updated spec

Moumouls · Moumouls · commit 36e44b1a8f27 · 2020-12-17T18:38:02.000+01:00
diff --git a/spec/AuthenticationAdapters.spec.js b/spec/AuthenticationAdapters.spec.js
@@ -1788,12 +1788,12 @@ describe('Auth Adapter features', () => {
     },
   };
 
-  /*   const modernAdapter = {
+  const modernAdapter = {
     validateAppId: () => Promise.resolve(),
     validateSetUp: () => Promise.resolve(),
     validateUpdate: () => Promise.resolve(),
     validateLogin: () => Promise.resolve(),
-  }; */
+  };
 
   const headers = {
     'Content-Type': 'application/json',
@@ -1846,9 +1846,105 @@ describe('Auth Adapter features', () => {
     expect(secondCall[3].id).toEqual(user.id);
   });
 
-  xit('should trigger correctly validateSetUp');
-  xit('should trigger correctly validateLogin');
-  xit('should trigger correctly validateUpdate');
+  it('should trigger correctly validateSetUp', async () => {
+    spyOn(modernAdapter, 'validateSetUp').and.resolveTo({});
+    spyOn(modernAdapter, 'validateUpdate').and.resolveTo({});
+    spyOn(modernAdapter, 'validateLogin').and.resolveTo({});
+
+    await reconfigureServer({ auth: { modernAdapter } });
+    const user = new Parse.User();
+
+    await user.save({ authData: { modernAdapter: { id: 'modernAdapter' } } });
+
+    expect(modernAdapter.validateUpdate).toHaveBeenCalledTimes(0);
+    expect(modernAdapter.validateLogin).toHaveBeenCalledTimes(0);
+    expect(modernAdapter.validateSetUp).toHaveBeenCalledTimes(1);
+    const call = modernAdapter.validateSetUp.calls.argsFor(0);
+    expect(call[0]).toEqual({ id: 'modernAdapter' });
+    expect(call[1]).toEqual(modernAdapter);
+    expect(call[2].config).toBeDefined();
+    expect(call[2].auth).toBeDefined();
+    expect(call[2].config.headers).toBeDefined();
+    expect(call[3]).toBeUndefined();
+    expect(user.getSessionToken()).toBeDefined();
+  });
+  it('should trigger correctly validateLogin', async () => {
+    spyOn(modernAdapter, 'validateSetUp').and.resolveTo({});
+    spyOn(modernAdapter, 'validateUpdate').and.resolveTo({});
+    spyOn(modernAdapter, 'validateLogin').and.resolveTo({});
+
+    await reconfigureServer({ auth: { modernAdapter } });
+    const user = new Parse.User();
+
+    // Signup
+    await user.save({ authData: { modernAdapter: { id: 'modernAdapter' } } });
+
+    expect(modernAdapter.validateSetUp).toHaveBeenCalledTimes(1);
+    // Login
+    const user2 = new Parse.User();
+    await user2.save({ authData: { modernAdapter: { id: 'modernAdapter' } } });
+
+    expect(modernAdapter.validateUpdate).toHaveBeenCalledTimes(0);
+    expect(modernAdapter.validateSetUp).toHaveBeenCalledTimes(1);
+    expect(modernAdapter.validateLogin).toHaveBeenCalledTimes(1);
+    const call = modernAdapter.validateLogin.calls.argsFor(0);
+    expect(call[0]).toEqual({ id: 'modernAdapter' });
+    expect(call[1]).toEqual(modernAdapter);
+    expect(call[2].config).toBeDefined();
+    expect(call[2].auth).toBeDefined();
+    expect(call[2].config.headers).toBeDefined();
+    expect(call[3] instanceof Parse.User).toBeTruthy();
+    expect(call[3].id).toEqual(user2.id);
+    expect(call[3].id).toEqual(user.id);
+    expect(user2.getSessionToken()).toBeDefined();
+  });
+  it('should trigger correctly validateUpdate', async () => {
+    spyOn(modernAdapter, 'validateSetUp').and.resolveTo({});
+    spyOn(modernAdapter, 'validateUpdate').and.resolveTo({});
+    spyOn(modernAdapter, 'validateLogin').and.resolveTo({});
+
+    await reconfigureServer({ auth: { modernAdapter } });
+    const user = new Parse.User();
+
+    // Signup
+    await user.save({ authData: { modernAdapter: { id: 'modernAdapter' } } });
+    expect(modernAdapter.validateSetUp).toHaveBeenCalledTimes(1);
+
+    // Save same data
+    await user.save(
+      { authData: { modernAdapter: { id: 'modernAdapter' } } },
+      { sessionToken: user.getSessionToken() }
+    );
+
+    // Save same data with master key
+    await user.save(
+      { authData: { modernAdapter: { id: 'modernAdapter' } } },
+      { useMasterKey: true }
+    );
+
+    expect(modernAdapter.validateUpdate).toHaveBeenCalledTimes(0);
+    expect(modernAdapter.validateSetUp).toHaveBeenCalledTimes(1);
+    expect(modernAdapter.validateLogin).toHaveBeenCalledTimes(0);
+
+    // Change authData
+    await user.save(
+      { authData: { modernAdapter: { id: 'modernAdapter2' } } },
+      { sessionToken: user.getSessionToken() }
+    );
+
+    expect(modernAdapter.validateUpdate).toHaveBeenCalledTimes(1);
+    expect(modernAdapter.validateSetUp).toHaveBeenCalledTimes(1);
+    expect(modernAdapter.validateLogin).toHaveBeenCalledTimes(0);
+    const call = modernAdapter.validateUpdate.calls.argsFor(0);
+    expect(call[0]).toEqual({ id: 'modernAdapter2' });
+    expect(call[1]).toEqual(modernAdapter);
+    expect(call[2].config).toBeDefined();
+    expect(call[2].auth).toBeDefined();
+    expect(call[2].config.headers).toBeDefined();
+    expect(call[3] instanceof Parse.User).toBeTruthy();
+    expect(call[3].id).toEqual(user.id);
+    expect(user.getSessionToken()).toBeDefined();
+  });
   xit('should throw if no triggers found');
   it('should not update authData if provider return doNotSave', async () => {
     spyOn(doNotSaveAdapter, 'validateAuthData').and.resolveTo({ doNotSave: true });
@@ -1988,14 +2084,32 @@ describe('Auth Adapter features', () => {
     });
 
