attempts
+ * @property {AccountLockoutOptions} accountLockout account lockout policy for failed login attempts
  * @property {Boolean} allowClientClassCreation Enable (or disable) client class creation, defaults to true
  * @property {Boolean} allowCustomObjectId Enable (or disable) custom objectId
  * @property {String[]} allowHeaders Add headers to Access-Control-Allow-Headers
@@ -23,7 +23,7 @@
  * @property {Boolean} directAccess Replace HTTP Interface when using JS SDK in current node runtime, defaults to false. Caution, this is an experimental feature that may not be appropriate for production.
  * @property {String} dotNetKey Key for Unity and .Net SDK
  * @property {Adapter<MailAdapter>} emailAdapter Adapter module for email sending
- * @property {Boolean} emailVerifyTokenReuseIfValid an existing password reset token should be reused when a password reset is requested
+ * @property {Boolean} emailVerifyTokenReuseIfValid an existing password reset token should be reused when resend verification is requested
  * @property {Number} emailVerifyTokenValidityDuration Email verification token validity duration, in seconds
  * @property {Boolean} enableAnonymousUsers Enable (or disable) anonymous users, defaults to true
  * @property {Boolean} enableExpressErrorHandler Enables the default express error handler for all errors
@@ -53,7 +53,7 @@
  * @property {String} mountPath Mount path for the server, defaults to /parse
  * @property {Boolean} mountPlayground Mounts the GraphQL Playground - never use this option in production
  * @property {Number} objectIdSize Sets the number of characters in generated object id's, default 10
- * @property {Any} passwordPolicy Password policy for enforcing password related rules
+ * @property {PasswordPolicyOptions} passwordPolicy Password policy for enforcing password related rules
  * @property {String} playgroundPath Mount path for the GraphQL Playground, defaults to /playground
  * @property {Number} port The port to run the ParseServer, defaults to 1337.
  * @property {Boolean} preserveFileName Enable (or disable) the addition of a unique hash to the file names
@@ -120,3 +120,20 @@
  * @property {String[]} paths An array of paths for which the feature should be enabled. The mount path must not be included, for example instead of `/parse/functions/myFunction` specifiy `functions/myFunction`. The entries are interpreted as regular expression, for example `functions/.*` matches all functions, `jobs/.*` matches all jobs, `classes/.*` matches all classes, `.*` matches all paths.
  * @property {Number} ttl The duration in seconds after which a request record is discarded from the database, defaults to 300s.
  */
+
+/**
+ * @interface AccountLockoutOptions
+ * @property {Number} duration number of minutes that a locked-out account remains locked out before automatically becoming unlocked.
+ * @property {Number} threshold number of failed sign-in attempts that will cause a user account to be locked
+ */
+
+/**
+ * @interface PasswordPolicyOptions
+ * @property {Boolean} doNotAllowUsername disallow username in passwords
+ * @property {Number} maxPasswordAge days for password expiry
+ * @property {Number} maxPasswordHistory setting to prevent reuse of previous n passwords
+ * @property {Boolean} resetTokenReuseIfValid resend token if it's still valid
+ * @property {Number} resetTokenValidityDuration time for token to expire
+ * @property {Function} validatorCallback a callback function to be invoked to validate the password
+ * @property {String} validatorPattern a RegExp object or a regex string representing the pattern to enforce
+ */

src/Options/index.js

@@ -128,9 +128,9 @@ export interface ParseServerOptions {
   :DEFAULT: false */
   emailVerifyTokenReuseIfValid: ?boolean;
   /* account lockout policy for failed login attempts */
-  accountLockout: ?any;
+  accountLockout: ?AccountLockoutOptions;
   /* Password policy for enforcing password related rules */
-  passwordPolicy: ?any;
+  passwordPolicy: ?PasswordPolicyOptions;
   /* Adapter module for the cache */
   cacheAdapter: ?Adapter<CacheAdapter>;
   /* Adapter module for email sending */
@@ -291,3 +291,27 @@ export interface IdempotencyOptions {
   :DEFAULT: 300 */
   ttl: ?number;
 }
+
+export interface AccountLockoutOptions {
+  /* number of minutes that a locked-out account remains locked out before automatically becoming unlocked. */
+  duration: ?number;
+  /* number of failed sign-in attempts that will cause a user account to be locked */
+  threshold: ?number;
+}
+
+export interface PasswordPolicyOptions {
+  /* a RegExp object or a regex string representing the pattern to enforce */
+  validatorPattern: ?string;
+  /* a callback function to be invoked to validate the password  */
+  validatorCallback: ?() => void;
+  /* disallow username in passwords */
+  doNotAllowUsername: ?boolean;
+  /* days for password expiry */
+  maxPasswordAge: ?number;
+  /* setting to prevent reuse of previous n passwords */
+  maxPasswordHistory: ?number;
+  /* time for token to expire */
+  resetTokenValidityDuration: ?number;
+  /* resend token if it's still valid */
+  resetTokenReuseIfValid: ?boolean;
+}