Merge branch 'alpha' into use-graphLookup

Author: dblythy

.eslintrc.json

@@ -25,5 +25,8 @@
         "space-infix-ops": "error",
         "no-useless-escape": "off",
         "require-atomic-updates": "off"
+    },
+    "globals": {
+        "Parse": true
     }
 }

changelogs/CHANGELOG_alpha.md

@@ -1,3 +1,24 @@
+# [6.3.0-alpha.6](https://github.com/parse-community/parse-server/compare/6.3.0-alpha.5...6.3.0-alpha.6) (2023-07-17)
+
+
+### Bug Fixes
+
+* Parse Server option `fileUpload.fileExtensions` does not work with an array of extensions ([#8688](https://github.com/parse-community/parse-server/issues/8688)) ([6a4a00c](https://github.com/parse-community/parse-server/commit/6a4a00ca7af1163ea74b047b85cd6817366b824b))
+
+# [6.3.0-alpha.5](https://github.com/parse-community/parse-server/compare/6.3.0-alpha.4...6.3.0-alpha.5) (2023-07-05)
+
+
+### Features
+
+* Add property `Parse.Server.version` to determine current version of Parse Server in Cloud Code ([#8670](https://github.com/parse-community/parse-server/issues/8670)) ([a9d376b](https://github.com/parse-community/parse-server/commit/a9d376b61f5b07806eafbda91c4e36c322f09298))
+
+# [6.3.0-alpha.4](https://github.com/parse-community/parse-server/compare/6.3.0-alpha.3...6.3.0-alpha.4) (2023-07-04)
+
+
+### Bug Fixes
+
+* Server does not start via CLI when `auth` option is set ([#8666](https://github.com/parse-community/parse-server/issues/8666)) ([4e2000b](https://github.com/parse-community/parse-server/commit/4e2000bc563324389584ace3c090a5c1a7796a64))
+
 # [6.3.0-alpha.3](https://github.com/parse-community/parse-server/compare/6.3.0-alpha.2...6.3.0-alpha.3) (2023-06-23)
 
 

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "parse-server",
-  "version": "6.3.0-alpha.3",
+  "version": "6.3.0-alpha.6",
   "description": "An express module providing a Parse-compatible API server",
   "main": "lib/index.js",
   "repository": {
@@ -48,7 +48,7 @@
     "mime": "3.0.0",
     "mongodb": "4.10.0",
     "mustache": "4.2.0",
-    "otpauth": "9.0.2",
+    "otpauth": "9.1.2",
     "parse": "4.1.0",
     "path-to-regexp": "6.2.1",
     "pg-monitor": "2.0.0",

package.json

@@ -2445,9 +2445,9 @@ describe('OTP TOTP auth adatper', () => {
     const response = user.get('authDataResponse');
     expect(response.mfa).toBeDefined();
     expect(response.mfa.recovery).toBeDefined();
-    expect(response.mfa.recovery.length).toEqual(2);
+    expect(response.mfa.recovery.split(',').length).toEqual(2);
     await user.fetch();
-    expect(user.get('authData').mfa).toEqual({ enabled: true });
+    expect(user.get('authData').mfa).toEqual({ status: 'enabled' });
   });
 
   it('can login with valid token', async () => {
@@ -2473,13 +2473,15 @@ describe('OTP TOTP auth adatper', () => {
         username: 'username',
         password: 'password',
         authData: {
-          mfa: totp.generate(),
+          mfa: {
+            token: totp.generate(),
+          },
         },
       }),
     }).then(res => res.data);
     expect(response.objectId).toEqual(user.id);
     expect(response.sessionToken).toBeDefined();
-    expect(response.authData).toEqual({ mfa: { enabled: true } });
+    expect(response.authData).toEqual({ mfa: { status: 'enabled' } });
     expect(Object.keys(response).sort()).toEqual(
       [
         'objectId',
@@ -2528,6 +2530,42 @@ describe('OTP TOTP auth adatper', () => {
     expect(user.get('authData').mfa.secret).toEqual(new_secret.base32);
   });
 
+  it('cannot change OTP with invalid token', async () => {
+    const user = await Parse.User.signUp('username', 'password');
+    const OTPAuth = require('otpauth');
+    const secret = new OTPAuth.Secret();
+    const totp = new OTPAuth.TOTP({
+      algorithm: 'SHA1',
+      digits: 6,
+      period: 30,
+      secret,
+    });
+    const token = totp.generate();
+    await user.save(
+      { authData: { mfa: { secret: secret.base32, token } } },
+      { sessionToken: user.getSessionToken() }
+    );
+
+    const new_secret = new OTPAuth.Secret();
+    const new_totp = new OTPAuth.TOTP({
+      algorithm: 'SHA1',
+      digits: 6,
+      period: 30,
+      secret: new_secret,
+    });
+    const new_token = new_totp.generate();
+    await expectAsync(
+      user.save(
+        {
+          authData: { mfa: { secret: new_secret.base32, token: new_token, old: '123' } },
+        },
+        { sessionToken: user.getSessionToken() }
+      )
+    ).toBeRejectedWith(new Parse.Error(Parse.Error.OTHER_CAUSE, 'Invalid MFA token'));
+    await user.fetch({ useMasterKey: true });
+    expect(user.get('authData').mfa.secret).toEqual(secret.base32);
+  });
+
   it('future logins require TOTP token', async () => {
     const user = await Parse.User.signUp('username', 'password');
     const OTPAuth = require('otpauth');
@@ -2572,7 +2610,9 @@ describe('OTP TOTP auth adatper', () => {
           username: 'username',
           password: 'password',
           authData: {
-            mfa: 'abcd',
+            mfa: {
+              token: 'abcd',
+            },
           },
         }),
       }).catch(e => {
@@ -2619,7 +2659,7 @@ describe('OTP SMS auth adatper', () => {
     const spy = spyOn(mfa, 'sendSMS').and.callThrough();
     await user.save({ authData: { mfa: { mobile: '+11111111111' } } }, { sessionToken });
     await user.fetch({ sessionToken });
-    expect(user.get('authData')).toEqual({ mfa: { enabled: false } });
+    expect(user.get('authData')).toEqual({ mfa: { status: 'disabled' } });
     expect(spy).toHaveBeenCalledWith(code, '+11111111111');
     await user.fetch({ useMasterKey: true });
     const authData = user.get('authData').mfa?.pending;
@@ -2629,7 +2669,7 @@ describe('OTP SMS auth adatper', () => {
 