     const user2 = new Parse.User();
-    await user2.save({
+    user2.id = user.id;
+    await user2.save(
+      {
+        authData: {
+          baseAdapter: { id: 'baseAdapter' },
+          alwaysValidateAdapter: { test: true },
+        },
+      },
+      { sessionToken: user.getSessionToken() }
+    );
+
+    expect(user2.get('authDataResponse')).toEqual({ alwaysValidateAdapter: { someData2: true } });
+
+    const user3 = new Parse.User();
+    await user3.save({
       authData: {
         baseAdapter: { id: 'baseAdapter' },
         alwaysValidateAdapter: { test: true },
       },
     });
 
-    expect(user2.get('authDataResponse')).toEqual({ alwaysValidateAdapter: { someData2: true } });
+    // On logIn all authData are revalidated
+    expect(user3.get('authDataResponse')).toEqual({
+      baseAdapter: { someData: true },
+      alwaysValidateAdapter: { someData2: true },
+    });
 
     const userViaMasterKey = new Parse.User();
     userViaMasterKey.id = user2.id;
diff --git a/spec/ParseUser.spec.js b/spec/ParseUser.spec.js
@@ -1789,7 +1789,7 @@ describe('Parse.User testing', () => {
     });
   });
 
-  it('should allow login with old authData token', done => {
+  it('should not allow login with old authData token', async () => {
     const provider = {
       authData: {
         id: '12345',
@@ -1810,22 +1810,17 @@ describe('Parse.User testing', () => {
     };
     defaultConfiguration.auth.shortLivedAuth.setValidAccessToken('token');
     Parse.User._registerAuthenticationProvider(provider);
-    Parse.User._logInWith('shortLivedAuth', {})
-      .then(() => {
-        // Simulate a remotely expired token (like a short lived one)
-        // In this case, we want success as it was valid once.
-        // If the client needs an updated one, do lock the user out
-        defaultConfiguration.auth.shortLivedAuth.setValidAccessToken('otherToken');
-        return Parse.User._logInWith('shortLivedAuth', {});
-      })
-      .then(
-        () => {
-          done();
-        },
-        err => {
-          done.fail(err);
-        }
-      );
+    await Parse.User._logInWith('shortLivedAuth', {});
+    // Simulate a remotely expired token (like a short lived one)
+    // In this case, we want success as it was valid once.
+    // If the client needs an updated one, do lock the user out
+    defaultConfiguration.auth.shortLivedAuth.setValidAccessToken('otherToken');
+    try {
+      await Parse.User._logInWith('shortLivedAuth', {});
+      fail('should not authenticate');
+    } catch (e) {
+      expect(e).toBeDefined();
+    }
   });
 