     await user.save({ authData: { mfa: { mobile, token: code } } }, { sessionToken });
     await user.fetch({ sessionToken });
-    expect(user.get('authData')).toEqual({ mfa: { enabled: true } });
+    expect(user.get('authData')).toEqual({ mfa: { status: 'enabled' } });
   });
 
   it('future logins require SMS code', async () => {
@@ -2658,7 +2698,9 @@ describe('OTP SMS auth adatper', () => {
         username: 'username',
         password: 'password',
         authData: {
-          mfa: true,
+          mfa: {
+            token: 'request',
+          },
         },
       }),
     }).catch(e => e.data);
@@ -2672,13 +2714,15 @@ describe('OTP SMS auth adatper', () => {
         username: 'username',
         password: 'password',
         authData: {
-          mfa: code,
+          mfa: {
+            token: code,
+          },
         },
       }),
     }).then(res => res.data);
     expect(response.objectId).toEqual(user.id);
     expect(response.sessionToken).toBeDefined();
-    expect(response.authData).toEqual({ mfa: { enabled: true } });
+    expect(response.authData).toEqual({ mfa: { status: 'enabled' } });
     expect(Object.keys(response).sort()).toEqual(
       [
         'objectId',

spec/AuthenticationAdapters.spec.js

@@ -302,4 +302,25 @@ describe('execution', () => {
       done.fail(data.toString());
     });
   });
+
+  it('can start Parse Server with auth via CLI', done => {
+    const env = { ...process.env };
+    env.NODE_OPTIONS = '--dns-result-order=ipv4first';
+    childProcess = spawn(
+      binPath,
+      ['--databaseURI', databaseURI, './spec/configs/CLIConfigAuth.json'],
+      { env }
+    );
+    childProcess.stdout.on('data', data => {
+      data = data.toString();
+      console.log(data);
+      if (data.includes('parse-server running on')) {
+        done();
+      }
+    });
+    childProcess.stderr.on('data', data => {
+      data = data.toString();
+      done.fail(data.toString());
+    });
+  });
 });

spec/CLI.spec.js

@@ -103,6 +103,14 @@ describe('Cloud Code', () => {
     expect(currentConfig.silent).toBeFalse();
   });
 
+  it('can get curent version', () => {
+    const version = require('../package.json').version;
+    const currentConfig = Config.get('test');
+    expect(Parse.Server.version).toBeDefined();
+    expect(currentConfig.version).toBeDefined();
+    expect(Parse.Server.version).toEqual(version);
+  });
+
   it('show warning on duplicate cloud functions', done => {
     const logger = require('../lib/logger').logger;
     spyOn(logger, 'warn').and.callFake(() => {});

spec/CloudCode.spec.js

@@ -554,7 +554,7 @@ describe('DefinedSchemas', () => {
     });
   });
 
-  it('should not delete automatically classes', async () => {
+  it('should not delete classes automatically', async () => {
     await reconfigureServer({
       schema: { definitions: [{ className: '_User' }, { className: 'Test' }] },
     });

spec/DefinedSchemas.spec.js

@@ -1368,7 +1368,7 @@ describe('Parse.File testing', () => {
       await reconfigureServer({
         fileUpload: {
           enableForPublic: true,
-          fileExtensions: ['jpg'],
+          fileExtensions: ['jpg', 'wav'],
         },
       });
       await expectAsync(
@@ -1387,6 +1387,30 @@ describe('Parse.File testing', () => {
       ).toBeRejectedWith(
         new Parse.Error(Parse.Error.FILE_SAVE_ERROR, `File upload of extension html is disabled.`)
       );
+      await expectAsync(
+        request({
+          method: 'POST',
+          url: 'http://localhost:8378/1/files/file',
+          body: JSON.stringify({
+            _ApplicationId: 'test',
+            _JavaScriptKey: 'test',
+            _ContentType: 'image/jpg',
+            base64: 'PGh0bWw+PC9odG1sPgo=',
+          }),
+        })
+      ).toBeResolved();
+      await expectAsync(
+        request({
+          method: 'POST',
+          url: 'http://localhost:8378/1/files/file',
+          body: JSON.stringify({
+            _ApplicationId: 'test',
+            _JavaScriptKey: 'test',
+            _ContentType: 'audio/wav',
+            base64: 'UklGRigAAABXQVZFZm10IBIAAAABAAEARKwAAIhYAQACABAAAABkYXRhAgAAAAEA',
+          }),
+        })
+      ).toBeResolved();
     });
 
     it('works with array without Content-Type', async () => {

spec/ParseFile.spec.js

@@ -0,0 +1,11 @@
+{
+  "appName": "test",
+  "appId": "test",
+  "masterKey": "test",
+  "logLevel": "error",
+  "auth": {
+    "facebook": {
+      "appIds": "test"
+    }
+  }
+}