   it('should allow PUT request with stale auth Data', done => {
diff --git a/src/Adapters/Auth/index.js b/src/Adapters/Auth/index.js
@@ -64,7 +64,7 @@ const providers = {
 
 function authDataValidator(provider, adapter, appIds, options) {
   return async function (authData, req, user) {
-    if (appIds) {
+    if (appIds && typeof adapter.validateAppId === 'function') {
       await adapter.validateAppId(appIds, authData, options, req, user);
     }
     if (typeof adapter.validateAuthData === 'function') {
@@ -130,22 +130,20 @@ function loadAuthAdapter(provider, authOptions) {
   if (providerOptions) {
     const optionalAdapter = loadAdapter(providerOptions, undefined, providerOptions);
     if (optionalAdapter) {
-      ['validateAuthData', 'validateAppId'].forEach(key => {
+      [
+        'validateAuthData',
+        'validateAppId',
+        'validateSetUp',
+        'validateLogin',
+        'validateUpdate',
+      ].forEach(key => {
         if (optionalAdapter[key]) {
           adapter[key] = optionalAdapter[key];
         }
       });
     }
   }
 
-  // TODO: create a new module from validateAdapter() in
-  // src/Controllers/AdaptableController.js so we can use it here for adapter
-  // validation based on the src/Adapters/Auth/AuthAdapter.js expected class
-  // signature.
-  if (!adapter.validateAuthData || !adapter.validateAppId) {
-    return;
-  }
-
   return { adapter, appIds, providerOptions };
 }
 
diff --git a/src/Auth.js b/src/Auth.js
@@ -425,7 +425,7 @@ const checkIfUserHasProvidedConfiguredProvidersForLogin = (
 };
 
 // Validate each authData step by step and return the provider responses
-const handleAuthDataValidation = (authData, req, foundUser) => {
+const handleAuthDataValidation = async (authData, req, foundUser) => {
   let user;
   if (foundUser) {
     user = Parse.User.fromJSON({ className: '_User', ...foundUser });
@@ -440,7 +440,7 @@ const handleAuthDataValidation = (authData, req, foundUser) => {
   ) {
     user = new Parse.User();
     user.id = req.auth.isMaster ? req.getUserId() : req.auth.user.id;
-    user.fetch({ useMasterKey: true });
+    await user.fetch({ useMasterKey: true });
   }
 
   // Perform validation as step by step pipeline
diff --git a/src/RestWrite.js b/src/RestWrite.js
@@ -527,20 +527,15 @@ RestWrite.prototype.handleAuthData = async function (authData) {
         );
       }
 
-      // We have authData that is updated on login
-      // that can happen when token are refreshed,
-      // We should update the token and let the user in
-      // We should only check the mutated keys
-      const { authData: validatedAuthData, authDataResponse } = await Auth.handleAuthDataValidation(
-        mutatedAuthData,
+      // Force to validate all provided authData on login
+      // on update only validate mutated ones
+      const res = await Auth.handleAuthDataValidation(
+        isLogin ? authData : mutatedAuthData,
         this,
         userResult
       );
-
-      // Replace current authData by the new validated one
-      this.data.authData = validatedAuthData;
-
-      this.authDataResponse = authDataResponse;
+      this.data.authData = res.authData;
+      this.authDataResponse = res.authDataResponse;
 
       // IF we are in login we'll skip the database operation / beforeSave / afterSave etc...
       // we need to set it up there.
@@ -558,7 +553,7 @@ RestWrite.prototype.handleAuthData = async function (authData) {
         await this.config.database.update(
           this.className,
           { objectId: this.data.objectId },
-          { authData: validatedAuthData },
+          { authData: this.data.authData },
           {}
         );
       }
